Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/0f1b8f-1d47-42f0-a050-5a114ef9b2aa/1/hmmyl03UKDWRE76S01tPKWrS7PE.roa
File:                     hmmyl03UKDWRE76S01tPKWrS7PE.roa (raw, json)
Hash identifier:          WHEwRnvQQvkVCS2Ywio6GZ45rLY68/Jb8HQhlja1xeM=
Subject key identifier:   86:69:B2:97:4D:D4:28:35:91:13:BE:92:D3:5B:4F:29:6A:D2:EC:F1
Certificate issuer:       /CN=512e27be891b19eca9bceb53e4dc237c5a355697
Certificate serial:       018CC50130F2AE65DCD2EA09142CA68ECE80
Authority key identifier: 51:2E:27:BE:89:1B:19:EC:A9:BC:EB:53:E4:DC:23:7C:5A:35:56:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/US4nvokbGeypvOtT5NwjfFo1Vpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/0f1b8f-1d47-42f0-a050-5a114ef9b2aa/1/hmmyl03UKDWRE76S01tPKWrS7PE.roa
Signing time:             Mon 01 Jan 2024 12:30:38 +0000
ROA not before:           Mon 01 Jan 2024 12:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48772
IP address blocks:        91.223.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/0f1b8f-1d47-42f0-a050-5a114ef9b2aa/1/US4nvokbGeypvOtT5NwjfFo1Vpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/0f1b8f-1d47-42f0-a050-5a114ef9b2aa/1/US4nvokbGeypvOtT5NwjfFo1Vpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/US4nvokbGeypvOtT5NwjfFo1Vpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 09:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:30:f2:ae:65:dc:d2:ea:09:14:2c:a6:8e:ce:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=512e27be891b19eca9bceb53e4dc237c5a355697
        Validity
            Not Before: Jan  1 12:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8669b2974dd428359113be92d35b4f296ad2ecf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:35:74:77:49:2e:31:c2:c2:9b:7f:3f:f0:3c:
                    32:df:8b:5b:cd:cc:c7:f5:b2:f4:9f:4d:73:35:60:
                    f5:e0:03:04:d0:b9:08:78:94:99:aa:59:a0:99:0e:
                    a9:4d:41:fb:a0:16:4d:ef:af:3c:7a:4d:d2:bb:c7:
                    76:3d:d2:27:bc:5f:66:58:08:e9:b6:70:28:bc:7a:
                    69:5e:04:3d:62:a6:09:3e:7d:48:ed:d0:e6:58:bb:
                    e9:6e:72:62:b0:e2:c6:2e:d0:0f:89:c7:16:4d:c1:
                    03:30:85:72:dd:7e:8b:c8:2d:10:d0:a5:b3:ee:68:
                    e9:46:ef:c7:f3:24:0a:9b:80:29:68:5f:c3:c0:4f:
                    62:08:8b:01:89:f7:03:6e:f6:6a:1d:66:fc:69:c1:
                    0d:21:c7:ed:01:b9:b5:c0:44:0e:a0:90:dc:47:15:
                    40:62:e3:0c:fa:2f:bf:3a:ea:dc:ae:48:d1:b2:c9:
                    85:66:f3:2a:47:b4:75:5f:44:f1:30:7a:b6:72:75:
                    ac:12:f6:22:c1:16:f5:8b:6a:c7:ab:ad:df:55:ac:
                    b3:6c:23:80:18:82:f7:99:04:a5:ed:ab:44:db:da:
                    c5:3b:0a:17:65:4b:55:ad:c8:00:64:cd:fe:95:37:
                    e0:be:f9:1c:02:9f:9d:c2:b8:5a:31:b8:65:a3:e3:
                    d7:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:69:B2:97:4D:D4:28:35:91:13:BE:92:D3:5B:4F:29:6A:D2:EC:F1
            X509v3 Authority Key Identifier:
