Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/_mbTkWs_huXNRXoAZz6RgcHa1ac.roa
File:                     _mbTkWs_huXNRXoAZz6RgcHa1ac.roa (raw, json)
Hash identifier:          Gtnl2zq6+nya1Z5zQfHNFtNMNJ5L0SVArl4/D3Vch3Q=
Subject key identifier:   FE:66:D3:91:6B:3F:86:E5:CD:45:7A:00:67:3E:91:81:C1:DA:D5:A7
Certificate issuer:       /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial:       0194228D62B2017B5366A327B65775209FAB
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/_mbTkWs_huXNRXoAZz6RgcHa1ac.roa
Signing time:             Wed 01 Jan 2025 15:47:58 +0000
ROA not before:           Wed 01 Jan 2025 15:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34773
IP address blocks:        91.233.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:62:b2:01:7b:53:66:a3:27:b6:57:75:20:9f:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
        Validity
            Not Before: Jan  1 15:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe66d3916b3f86e5cd457a00673e9181c1dad5a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:0a:1e:18:26:02:b0:f6:37:6e:bc:35:e0:83:
                    33:76:92:65:ff:0b:ef:3e:3a:14:bc:2d:8f:21:9e:
                    01:13:2f:3f:ac:6b:7a:55:e6:01:e9:35:42:3b:c3:
                    ca:23:d6:95:84:c5:ec:4f:c5:fd:22:d5:dc:46:01:
                    14:12:d9:81:6c:19:6f:46:14:d6:a0:7f:50:76:53:
                    67:52:ab:48:24:4e:94:64:2a:c8:3b:f7:0c:9b:bc:
                    f3:43:4e:ec:9c:68:80:e5:9a:47:c8:43:b0:30:45:
                    d9:14:9a:72:52:23:3e:73:78:82:24:33:d4:0f:50:
                    f2:5b:12:a8:4d:62:17:b0:dd:88:2a:1e:62:1a:c3:
                    e8:da:5f:e6:10:1a:4e:7d:35:6f:8e:9d:f3:7c:8b:
                    bf:34:26:fe:fe:c7:e4:b0:c0:df:ab:d7:3b:69:c6:
                    02:44:0b:2a:34:96:e2:b0:61:fc:ab:00:2d:95:27:
                    4a:1f:49:9c:59:93:fc:00:8c:26:ea:a8:2e:c3:67:
                    7b:20:50:57:b6:2e:aa:d6:ec:2d:fa:e6:c1:0c:e6:
                    88:89:1b:be:81:86:e2:63:e1:cc:5c:96:7c:36:db:
                    7e:c0:39:8a:c5:f4:21:d8:af:fd:86:85:bf:8c:ee:
                    a4:ae:4a:6c:79:5e:d9:1d:5e:16:23:a8:e2:26:af:
                    37:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:66:D3:91:6B:3F:86:E5:CD:45:7A:00:67:3E:91:81:C1:DA:D5:A7
            X509v3 Authority Key Identifier:
                keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/_mbTkWs_huXNRXoAZz6RgcHa1ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:af:c8:81:e5:30:83:32:1e:f5:67:74:08:87:04:5d:ce:a5:
         b3:eb:bd:56:5d:12:a0:7d:0c:f5:83:33:06:a2:c1:a4:05:56:
         4a:50:71:08:8f:57:de:b7:53:6f:86:50:33:e7:7c:f4:31:67:
         9a:59:a7:f8:4f:9a:2e:a3:5f:e1:20:9e:fb:1a:b4:7e:e8:f3:
         9d:44:6f:15:ca:2e:dd:f7:16:bf:0e:f0:ee:78:e2:0b:e5:00:
         a4:dd:70:0e:ff:f5:ad:1c:b8:4c:f9:d4:cd:2d:e0:56:0b:36:
         d8:d5:cf:b4:e4:cd:0e:b5:6c:fd:e8:c6:35:3e:20:f2:28:67:
         2f:fc:87:18:eb:6e:8d:d3:4d:d7:a4:d1:dd:0e:73:5a:c4:a7:
         c3:97:64:36:ab:17:30:b2:2c:85:e4:9f:78:60:91:37:3d:a1:
         ac:94:3f:7d:30:ee:7a:ed:7c:df:00:8b:62:87:ce:a9:9d:1a:
         c5:b7:6e:f8:3f:9f:68:32:a8:34:b8:0a:6d:a0:b5:f6:57:c1:
         35:40:ff:78:f2:1c:91:88:0a:80:39:a1:b3:64:70:2f:e4:f8:
         a5:4e:94:bc:52:34:e9:b7:d5:7e:b7:bd:16:b5:92:af:e4:86:
         e1:57:01:20:49:5a:99:44:d9:4b:65:a5:2f:ee:86:b1:47:28:
         40:ea:52:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijWKyAXtTZqMntld1IJ+rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjUwMTAxMTU0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTY2ZDM5MTZiM2Y4NmU1Y2Q0NTdhMDA2NzNlOTE4MWMxZGFkNWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2woeGCYCsPY3brw14IMzdpJl/wvv
PjoUvC2PIZ4BEy8/rGt6VeYB6TVCO8PKI9aVhMXsT8X9ItXcRgEUEtmBbBlvRhTW
oH9QdlNnUqtIJE6UZCrIO/cMm7zzQ07snGiA5ZpHyEOwMEXZFJpyUiM+c3iCJDPU
D1DyWxKoTWIXsN2IKh5iGsPo2l/mEBpOfTVvjp3zfIu/NCb+/sfksMDfq9c7acYC
RAsqNJbisGH8qwAtlSdKH0mcWZP8AIwm6qguw2d7IFBXti6q1uwt+ubBDOaIiRu+
gYbiY+HMXJZ8Ntt+wDmKxfQh2K/9hoW/jO6krkpseV7ZHV4WI6jiJq83iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP5m05FrP4blzUV6AGc+kYHB2tWnMB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvX21iVGtXc19odVhOUlhvQVp6NlJnY0hhMWFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+l5MA0G
CSqGSIb3DQEBCwUAA4IBAQAur8iB5TCDMh71Z3QIhwRdzqWz671WXRKgfQz1gzMG
osGkBVZKUHEIj1fet1NvhlAz53z0MWeaWaf4T5ouo1/hIJ77GrR+6POdRG8Vyi7d
9xa/DvDueOIL5QCk3XAO//WtHLhM+dTNLeBWCzbY1c+05M0OtWz96MY1PiDyKGcv
/IcY626N003XpNHdDnNaxKfDl2Q2qxcwsiyF5J94YJE3PaGslD99MO567XzfAIti
h86pnRrFt274P59oMqg0uAptoLX2V8E1QP948hyRiAqAOaGzZHAv5PilTpS8UjTp
t9V+t70WtZKv5IbhVwEgSVqZRNlLZaUv7oaxRyhA6lKP
-----END CERTIFICATE-----