Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/0MIjC24hYDTW286dNJh5qkIVoQM.roa
File:                     0MIjC24hYDTW286dNJh5qkIVoQM.roa (raw, json)
Hash identifier:          MXU+N4PdoB06EZ/HjOQwFUwlQG2n1kwzXC/QtbLmJF0=
Subject key identifier:   D0:C2:23:0B:6E:21:60:34:D6:DB:CE:9D:34:98:79:AA:42:15:A1:03
Certificate issuer:       /CN=d673d849b7d5047376d57e6f796f0018b70b4506
Certificate serial:       01942369882FA3C2647BEA8520AC1EA004DF
Authority key identifier: D6:73:D8:49:B7:D5:04:73:76:D5:7E:6F:79:6F:00:18:B7:0B:45:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/0MIjC24hYDTW286dNJh5qkIVoQM.roa
Signing time:             Wed 01 Jan 2025 19:48:26 +0000
ROA not before:           Wed 01 Jan 2025 19:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62239
IP address blocks:        91.216.247.0/24 maxlen: 24
                          213.255.198.0/24 maxlen: 24
                          2a04:9300::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 22:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:88:2f:a3:c2:64:7b:ea:85:20:ac:1e:a0:04:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d673d849b7d5047376d57e6f796f0018b70b4506
        Validity
            Not Before: Jan  1 19:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0c2230b6e216034d6dbce9d349879aa4215a103
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:40:f3:bc:e5:28:d1:a7:cd:29:cc:a8:b1:17:
                    aa:00:c8:64:7e:f4:e9:4a:73:88:75:8a:e5:21:48:
                    96:28:2b:90:5c:ae:7e:4e:bf:02:12:52:d1:56:f3:
                    5b:a0:b1:06:bf:29:55:6e:66:23:0b:b3:d2:29:c6:
                    0d:2f:db:c6:d6:45:95:bc:95:6e:9f:51:f4:5d:33:
                    5c:2e:71:0a:68:c5:10:09:b3:a8:77:87:e7:dd:a5:
                    ce:17:19:99:91:bb:86:7b:64:ec:a4:03:95:69:24:
                    27:c9:d9:0c:bc:8e:ea:0c:da:e2:78:06:48:87:01:
                    16:db:63:af:27:85:b3:ed:9e:26:73:ab:5f:0b:98:
                    c2:75:46:0f:f9:4f:54:b8:87:00:59:42:0c:05:97:
                    8f:83:e8:2f:ab:b8:48:c3:9d:20:61:d6:ce:5e:c6:
                    af:d1:3c:26:02:90:1f:00:aa:cf:a1:ef:5e:5e:9c:
                    1e:36:f8:ca:d9:ad:93:bc:cf:6b:eb:d0:c6:99:a0:
                    00:b5:70:a9:3a:a2:91:5f:3f:8f:5c:e1:9a:59:46:
                    51:0c:16:2f:c8:28:bd:1a:ce:ad:fb:52:f5:0d:79:
                    2b:62:0f:bb:8d:de:52:20:cf:4f:6e:2f:7e:ea:ee:
                    15:be:68:a5:62:03:16:af:47:86:51:ad:3c:0a:28:
                    df:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:C2:23:0B:6E:21:60:34:D6:DB:CE:9D:34:98:79:AA:42:15:A1:03
            X509v3 Authority Key Identifier:
                keyid:D6:73:D8:49:B7:D5:04:73:76:D5:7E:6F:79:6F:00:18:B7:0B:45:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1nPYSbfVBHN21X5veW8AGLcLRQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/0MIjC24hYDTW286dNJh5qkIVoQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/2ece62-1d8c-450c-91e8-8eeb757cf545/1/1nPYSbfVBHN21X5veW8AGLcLRQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.247.0/24
