Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/6bb444-c0ac-4060-80d5-e3d427211a83/1/PMNnc8UiTx_1PdJEiYIJsVqvM18.roa
File:                     PMNnc8UiTx_1PdJEiYIJsVqvM18.roa (raw, json)
Hash identifier:          glo0oQZnzXQ/WEXl4o++QXVkyGkwmaHI6OvTjJhSMHE=
Subject key identifier:   3C:C3:67:73:C5:22:4F:1F:F5:3D:D2:44:89:82:09:B1:5A:AF:33:5F
Certificate issuer:       /CN=039916dc890f08fe55c75bb4439d6016704b7a61
Certificate serial:       019422FB590B990485F340C5E0611D53E4D5
Authority key identifier: 03:99:16:DC:89:0F:08:FE:55:C7:5B:B4:43:9D:60:16:70:4B:7A:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A5kW3IkPCP5Vx1u0Q51gFnBLemE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/6bb444-c0ac-4060-80d5-e3d427211a83/1/PMNnc8UiTx_1PdJEiYIJsVqvM18.roa
Signing time:             Wed 01 Jan 2025 17:48:05 +0000
ROA not before:           Wed 01 Jan 2025 17:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51232
IP address blocks:        91.216.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/6bb444-c0ac-4060-80d5-e3d427211a83/1/A5kW3IkPCP5Vx1u0Q51gFnBLemE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/6bb444-c0ac-4060-80d5-e3d427211a83/1/A5kW3IkPCP5Vx1u0Q51gFnBLemE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A5kW3IkPCP5Vx1u0Q51gFnBLemE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 20:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:59:0b:99:04:85:f3:40:c5:e0:61:1d:53:e4:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=039916dc890f08fe55c75bb4439d6016704b7a61
        Validity
            Not Before: Jan  1 17:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3cc36773c5224f1ff53dd244898209b15aaf335f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:80:a4:6e:23:8c:64:65:37:f2:76:11:cc:a2:
                    ae:3a:f0:d2:d3:d9:17:25:6d:60:11:3f:28:dc:1c:
                    94:78:b1:76:14:16:d7:74:fb:b8:f5:40:7e:6d:79:
                    de:90:6a:81:44:e6:cb:bd:ae:7b:66:4e:6e:15:93:
                    2b:9c:e5:56:42:f4:c2:0d:44:55:fa:07:ee:c1:48:
                    78:4d:f5:43:0e:42:d1:4e:dd:64:03:61:04:0b:25:
                    6b:67:c5:a5:15:fc:27:fc:68:d9:17:cf:3b:76:3d:
                    dc:c9:f2:0f:8c:f6:c6:25:c7:8c:a5:34:59:5c:ce:
                    9f:ac:8b:51:01:36:51:63:8e:49:4d:ab:e8:81:a2:
                    19:11:20:6c:6c:81:19:40:39:58:34:4e:03:7b:d5:
                    d4:8c:ef:37:8e:90:ca:dc:05:8b:4c:2c:72:81:47:
                    bf:38:a9:eb:1f:91:18:50:63:65:48:7a:4d:44:4f:
                    ac:5d:35:ad:ac:8a:18:68:9b:73:86:56:56:58:85:
                    36:0b:77:db:26:83:fa:6f:09:93:cc:ae:ea:70:a8:
                    9c:f0:bf:6b:99:9c:5d:cb:36:9d:02:6b:71:98:04:
                    77:29:b6:42:d6:0b:c8:5a:d8:41:e9:f6:43:49:35:
                    0e:74:5c:6b:3b:05:de:b5:03:d3:0b:9d:a0:97:26:
                    78:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:C3:67:73:C5:22:4F:1F:F5:3D:D2:44:89:82:09:B1:5A:AF:33:5F
            X509v3 Authority Key Identifier:
                keyid:03:99:16:DC:89:0F:08:FE:55:C7:5B:B4:43:9D:60:16:70:4B:7A:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A5kW3IkPCP5Vx1u0Q51gFnBLemE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6bb444-c0ac-4060-80d5-e3d427211a83/1/PMNnc8UiTx_1PdJEiYIJsVqvM18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6bb444-c0ac-4060-80d5-e3d427211a83/1/A5kW3IkPCP5Vx1u0Q51gFnBLemE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:cb:47:b3:25:50:7a:e9:16:d9:47:c6:bf:01:b9:9e:ef:6c:
         1f:e5:33:6f:29:a0:2f:59:9c:9b:81:70:82:d8:b0:e3:24:04:
         34:7a:ed:3e:89:68:f1:30:a1:90:61:aa:83:10:cf:ac:53:fb:
         12:9e:ef:78:f7:9e:09:6c:49:0e:92:c4:85:be:1d:7d:35:06:
         b5:f0:7b:84:d0:d5:d3:c5:3e:5b:ed:a8:2e:0d:3b:85:fd:00:
         27:c9:e2:26:4a:1b:0e:5c:c3:b9:98:e6:93:d5:20:ba:8e:59:
         b2:44:3b:42:ad:0f:cd:29:93:3e:b9:b9:43:8a:ff:c0:6e:cb:
         79:cb:95:d6:87:76:5e:4b:fc:05:ce:36:ae:cf:48:f1:ef:86:
         97:f6:d3:a8:b4:1f:07:44:ce:46:33:f3:c7:af:b8:74:ba:99:
         12:a0:87:11:d3:d7:6f:36:ad:b3:6e:fd:20:74:7c:19:79:ad:
         c8:5e:0c:07:d3:3c:69:92:73:62:a7:9b:37:54:76:e7:1c:fb:
         3d:6f:1b:fc:f7:ce:1a:67:1a:5b:24:1b:e9:c7:bf:9e:fe:a0:
         4e:0a:95:6f:8d:83:b0:bf:d2:72:a1:1d:4e:89:a4:25:c2:bb:
         d3:38:0c:3f:d8:9d:d4:24:5a:e2:88:01:5a:5b:d8:20:24:2a:
         92:06:24:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+1kLmQSF80DF4GEdU+TVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzOTkxNmRjODkwZjA4ZmU1NWM3NWJiNDQzOWQ2MDE2NzA0
YjdhNjEwHhcNMjUwMTAxMTc0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2MzNjc3M2M1MjI0ZjFmZjUzZGQyNDQ4OTgyMDliMTVhYWYzMzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYCkbiOMZGU38nYRzKKuOvDS09kX
JW1gET8o3ByUeLF2FBbXdPu49UB+bXnekGqBRObLva57Zk5uFZMrnOVWQvTCDURV
+gfuwUh4TfVDDkLRTt1kA2EECyVrZ8WlFfwn/GjZF887dj3cyfIPjPbGJceMpTRZ
XM6frItRATZRY45JTavogaIZESBsbIEZQDlYNE4De9XUjO83jpDK3AWLTCxygUe/
OKnrH5EYUGNlSHpNRE+sXTWtrIoYaJtzhlZWWIU2C3fbJoP6bwmTzK7qcKic8L9r
mZxdyzadAmtxmAR3KbZC1gvIWthB6fZDSTUOdFxrOwXetQPTC52glyZ4pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDzDZ3PFIk8f9T3SRImCCbFarzNfMB8GA1UdIwQY
MBaAFAOZFtyJDwj+VcdbtEOdYBZwS3phMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTVrVzNJa1BDUDVWeDF1MFE1MWdGbkJMZW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82YmI0NDQtYzBhYy00MDYwLTgwZDUt
ZTNkNDI3MjExYTgzLzEvUE1ObmM4VWlUeF8xUGRKRWlZSUpzVnF2TTE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82YmI0NDQtYzBhYy00MDYwLTgwZDUtZTNkNDI3MjExYTgz
LzEvQTVrVzNJa1BDUDVWeDF1MFE1MWdGbkJMZW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9g8MA0G
CSqGSIb3DQEBCwUAA4IBAQARy0ezJVB66RbZR8a/Abme72wf5TNvKaAvWZybgXCC
2LDjJAQ0eu0+iWjxMKGQYaqDEM+sU/sSnu94954JbEkOksSFvh19NQa18HuE0NXT
xT5b7aguDTuF/QAnyeImShsOXMO5mOaT1SC6jlmyRDtCrQ/NKZM+ublDiv/Abst5
y5XWh3ZeS/wFzjauz0jx74aX9tOotB8HRM5GM/PHr7h0upkSoIcR09dvNq2zbv0g
dHwZea3IXgwH0zxpknNip5s3VHbnHPs9bxv8984aZxpbJBvpx7+e/qBOCpVvjYOw
v9JyoR1OiaQlwrvTOAw/2J3UJFriiAFaW9ggJCqSBiSE
-----END CERTIFICATE-----