Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/8866bb-2eb7-4288-a82c-5559ac410ace/1/NoirTMocfMUxRX4SSF3NnN1MXMg.roa
File:                     NoirTMocfMUxRX4SSF3NnN1MXMg.roa (raw, json)
Hash identifier:          k1dgXUxG201nPT5HWgsPlWuxupL/o/GsnkXTowkj8SY=
Subject key identifier:   36:88:AB:4C:CA:1C:7C:C5:31:45:7E:12:48:5D:CD:9C:DD:4C:5C:C8
Certificate issuer:       /CN=f31d1c05abd714c67c3291e010d21c70a35dd57e
Certificate serial:       01941FFA2A4EA05FEB13FEFF1CB224AFE060
Authority key identifier: F3:1D:1C:05:AB:D7:14:C6:7C:32:91:E0:10:D2:1C:70:A3:5D:D5:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8x0cBavXFMZ8MpHgENIccKNd1X4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/8866bb-2eb7-4288-a82c-5559ac410ace/1/NoirTMocfMUxRX4SSF3NnN1MXMg.roa
Signing time:             Wed 01 Jan 2025 03:47:55 +0000
ROA not before:           Wed 01 Jan 2025 03:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        91.103.240.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/8866bb-2eb7-4288-a82c-5559ac410ace/1/8x0cBavXFMZ8MpHgENIccKNd1X4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/8866bb-2eb7-4288-a82c-5559ac410ace/1/8x0cBavXFMZ8MpHgENIccKNd1X4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8x0cBavXFMZ8MpHgENIccKNd1X4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 14:19:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:2a:4e:a0:5f:eb:13:fe:ff:1c:b2:24:af:e0:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f31d1c05abd714c67c3291e010d21c70a35dd57e
        Validity
            Not Before: Jan  1 03:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3688ab4cca1c7cc531457e12485dcd9cdd4c5cc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:77:32:bf:14:ad:c1:ca:dc:dc:87:68:f6:3a:
                    96:84:d7:c1:cb:a7:b1:f3:00:49:e3:73:c1:35:a1:
                    62:7f:e3:54:ff:61:c2:59:17:2c:25:ff:e1:7d:f6:
                    da:f2:0c:f7:db:96:bb:27:5f:59:52:cc:5a:70:f7:
                    df:9e:58:24:ac:9a:2b:48:9f:57:0c:a9:7b:ff:e5:
                    63:31:d7:aa:d3:32:94:4c:b1:b5:3e:ff:cf:6f:5a:
                    f9:07:ce:4f:7d:5d:99:61:eb:64:28:6a:e3:c5:e4:
                    76:4c:19:17:c2:e5:01:e0:0d:26:09:8e:ba:a2:15:
                    98:5a:68:3a:c4:f6:90:9a:fa:27:a7:0b:4a:8c:a8:
                    ae:5f:e8:90:76:c9:80:a2:79:d9:22:f4:16:07:13:
                    5f:7a:5b:3b:55:7f:3e:5d:f7:d4:7e:07:b8:3b:2f:
                    2c:1e:1d:d9:f9:bc:4f:98:b8:12:22:b6:e8:f3:75:
                    c0:2b:e1:ae:53:21:28:50:fb:f1:05:49:40:5b:dd:
                    7f:a6:52:04:8f:20:2c:78:31:45:9a:19:b6:9a:e3:
                    d0:b8:a5:7f:96:f2:23:8d:c5:c9:ed:55:0f:4d:d1:
                    29:18:36:43:51:00:fe:4c:aa:ca:05:44:d5:b3:79:
                    fa:a0:c1:2b:d4:4c:25:fa:89:85:e8:b4:60:9f:19:
                    78:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:88:AB:4C:CA:1C:7C:C5:31:45:7E:12:48:5D:CD:9C:DD:4C:5C:C8
            X509v3 Authority Key Identifier:
