Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/8387a7-068c-4832-aa26-db5b1f89a50d/1/mUNv0hl25ZIf4AQG4qsVR-CTUrM.roa
File:                     mUNv0hl25ZIf4AQG4qsVR-CTUrM.roa (raw, json)
Hash identifier:          hTf4kmCY56l4sV3lLOa8Fqsg/JGmVwlvV5YGnABxGaA=
Subject key identifier:   99:43:6F:D2:19:76:E5:92:1F:E0:04:06:E2:AB:15:47:E0:93:52:B3
Certificate issuer:       /CN=fb5602802a8793a24fda4d0edcc30a196c0f77e0
Certificate serial:       018CCA99E1129C4219FC7AA86CB61155B737
Authority key identifier: FB:56:02:80:2A:87:93:A2:4F:DA:4D:0E:DC:C3:0A:19:6C:0F:77:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-1YCgCqHk6JP2k0O3MMKGWwPd-A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/8387a7-068c-4832-aa26-db5b1f89a50d/1/mUNv0hl25ZIf4AQG4qsVR-CTUrM.roa
Signing time:             Tue 02 Jan 2024 14:35:31 +0000
ROA not before:           Tue 02 Jan 2024 14:35:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203046
IP address blocks:        91.208.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/8387a7-068c-4832-aa26-db5b1f89a50d/1/1-1YCgCqHk6JP2k0O3MMKGWwPd-A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/8387a7-068c-4832-aa26-db5b1f89a50d/1/1-1YCgCqHk6JP2k0O3MMKGWwPd-A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-1YCgCqHk6JP2k0O3MMKGWwPd-A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:e1:12:9c:42:19:fc:7a:a8:6c:b6:11:55:b7:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb5602802a8793a24fda4d0edcc30a196c0f77e0
        Validity
            Not Before: Jan  2 14:35:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99436fd21976e5921fe00406e2ab1547e09352b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:97:76:8f:9a:e8:fd:22:1e:c0:c3:30:a8:4d:
                    eb:68:c5:83:d2:91:11:e8:b9:f8:37:e5:7f:e3:cf:
                    d5:f6:f9:0c:f6:5f:50:07:69:eb:af:59:cf:84:2e:
                    36:0f:4a:8a:15:4c:98:21:90:ef:e4:d3:55:7f:d5:
                    ad:26:d8:55:4d:eb:46:11:cb:d0:f4:a2:f1:78:b8:
                    b0:2c:74:a6:43:fc:8f:bd:5c:61:f0:17:cd:54:d6:
                    66:2b:33:04:5d:97:cf:64:3b:16:5c:1d:ba:27:a1:
                    97:c0:7f:d3:de:8f:d9:5e:b7:e1:d9:f1:16:83:e7:
                    86:61:9d:db:dd:c2:5b:ab:f0:23:94:7e:20:c2:d5:
                    ec:7a:7d:61:8c:5d:81:c0:9e:89:9a:5b:aa:22:bf:
                    f3:d3:cf:cc:2d:62:f1:46:38:34:15:48:bc:99:eb:
                    65:75:7c:c6:55:0b:de:dc:a3:ac:ca:8d:f7:ba:e5:
                    20:e5:22:9d:4e:5e:c9:21:4d:d0:3b:32:84:a6:86:
                    46:29:50:68:52:cf:a9:4d:58:83:05:a0:6f:e9:12:
                    6e:fb:56:62:34:5c:e8:e2:e9:a0:f3:de:84:b9:1c:
                    f5:46:ba:f4:e8:83:2f:77:19:a5:49:d2:d2:4b:d1:
                    54:70:e6:52:70:12:21:43:d1:b3:f2:e8:e2:47:9a:
                    34:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:43:6F:D2:19:76:E5:92:1F:E0:04:06:E2:AB:15:47:E0:93:52:B3
            X509v3 Authority Key Identifier:
