Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/87e940-e2a1-436e-aa73-d3f6cd8e4444/1/MBu8VTmpr04x0tshZWj7vlWVLfA.roa
File:                     MBu8VTmpr04x0tshZWj7vlWVLfA.roa (raw, json)
Hash identifier:          ulHARLad6WzWUuYeIJe/P7G2yuuz8lPKXAfu9iAhsvU=
Subject key identifier:   30:1B:BC:55:39:A9:AF:4E:31:D2:DB:21:65:68:FB:BE:55:95:2D:F0
Certificate issuer:       /CN=ec6b71c67e1cc28078697952ad3f4f355f4e1341
Certificate serial:       0194258EECF11268AF361709BDD92F901AE5
Authority key identifier: EC:6B:71:C6:7E:1C:C2:80:78:69:79:52:AD:3F:4F:35:5F:4E:13:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7Gtxxn4cwoB4aXlSrT9PNV9OE0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/87e940-e2a1-436e-aa73-d3f6cd8e4444/1/MBu8VTmpr04x0tshZWj7vlWVLfA.roa
Signing time:             Thu 02 Jan 2025 05:48:31 +0000
ROA not before:           Thu 02 Jan 2025 05:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        91.237.100.0/23 maxlen: 23
                          91.237.100.0/24 maxlen: 24
                          91.237.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/87e940-e2a1-436e-aa73-d3f6cd8e4444/1/7Gtxxn4cwoB4aXlSrT9PNV9OE0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/87e940-e2a1-436e-aa73-d3f6cd8e4444/1/7Gtxxn4cwoB4aXlSrT9PNV9OE0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7Gtxxn4cwoB4aXlSrT9PNV9OE0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 17:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:ec:f1:12:68:af:36:17:09:bd:d9:2f:90:1a:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec6b71c67e1cc28078697952ad3f4f355f4e1341
        Validity
            Not Before: Jan  2 05:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=301bbc5539a9af4e31d2db216568fbbe55952df0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:28:86:b2:e9:7f:60:f0:21:a9:74:80:97:d8:
                    a1:a0:34:cc:a2:52:f8:cd:fd:7b:c5:d7:e7:91:dc:
                    81:cf:58:f3:2d:45:fb:d3:0c:d2:21:cd:47:b1:3f:
                    c7:82:02:95:22:ca:03:71:c5:d0:8f:fe:da:73:de:
                    b9:fb:76:5e:dd:93:40:08:1e:5b:f5:5d:a7:45:72:
                    70:fa:50:0f:c8:fb:b0:ea:99:4c:05:8d:9c:24:43:
                    51:d7:69:8d:07:4b:9f:a1:d7:3d:bc:00:77:08:30:
                    cd:c8:e3:c4:89:96:53:b2:77:1d:37:89:ff:00:fe:
                    4d:5a:69:5a:28:fa:9c:52:10:5d:6e:b7:6a:56:72:
                    a1:6e:b4:9c:da:98:3d:f7:4d:52:19:af:4f:cb:91:
                    57:6c:4d:11:c9:4f:82:ab:d4:d9:59:92:52:c0:f0:
                    64:da:c2:1c:c7:72:be:88:9e:1b:c1:e0:4d:73:d2:
                    5d:ca:e4:6b:b5:e5:28:f7:d0:24:66:16:ca:8a:68:
                    d0:4a:76:6f:cd:f8:1f:f0:e0:68:b9:42:e1:4c:eb:
                    5b:63:9f:ef:71:3c:3e:5e:d4:2d:ed:4b:02:d5:e6:
                    c6:45:d3:50:89:66:cc:04:6e:43:23:e8:90:ab:b5:
                    94:81:e5:40:f1:e0:1f:86:98:fd:d9:59:11:04:56:
                    97:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:1B:BC:55:39:A9:AF:4E:31:D2:DB:21:65:68:FB:BE:55:95:2D:F0
