Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/642eb2-3fb9-4f0e-baf4-8cd79527e530/1/MDEQKKHcZHICf9dDkngIkD98fk8.roa
File:                     MDEQKKHcZHICf9dDkngIkD98fk8.roa (raw, json)
Hash identifier:          CUH9BOH8gaG7TDcSsdo+6SQK/kWQmIxzzf2UKdhj3Tg=
Subject key identifier:   30:31:10:28:A1:DC:64:72:02:7F:D7:43:92:78:08:90:3F:7C:7E:4F
Certificate issuer:       /CN=b8951c8514b7dd21b333abb33caca3c4dae9d709
Certificate serial:       019424453A24A158C72D3156734ADE4B7B41
Authority key identifier: B8:95:1C:85:14:B7:DD:21:B3:33:AB:B3:3C:AC:A3:C4:DA:E9:D7:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uJUchRS33SGzM6uzPKyjxNrp1wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/642eb2-3fb9-4f0e-baf4-8cd79527e530/1/MDEQKKHcZHICf9dDkngIkD98fk8.roa
Signing time:             Wed 01 Jan 2025 23:48:24 +0000
ROA not before:           Wed 01 Jan 2025 23:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28685
IP address blocks:        91.221.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/642eb2-3fb9-4f0e-baf4-8cd79527e530/1/uJUchRS33SGzM6uzPKyjxNrp1wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/642eb2-3fb9-4f0e-baf4-8cd79527e530/1/uJUchRS33SGzM6uzPKyjxNrp1wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uJUchRS33SGzM6uzPKyjxNrp1wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:3a:24:a1:58:c7:2d:31:56:73:4a:de:4b:7b:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8951c8514b7dd21b333abb33caca3c4dae9d709
        Validity
            Not Before: Jan  1 23:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30311028a1dc6472027fd743927808903f7c7e4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:29:91:9a:8d:7a:23:e5:10:7f:4a:a2:32:a8:
                    58:c9:19:5b:06:ef:31:14:b4:36:17:f6:24:ad:87:
                    a6:7f:6a:aa:17:1a:c9:09:c6:12:17:21:0a:32:0a:
                    50:53:18:f0:04:81:2b:58:18:a0:e2:43:e3:9f:d5:
                    5a:5d:c0:2c:49:00:72:e3:46:a7:ba:54:52:2d:7c:
                    20:d9:ec:fc:af:e3:2c:70:31:13:44:5b:53:c3:21:
                    14:39:b2:09:50:e8:bd:f0:e3:5e:86:2d:5e:06:4c:
                    5f:5e:c2:e7:ea:2c:47:65:c1:cd:00:25:fc:ca:45:
                    f1:4f:4e:5c:db:28:05:e2:63:06:de:ae:cd:6f:f9:
                    9b:65:78:e8:19:bf:cb:f9:18:08:c9:90:48:42:13:
                    28:68:0c:1f:86:45:43:04:92:ef:21:ac:1a:61:11:
                    19:1b:ff:68:91:1f:51:32:5c:ba:1f:d3:d0:42:58:
                    67:78:93:a1:2c:6d:df:89:d2:9a:00:e8:dc:0d:5c:
                    57:55:f4:40:3c:dc:cc:43:8e:41:eb:b9:55:bd:81:
                    27:96:d1:cc:d1:c8:e4:8f:1b:0f:fc:f0:f7:cb:1b:
                    d1:b0:7f:65:69:52:86:13:30:6d:0a:59:f7:75:78:
                    6e:c0:da:cf:84:65:1d:2e:99:e3:1b:25:fc:15:fd:
                    10:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:31:10:28:A1:DC:64:72:02:7F:D7:43:92:78:08:90:3F:7C:7E:4F
            X509v3 Authority Key Identifier:
                keyid:B8:95:1C:85:14:B7:DD:21:B3:33:AB:B3:3C:AC:A3:C4:DA:E9:D7:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uJUchRS33SGzM6uzPKyjxNrp1wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/642eb2-3fb9-4f0e-baf4-8cd79527e530/1/MDEQKKHcZHICf9dDkngIkD98fk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/642eb2-3fb9-4f0e-baf4-8cd79527e530/1/uJUchRS33SGzM6uzPKyjxNrp1wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:2c:fa:01:02:4e:7f:ff:f0:ca:13:17:c0:e9:25:fc:5b:db:
         30:7c:34:df:68:ac:9b:96:2c:b6:b8:82:fa:c9:79:f6:7f:79:
         74:02:13:99:49:57:3d:1f:b5:64:13:c4:c4:a4:47:07:6f:7f:
         40:82:bb:33:6f:66:5c:24:33:0d:85:ca:68:99:03:f1:c0:6b:
         5a:7b:8b:42:23:cd:93:4c:8e:e6:35:f7:a3:3a:b2:ca:df:2f:
         39:80:e4:71:ea:92:d0:90:6a:e6:22:c8:7d:a7:90:ac:23:47:
         92:0b:6a:a4:49:17:ad:03:8e:0f:a3:13:90:4f:e2:d6:59:92:
         8b:65:0d:48:89:e2:ce:62:de:62:40:76:29:6a:55:df:43:5c:
         b8:af:83:17:26:52:1f:08:05:73:7b:37:2e:32:0f:ec:b2:b2:
         5e:f0:ee:01:56:ed:a8:d1:ef:1e:8a:0f:76:65:e9:ee:19:cc:
         ec:fc:7d:5f:13:e1:c8:9f:6d:1a:93:b2:14:c6:80:f2:ec:e2:
         1a:1b:2b:d8:60:fd:5a:ae:e1:7e:4d:12:c5:f1:47:30:fe:31:
         0c:cc:78:cf:67:e9:05:a7:57:3a:9a:20:de:d6:1a:a4:a0:19:
         0f:08:8f:43:c5:93:0d:29:0b:3d:c1:04:d4:7c:79:eb:ae:1a:
         9a:e0:0c:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRTokoVjHLTFWc0reS3tBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4OTUxYzg1MTRiN2RkMjFiMzMzYWJiMzNjYWNhM2M0ZGFl
OWQ3MDkwHhcNMjUwMTAxMjM0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDMxMTAyOGExZGM2NDcyMDI3ZmQ3NDM5Mjc4MDg5MDNmN2M3ZTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjymRmo16I+UQf0qiMqhYyRlbBu8x
FLQ2F/YkrYemf2qqFxrJCcYSFyEKMgpQUxjwBIErWBig4kPjn9VaXcAsSQBy40an
ulRSLXwg2ez8r+MscDETRFtTwyEUObIJUOi98ONehi1eBkxfXsLn6ixHZcHNACX8
ykXxT05c2ygF4mMG3q7Nb/mbZXjoGb/L+RgIyZBIQhMoaAwfhkVDBJLvIawaYREZ
G/9okR9RMly6H9PQQlhneJOhLG3fidKaAOjcDVxXVfRAPNzMQ45B67lVvYEnltHM
0cjkjxsP/PD3yxvRsH9laVKGEzBtCln3dXhuwNrPhGUdLpnjGyX8Ff0QkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAxECih3GRyAn/XQ5J4CJA/fH5PMB8GA1UdIwQY
MBaAFLiVHIUUt90hszOrszyso8Ta6dcJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUpVY2hSUzMzU0d6TTZ1elBLeWp4TnJwMXdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82NDJlYjItM2ZiOS00ZjBlLWJhZjQt
OGNkNzk1MjdlNTMwLzEvTURFUUtLSGNaSElDZjlkRGtuZ0lrRDk4Zms4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82NDJlYjItM2ZiOS00ZjBlLWJhZjQtOGNkNzk1MjdlNTMw
LzEvdUpVY2hSUzMzU0d6TTZ1elBLeWp4TnJwMXdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW92hMA0G
CSqGSIb3DQEBCwUAA4IBAQCgLPoBAk5///DKExfA6SX8W9swfDTfaKybliy2uIL6
yXn2f3l0AhOZSVc9H7VkE8TEpEcHb39Agrszb2ZcJDMNhcpomQPxwGtae4tCI82T
TI7mNfejOrLK3y85gORx6pLQkGrmIsh9p5CsI0eSC2qkSRetA44PoxOQT+LWWZKL
ZQ1IieLOYt5iQHYpalXfQ1y4r4MXJlIfCAVzezcuMg/ssrJe8O4BVu2o0e8eig92
ZenuGczs/H1fE+HIn20ak7IUxoDy7OIaGyvYYP1aruF+TRLF8Ucw/jEMzHjPZ+kF
p1c6miDe1hqkoBkPCI9DxZMNKQs9wQTUfHnrrhqa4Az8
-----END CERTIFICATE-----