                keyid:FB:56:02:80:2A:87:93:A2:4F:DA:4D:0E:DC:C3:0A:19:6C:0F:77:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-1YCgCqHk6JP2k0O3MMKGWwPd-A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/8387a7-068c-4832-aa26-db5b1f89a50d/1/mUNv0hl25ZIf4AQG4qsVR-CTUrM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/8387a7-068c-4832-aa26-db5b1f89a50d/1/1-1YCgCqHk6JP2k0O3MMKGWwPd-A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:0b:4a:a9:3d:bb:2d:54:a6:13:b1:d6:f9:60:d7:a9:20:f1:
         34:11:2d:0b:b3:6a:ce:58:96:a3:9f:3b:43:20:85:fd:ab:e9:
         ab:95:3b:4e:d5:26:75:41:2c:27:c8:a5:be:7b:48:74:dc:18:
         12:f9:96:ac:13:a0:82:e3:9a:59:18:9e:2e:15:f6:d9:a5:0a:
         73:28:a5:e0:3f:67:b7:b4:27:3a:f0:d0:13:61:45:77:c5:c8:
         16:5e:d4:d5:d5:8d:30:68:ba:04:cf:c4:c0:7e:42:20:cb:50:
         44:fc:aa:6f:03:93:51:5f:c6:14:d9:5b:f9:a8:f1:1c:ce:7a:
         7b:8f:92:ef:69:fc:fd:99:0b:68:b2:0c:16:d9:45:9f:fe:b1:
         26:fb:d0:ae:77:87:88:78:2d:3b:26:6c:8c:74:93:d7:23:4e:
         78:f5:3b:a0:ad:00:58:2f:51:b0:6c:43:0d:14:95:9c:fc:f8:
         39:fa:9a:79:30:cd:b6:1d:d2:b1:30:5c:06:3a:6d:32:df:43:
         ae:db:0e:86:fd:30:bf:c4:4c:84:e3:3c:71:a9:44:e4:a4:4a:
         68:62:e2:ff:72:d7:54:63:ce:37:d7:99:44:ca:0a:7d:4e:d3:
         43:84:e7:ec:6d:30:3d:15:dd:08:bd:78:9f:db:00:d7:4b:e8:
         8c:08:03:0f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzKmeESnEIZ/HqobLYRVbc3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiNTYwMjgwMmE4NzkzYTI0ZmRhNGQwZWRjYzMwYTE5NmMw
Zjc3ZTAwHhcNMjQwMTAyMTQzNTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTQzNmZkMjE5NzZlNTkyMWZlMDA0MDZlMmFiMTU0N2UwOTM1MmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpd2j5ro/SIewMMwqE3raMWD0pER
6Ln4N+V/48/V9vkM9l9QB2nrr1nPhC42D0qKFUyYIZDv5NNVf9WtJthVTetGEcvQ
9KLxeLiwLHSmQ/yPvVxh8BfNVNZmKzMEXZfPZDsWXB26J6GXwH/T3o/ZXrfh2fEW
g+eGYZ3b3cJbq/AjlH4gwtXsen1hjF2BwJ6JmluqIr/z08/MLWLxRjg0FUi8metl
dXzGVQve3KOsyo33uuUg5SKdTl7JIU3QOzKEpoZGKVBoUs+pTViDBaBv6RJu+1Zi
NFzo4umg896EuRz1Rrr06IMvdxmlSdLSS9FUcOZScBIhQ9Gz8ujiR5o0HQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJlDb9IZduWSH+AEBuKrFUfgk1KzMB8GA1UdIwQY
MBaAFPtWAoAqh5OiT9pNDtzDChlsD3fgMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0xWUNnQ3FIazZKUDJrME8zTU1LR1d3UGQtQS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjgvODM4N2E3LTA2OGMtNDgzMi1hYTI2
LWRiNWIxZjg5YTUwZC8xL21VTnYwaGwyNVpJZjRBUUc0cXNWUi1DVFVyTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjgvODM4N2E3LTA2OGMtNDgzMi1hYTI2LWRiNWIxZjg5YTUw
ZC8xLzEtMVlDZ0NxSGs2SlAyazBPM01NS0dXd1BkLUEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb0L8w
DQYJKoZIhvcNAQELBQADggEBAAILSqk9uy1UphOx1vlg16kg8TQRLQuzas5YlqOf
O0Mghf2r6auVO07VJnVBLCfIpb57SHTcGBL5lqwToILjmlkYni4V9tmlCnMopeA/
Z7e0Jzrw0BNhRXfFyBZe1NXVjTBougTPxMB+QiDLUET8qm8Dk1FfxhTZW/mo8RzO
enuPku9p/P2ZC2iyDBbZRZ/+sSb70K53h4h4LTsmbIx0k9cjTnj1O6CtAFgvUbBs
Qw0UlZz8+Dn6mnkwzbYd0rEwXAY6bTLfQ67bDob9ML/ETITjPHGpROSkSmhi4v9y
11RjzjfXmUTKCn1O00OE5+xtMD0V3Qi9eJ/bANdL6IwIAw8=
-----END CERTIFICATE-----