                keyid:51:2E:27:BE:89:1B:19:EC:A9:BC:EB:53:E4:DC:23:7C:5A:35:56:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/US4nvokbGeypvOtT5NwjfFo1Vpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/0f1b8f-1d47-42f0-a050-5a114ef9b2aa/1/hmmyl03UKDWRE76S01tPKWrS7PE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/0f1b8f-1d47-42f0-a050-5a114ef9b2aa/1/US4nvokbGeypvOtT5NwjfFo1Vpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:3d:75:8b:92:4a:63:d5:ad:60:df:d7:0c:04:fb:ee:8b:be:
         1e:96:a2:6d:c2:c0:7a:47:49:f4:a6:a8:f5:46:df:5d:5d:2d:
         5f:f1:0e:68:9f:f9:d1:d1:35:73:37:0a:2b:65:11:d9:fb:13:
         d0:5f:f3:db:3d:fe:40:f1:7e:82:8f:6e:d8:e6:cc:19:d5:9b:
         90:32:63:53:18:8f:2a:bd:76:75:2c:07:19:18:53:79:30:5d:
         e1:ad:8d:d9:2c:2a:64:87:75:7f:6b:a3:da:f3:66:bb:10:3d:
         65:9a:67:d7:c1:65:5e:4b:5d:2d:06:10:90:99:2d:60:a9:71:
         3f:61:8f:5f:bf:84:84:ff:12:e3:f0:09:3b:1a:a3:ff:a8:f5:
         90:df:1d:93:aa:17:68:e1:9e:8b:39:a2:f8:e4:fc:50:47:fb:
         dd:b8:e6:e2:fc:a2:db:ed:ef:4e:9c:54:73:74:86:31:2d:81:
         87:a8:3d:86:6d:16:ae:e7:45:d7:b9:c1:72:27:e1:35:6e:68:
         c4:bf:30:e1:65:3a:7a:98:17:a0:32:26:ec:c3:09:ae:9b:65:
         4c:60:ab:18:ec:4d:be:ff:51:a8:6e:84:3f:b7:11:44:b5:07:
         10:70:d6:d2:b0:d7:1c:b9:71:21:3a:53:f4:f9:5a:02:3b:56:
         fe:e7:8f:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATDyrmXc0uoJFCymjs6AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMmUyN2JlODkxYjE5ZWNhOWJjZWI1M2U0ZGMyMzdjNWEz
NTU2OTcwHhcNMjQwMTAxMTIzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjY5YjI5NzRkZDQyODM1OTExM2JlOTJkMzViNGYyOTZhZDJlY2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTV0d0kuMcLCm38/8Dwy34tbzczH
9bL0n01zNWD14AME0LkIeJSZqlmgmQ6pTUH7oBZN7688ek3Su8d2PdInvF9mWAjp
tnAovHppXgQ9YqYJPn1I7dDmWLvpbnJisOLGLtAPiccWTcEDMIVy3X6LyC0Q0KWz
7mjpRu/H8yQKm4ApaF/DwE9iCIsBifcDbvZqHWb8acENIcftAbm1wEQOoJDcRxVA
YuMM+i+/OurcrkjRssmFZvMqR7R1X0TxMHq2cnWsEvYiwRb1i2rHq63fVayzbCOA
GIL3mQSl7atE29rFOwoXZUtVrcgAZM3+lTfgvvkcAp+dwrhaMbhlo+PX0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZpspdN1Cg1kRO+ktNbTylq0uzxMB8GA1UdIwQY
MBaAFFEuJ76JGxnsqbzrU+TcI3xaNVaXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVM0bnZva2JHZXlwdk90VDVOd2pmRm8xVnBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8wZjFiOGYtMWQ0Ny00MmYwLWEwNTAt
NWExMTRlZjliMmFhLzEvaG1teWwwM1VLRFdSRTc2UzAxdFBLV3JTN1BFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8wZjFiOGYtMWQ0Ny00MmYwLWEwNTAtNWExMTRlZjliMmFh
LzEvVVM0bnZva2JHZXlwdk90VDVOd2pmRm8xVnBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW98xMA0G
CSqGSIb3DQEBCwUAA4IBAQBHPXWLkkpj1a1g39cMBPvui74elqJtwsB6R0n0pqj1
Rt9dXS1f8Q5on/nR0TVzNworZRHZ+xPQX/PbPf5A8X6Cj27Y5swZ1ZuQMmNTGI8q
vXZ1LAcZGFN5MF3hrY3ZLCpkh3V/a6Pa82a7ED1lmmfXwWVeS10tBhCQmS1gqXE/
YY9fv4SE/xLj8Ak7GqP/qPWQ3x2Tqhdo4Z6LOaL45PxQR/vduObi/KLb7e9OnFRz
dIYxLYGHqD2GbRau50XXucFyJ+E1bmjEvzDhZTp6mBegMibswwmum2VMYKsY7E2+
/1GoboQ/txFEtQcQcNbSsNccuXEhOlP0+VoCO1b+548y
-----END CERTIFICATE-----