                keyid:F3:1D:1C:05:AB:D7:14:C6:7C:32:91:E0:10:D2:1C:70:A3:5D:D5:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8x0cBavXFMZ8MpHgENIccKNd1X4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/8866bb-2eb7-4288-a82c-5559ac410ace/1/NoirTMocfMUxRX4SSF3NnN1MXMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/8866bb-2eb7-4288-a82c-5559ac410ace/1/8x0cBavXFMZ8MpHgENIccKNd1X4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         35:6f:62:00:1f:d2:31:3e:bf:ba:56:4e:86:eb:a4:87:90:bd:
         48:54:9c:b7:c5:7a:ae:a5:57:97:a6:91:ec:37:a9:c1:5a:c4:
         7f:92:e8:d9:65:4c:9f:bb:22:26:89:88:fe:8e:fc:9d:18:ea:
         fa:d0:ef:29:56:ad:a9:f3:b1:55:69:96:11:79:93:f9:5b:e1:
         7a:4f:1c:d5:3d:8e:d9:5c:63:9c:d7:f7:e8:f8:02:0b:f0:b3:
         c2:0d:b0:50:c0:ab:72:20:a8:f3:20:67:9e:4d:e5:27:af:f4:
         7c:b4:20:28:7d:06:8c:2e:6a:99:09:7a:5f:53:5b:5b:8d:39:
         fa:d2:09:f7:7a:10:69:49:3a:b9:f5:e1:8e:11:4b:af:b9:5d:
         db:c0:0b:91:60:f0:fe:90:6b:d9:7b:89:a7:73:83:ee:be:d6:
         dc:50:86:b1:1d:90:42:06:25:a9:d8:c0:4a:5b:d2:45:18:db:
         c1:f9:ed:21:26:4f:f9:81:12:36:7d:2a:ae:40:3a:75:f0:37:
         67:4a:00:bd:c8:f4:25:a4:e1:76:a8:97:c9:fc:95:00:d8:fb:
         68:00:d7:6d:5f:2f:54:b8:e6:d4:8a:e6:45:23:99:63:7d:85:
         98:15:e3:28:8b:e0:67:6b:9e:2e:3e:d1:2e:4e:d2:a4:bf:ea:
         fd:ee:4d:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+ipOoF/rE/7/HLIkr+BgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMWQxYzA1YWJkNzE0YzY3YzMyOTFlMDEwZDIxYzcwYTM1
ZGQ1N2UwHhcNMjUwMTAxMDM0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjg4YWI0Y2NhMWM3Y2M1MzE0NTdlMTI0ODVkY2Q5Y2RkNGM1Y2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArncyvxStwcrc3Ido9jqWhNfBy6ex
8wBJ43PBNaFif+NU/2HCWRcsJf/hffba8gz325a7J19ZUsxacPffnlgkrJorSJ9X
DKl7/+VjMdeq0zKUTLG1Pv/Pb1r5B85PfV2ZYetkKGrjxeR2TBkXwuUB4A0mCY66
ohWYWmg6xPaQmvonpwtKjKiuX+iQdsmAonnZIvQWBxNfels7VX8+XffUfge4Oy8s
Hh3Z+bxPmLgSIrbo83XAK+GuUyEoUPvxBUlAW91/plIEjyAseDFFmhm2muPQuKV/
lvIjjcXJ7VUPTdEpGDZDUQD+TKrKBUTVs3n6oMEr1Ewl+omF6LRgnxl4AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDaIq0zKHHzFMUV+EkhdzZzdTFzIMB8GA1UdIwQY
MBaAFPMdHAWr1xTGfDKR4BDSHHCjXdV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHgwY0JhdlhGTVo4TXBIZ0VOSWNjS05kMVg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC84ODY2YmItMmViNy00Mjg4LWE4MmMt
NTU1OWFjNDEwYWNlLzEvTm9pclRNb2NmTVV4Ulg0U1NGM05uTjFNWE1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC84ODY2YmItMmViNy00Mjg4LWE4MmMtNTU1OWFjNDEwYWNl
LzEvOHgwY0JhdlhGTVo4TXBIZ0VOSWNjS05kMVg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW2fwMA0G
CSqGSIb3DQEBCwUAA4IBAQA1b2IAH9IxPr+6Vk6G66SHkL1IVJy3xXqupVeXppHs
N6nBWsR/kujZZUyfuyImiYj+jvydGOr60O8pVq2p87FVaZYReZP5W+F6TxzVPY7Z
XGOc1/fo+AIL8LPCDbBQwKtyIKjzIGeeTeUnr/R8tCAofQaMLmqZCXpfU1tbjTn6
0gn3ehBpSTq59eGOEUuvuV3bwAuRYPD+kGvZe4mnc4PuvtbcUIaxHZBCBiWp2MBK
W9JFGNvB+e0hJk/5gRI2fSquQDp18DdnSgC9yPQlpOF2qJfJ/JUA2PtoANdtXy9U
uObUiuZFI5ljfYWYFeMoi+Bna54uPtEuTtKkv+r97k3W
-----END CERTIFICATE-----