                  213.255.198.0/24
                IPv6:
                  2a04:9300::/32

    Signature Algorithm: sha256WithRSAEncryption
         3b:79:e9:c1:1b:a9:36:be:c9:f3:7b:80:5a:08:71:6f:73:40:
         91:dd:23:7f:a5:8d:d3:ba:de:17:a2:06:ff:80:68:ad:4a:16:
         28:d9:2e:f1:5e:46:70:02:ae:f7:bc:a4:b3:09:6f:f8:d9:3b:
         38:b0:5f:78:9f:3d:99:ba:37:52:e8:0d:b2:31:56:e5:1f:17:
         db:16:48:fb:46:ed:97:7b:2f:d5:f4:a0:5a:b3:b7:9e:67:27:
         89:1e:ee:cc:b8:ba:4d:01:ae:1f:f5:ab:ad:71:77:51:c5:7b:
         19:93:64:d4:f2:d0:92:8d:a5:b5:a3:dc:47:f5:d2:0d:4e:fd:
         0c:cf:9b:b3:ba:ca:28:7f:7d:2a:7a:b5:85:ae:35:5b:d8:a7:
         54:e3:90:66:68:8d:d7:ea:25:12:56:c0:a0:94:05:d6:10:a7:
         1f:22:d7:ea:63:c6:0f:1e:c9:72:c6:36:21:58:e8:75:7d:8f:
         fe:a6:52:c8:aa:d8:1c:b4:84:71:8f:af:48:bd:5d:93:44:2f:
         d9:e8:a7:ec:f4:eb:b1:ec:d7:b2:10:a0:49:f5:c1:ca:b7:0a:
         90:c0:a2:fb:2b:1a:04:9f:d3:b7:cc:7a:ff:17:77:13:a8:13:
         b5:87:0d:87:c7:e2:86:f5:18:fd:83:a4:03:d0:8b:43:c8:6e:
         23:ae:6e:e3
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQjaYgvo8Jke+qFIKweoATfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NzNkODQ5YjdkNTA0NzM3NmQ1N2U2Zjc5NmYwMDE4Yjcw
YjQ1MDYwHhcNMjUwMTAxMTk0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGMyMjMwYjZlMjE2MDM0ZDZkYmNlOWQzNDk4NzlhYTQyMTVhMTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukDzvOUo0afNKcyosReqAMhkfvTp
SnOIdYrlIUiWKCuQXK5+Tr8CElLRVvNboLEGvylVbmYjC7PSKcYNL9vG1kWVvJVu
n1H0XTNcLnEKaMUQCbOod4fn3aXOFxmZkbuGe2TspAOVaSQnydkMvI7qDNrieAZI
hwEW22OvJ4Wz7Z4mc6tfC5jCdUYP+U9UuIcAWUIMBZePg+gvq7hIw50gYdbOXsav
0TwmApAfAKrPoe9eXpweNvjK2a2TvM9r69DGmaAAtXCpOqKRXz+PXOGaWUZRDBYv
yCi9Gs6t+1L1DXkrYg+7jd5SIM9Pbi9+6u4VvmilYgMWr0eGUa08CijfWQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNDCIwtuIWA01tvOnTSYeapCFaEDMB8GA1UdIwQY
MBaAFNZz2Em31QRzdtV+b3lvABi3C0UGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW5QWVNiZlZCSE4yMVg1dmVXOEFHTGNMUlFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8yZWNlNjItMWQ4Yy00NTBjLTkxZTgt
OGVlYjc1N2NmNTQ1LzEvME1JakMyNGhZRFRXMjg2ZE5KaDVxa0lWb1FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8yZWNlNjItMWQ4Yy00NTBjLTkxZTgtOGVlYjc1N2NmNTQ1
LzEvMW5QWVNiZlZCSE4yMVg1dmVXOEFHTGNMUlFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW9j3AwQA
1f/GMA0EAgACMAcDBQAqBJMAMA0GCSqGSIb3DQEBCwUAA4IBAQA7eenBG6k2vsnz
e4BaCHFvc0CR3SN/pY3Tut4Xogb/gGitShYo2S7xXkZwAq73vKSzCW/42Ts4sF94
nz2ZujdS6A2yMVblHxfbFkj7Ru2Xey/V9KBas7eeZyeJHu7MuLpNAa4f9autcXdR
xXsZk2TU8tCSjaW1o9xH9dINTv0Mz5uzusoof30qerWFrjVb2KdU45BmaI3X6iUS
VsCglAXWEKcfItfqY8YPHslyxjYhWOh1fY/+plLIqtgctIRxj69IvV2TRC/Z6Kfs
9Oux7NeyEKBJ9cHKtwqQwKL7KxoEn9O3zHr/F3cTqBO1hw2Hx+KG9Rj9g6QD0ItD
yG4jrm7j
-----END CERTIFICATE-----