            X509v3 Authority Key Identifier:
                keyid:EC:6B:71:C6:7E:1C:C2:80:78:69:79:52:AD:3F:4F:35:5F:4E:13:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7Gtxxn4cwoB4aXlSrT9PNV9OE0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/87e940-e2a1-436e-aa73-d3f6cd8e4444/1/MBu8VTmpr04x0tshZWj7vlWVLfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/87e940-e2a1-436e-aa73-d3f6cd8e4444/1/7Gtxxn4cwoB4aXlSrT9PNV9OE0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a3:f2:ed:d5:04:51:28:c3:53:3b:74:49:10:91:a1:87:70:14:
         86:a8:23:dc:17:53:45:6e:6e:54:3b:b1:68:7a:17:6b:dd:dd:
         cc:b1:a9:71:bf:8c:e7:cb:03:41:44:d5:36:8c:5a:33:a6:59:
         07:65:8e:1c:ec:fb:b1:65:49:77:0f:61:81:cb:4e:02:7c:5e:
         cc:df:8c:ad:08:3d:3c:80:1f:15:98:d3:5a:d0:cd:53:60:fd:
         1e:39:a3:ad:12:68:88:2a:da:52:30:e5:63:6e:4d:da:a5:c6:
         0a:06:79:cd:43:11:6f:98:7a:31:ec:2c:ca:0a:4a:d0:9f:bf:
         4a:6d:f0:df:b8:53:c0:c8:31:67:74:52:5a:6e:b2:3c:1d:74:
         cf:fb:d9:98:20:60:27:77:08:68:a2:f2:00:3b:ba:2c:c8:01:
         5a:1a:98:93:f6:26:ef:6d:25:ea:81:75:1f:d5:98:7a:fa:bb:
         1b:a3:b2:5a:74:42:1e:c7:6f:fa:92:2d:60:9d:f8:de:a3:89:
         e8:60:09:d7:92:37:c6:5d:0c:6a:2e:23:21:27:c1:fd:2a:88:
         b8:6e:95:c6:93:cf:44:a5:13:fc:be:07:35:75:30:91:b0:e2:
         3c:b3:b7:31:80:82:32:9a:81:36:13:1c:4b:47:91:fa:ce:73:
         7d:80:6d:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljuzxEmivNhcJvdkvkBrlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNmI3MWM2N2UxY2MyODA3ODY5Nzk1MmFkM2Y0ZjM1NWY0
ZTEzNDEwHhcNMjUwMTAyMDU0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDFiYmM1NTM5YTlhZjRlMzFkMmRiMjE2NTY4ZmJiZTU1OTUyZGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCiGsul/YPAhqXSAl9ihoDTMolL4
zf17xdfnkdyBz1jzLUX70wzSIc1HsT/HggKVIsoDccXQj/7ac965+3Ze3ZNACB5b
9V2nRXJw+lAPyPuw6plMBY2cJENR12mNB0ufodc9vAB3CDDNyOPEiZZTsncdN4n/
AP5NWmlaKPqcUhBdbrdqVnKhbrSc2pg9901SGa9Py5FXbE0RyU+Cq9TZWZJSwPBk
2sIcx3K+iJ4bweBNc9JdyuRrteUo99AkZhbKimjQSnZvzfgf8OBouULhTOtbY5/v
cTw+XtQt7UsC1ebGRdNQiWbMBG5DI+iQq7WUgeVA8eAfhpj92VkRBFaXgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAbvFU5qa9OMdLbIWVo+75VlS3wMB8GA1UdIwQY
MBaAFOxrccZ+HMKAeGl5Uq0/TzVfThNBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0d0eHhuNGN3b0I0YVhsU3JUOVBOVjlPRTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy84N2U5NDAtZTJhMS00MzZlLWFhNzMt
ZDNmNmNkOGU0NDQ0LzEvTUJ1OFZUbXByMDR4MHRzaFpXajd2bFdWTGZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy84N2U5NDAtZTJhMS00MzZlLWFhNzMtZDNmNmNkOGU0NDQ0
LzEvN0d0eHhuNGN3b0I0YVhsU3JUOVBOVjlPRTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+1kMA0G
CSqGSIb3DQEBCwUAA4IBAQCj8u3VBFEow1M7dEkQkaGHcBSGqCPcF1NFbm5UO7Fo
ehdr3d3Msalxv4znywNBRNU2jFozplkHZY4c7PuxZUl3D2GBy04CfF7M34ytCD08
gB8VmNNa0M1TYP0eOaOtEmiIKtpSMOVjbk3apcYKBnnNQxFvmHox7CzKCkrQn79K
bfDfuFPAyDFndFJabrI8HXTP+9mYIGAndwhoovIAO7osyAFaGpiT9ibvbSXqgXUf
1Zh6+rsbo7JadEIex2/6ki1gnfjeo4noYAnXkjfGXQxqLiMhJ8H9Koi4bpXGk89E
pRP8vgc1dTCRsOI8s7cxgIIymoE2ExxLR5H6znN9gG2b
-----END CERTIFICATE-----