Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/MkKVOXCZIKUe3Ycj5g2Trx0qeHY.roa
File:                     MkKVOXCZIKUe3Ycj5g2Trx0qeHY.roa (raw, json)
Hash identifier:          JNdubbHUeYIrEsmaXWxUmXYya/MYFs/xGqqnem701sQ=
Subject key identifier:   32:42:95:39:70:99:20:A5:1E:DD:87:23:E6:0D:93:AF:1D:2A:78:76
Certificate issuer:       /CN=21e86ff9973c93abe6398f031966c29d75a3ba86
Certificate serial:       018CC794236CDCDF303BE762492CA9DCF15A
Authority key identifier: 21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/MkKVOXCZIKUe3Ycj5g2Trx0qeHY.roa
Signing time:             Tue 02 Jan 2024 00:30:23 +0000
ROA not before:           Tue 02 Jan 2024 00:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197612
IP address blocks:        91.225.248.0/24 maxlen: 24
                          91.225.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:23:6c:dc:df:30:3b:e7:62:49:2c:a9:dc:f1:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21e86ff9973c93abe6398f031966c29d75a3ba86
        Validity
            Not Before: Jan  2 00:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32429539709920a51edd8723e60d93af1d2a7876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:2f:65:12:0a:ef:55:0e:dc:b0:be:4c:22:45:
                    07:56:94:78:0a:f8:f9:d0:df:23:2f:f6:79:90:24:
                    36:8b:a5:76:77:80:b6:4d:56:65:6a:ac:fe:3b:f5:
                    80:a7:c1:ee:6c:1d:de:07:c1:2f:01:ce:06:0f:c3:
                    ad:5a:6d:1f:eb:50:18:6b:05:d2:c8:41:b6:ab:91:
                    a7:15:d0:cb:34:24:fa:f3:d6:84:d2:47:9e:68:8f:
                    5a:56:01:29:c4:da:36:57:fa:3c:55:30:bb:43:75:
                    2c:f9:87:88:f8:13:eb:f1:b2:cb:35:8d:ff:a3:40:
                    8b:bc:8c:93:81:25:46:f9:38:2a:fa:79:19:7e:15:
                    1c:03:fc:09:20:1b:00:9b:e3:37:98:f4:95:e4:1f:
                    82:3e:cd:32:a2:54:43:03:de:59:a5:84:ca:34:72:
                    f8:59:a4:b7:af:75:16:47:7a:65:3b:d0:bf:1a:46:
                    3c:65:c5:94:5e:4d:67:71:06:87:0e:90:be:0f:96:
                    f5:04:07:1f:f2:3e:2e:98:4f:8e:68:ce:83:67:ef:
                    da:95:20:87:b1:8a:f2:c3:eb:8d:bb:2c:ff:80:fe:
                    73:fc:dd:96:ea:e5:1c:55:d3:04:c0:c4:be:fe:26:
                    ea:09:f9:c6:68:c0:ee:61:f6:e0:38:4d:0a:90:8f:
                    ac:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:42:95:39:70:99:20:A5:1E:DD:87:23:E6:0D:93:AF:1D:2A:78:76
            X509v3 Authority Key Identifier:
                keyid:21:E8:6F:F9:97:3C:93:AB:E6:39:8F:03:19:66:C2:9D:75:A3:BA:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/MkKVOXCZIKUe3Ycj5g2Trx0qeHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/2f6dd0-b76f-47d5-a4ab-32feeb566ee6/1/Iehv-Zc8k6vmOY8DGWbCnXWjuoY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:df:61:c9:99:2c:9c:42:92:5a:ec:c6:aa:91:6b:0e:c2:87:
         7b:d5:e8:ee:c6:70:ee:f1:b5:37:d4:f3:c2:02:7b:ba:c3:e6:
         1b:2c:71:03:52:b1:47:78:a8:e6:e7:9f:cd:a2:a4:41:a4:f2:
         e9:19:bf:74:4e:3f:f6:f4:eb:0a:a3:2c:ec:8e:5d:75:4a:10:
         d1:26:66:7c:01:5a:9d:7d:a5:53:1b:7f:3a:31:1a:be:90:ab:
         a7:06:77:7b:db:0b:18:b8:79:89:b9:db:59:94:4b:7d:dc:15:
         db:ca:59:23:db:23:71:a6:63:9f:e0:1b:03:f2:f7:b0:c6:8c:
         20:76:f0:7e:6d:b1:27:32:b3:50:19:38:35:74:60:2b:5a:20:
         83:0d:32:1a:fa:05:8b:e8:86:86:bf:d6:86:e0:8a:3d:71:c9:
         c9:85:95:97:85:0e:29:61:1b:65:7c:79:91:c1:25:20:d7:ac:
         f6:30:e6:6b:e0:b5:a0:d3:cc:c0:4d:aa:52:5e:12:f3:4b:7a:
         b4:e7:64:42:bd:2f:60:af:7e:8d:51:00:79:2e:69:da:03:09:
         30:c5:51:4f:6f:72:84:ca:34:90:4a:7f:80:41:79:17:74:88:
         d7:1b:d6:ac:e7:50:0d:26:35:b3:10:96:e8:93:d6:f8:b3:55:
         b0:b7:7a:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlCNs3N8wO+diSSyp3PFaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxZTg2ZmY5OTczYzkzYWJlNjM5OGYwMzE5NjZjMjlkNzVh
M2JhODYwHhcNMjQwMTAyMDAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjQyOTUzOTcwOTkyMGE1MWVkZDg3MjNlNjBkOTNhZjFkMmE3ODc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiy9lEgrvVQ7csL5MIkUHVpR4Cvj5
0N8jL/Z5kCQ2i6V2d4C2TVZlaqz+O/WAp8HubB3eB8EvAc4GD8OtWm0f61AYawXS
yEG2q5GnFdDLNCT689aE0keeaI9aVgEpxNo2V/o8VTC7Q3Us+YeI+BPr8bLLNY3/
o0CLvIyTgSVG+Tgq+nkZfhUcA/wJIBsAm+M3mPSV5B+CPs0yolRDA95ZpYTKNHL4
WaS3r3UWR3plO9C/GkY8ZcWUXk1ncQaHDpC+D5b1BAcf8j4umE+OaM6DZ+/alSCH
sYryw+uNuyz/gP5z/N2W6uUcVdMEwMS+/ibqCfnGaMDuYfbgOE0KkI+snwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJClTlwmSClHt2HI+YNk68dKnh2MB8GA1UdIwQY
MBaAFCHob/mXPJOr5jmPAxlmwp11o7qGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWVodi1aYzhrNnZtT1k4REdXYkNuWFdqdW9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi8yZjZkZDAtYjc2Zi00N2Q1LWE0YWIt
MzJmZWViNTY2ZWU2LzEvTWtLVk9YQ1pJS1VlM1ljajVnMlRyeDBxZUhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi8yZjZkZDAtYjc2Zi00N2Q1LWE0YWItMzJmZWViNTY2ZWU2
LzEvSWVodi1aYzhrNnZtT1k4REdXYkNuWFdqdW9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+H4MA0G
CSqGSIb3DQEBCwUAA4IBAQBX32HJmSycQpJa7MaqkWsOwod71ejuxnDu8bU31PPC
Anu6w+YbLHEDUrFHeKjm55/NoqRBpPLpGb90Tj/29OsKoyzsjl11ShDRJmZ8AVqd
faVTG386MRq+kKunBnd72wsYuHmJudtZlEt93BXbylkj2yNxpmOf4BsD8vewxowg
dvB+bbEnMrNQGTg1dGArWiCDDTIa+gWL6IaGv9aG4Io9ccnJhZWXhQ4pYRtlfHmR
wSUg16z2MOZr4LWg08zATapSXhLzS3q052RCvS9gr36NUQB5LmnaAwkwxVFPb3KE
yjSQSn+AQXkXdIjXG9as51ANJjWzEJbok9b4s1Wwt3rC
-----END CERTIFICATE-----