Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/mFKfVfY0OAabVh2Ny4oI0rTqncw.roa
File:                     mFKfVfY0OAabVh2Ny4oI0rTqncw.roa (raw, json)
Hash identifier:          VJ/2LSbV6iTfDzKsy374+6wj3X5OCWeecSAuHcvE5IA=
Subject key identifier:   98:52:9F:55:F6:34:38:06:9B:56:1D:8D:CB:8A:08:D2:B4:EA:9D:CC
Certificate issuer:       /CN=8c060040ef3a0823aa973f0d0592b1dda808f782
Certificate serial:       018D6A5A411A25FB0357D9E342D8EBC0DF24
Authority key identifier: 8C:06:00:40:EF:3A:08:23:AA:97:3F:0D:05:92:B1:DD:A8:08:F7:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jAYAQO86CCOqlz8NBZKx3agI94I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/mFKfVfY0OAabVh2Ny4oI0rTqncw.roa
Signing time:             Fri 02 Feb 2024 15:05:16 +0000
ROA not before:           Fri 02 Feb 2024 15:05:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49441
IP address blocks:        91.214.113.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/jAYAQO86CCOqlz8NBZKx3agI94I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/jAYAQO86CCOqlz8NBZKx3agI94I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jAYAQO86CCOqlz8NBZKx3agI94I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:6a:5a:41:1a:25:fb:03:57:d9:e3:42:d8:eb:c0:df:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c060040ef3a0823aa973f0d0592b1dda808f782
        Validity
            Not Before: Feb  2 15:05:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98529f55f63438069b561d8dcb8a08d2b4ea9dcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f5:65:cc:32:b4:2e:95:5e:f9:4a:40:7f:6d:
                    79:a4:0d:e7:4a:23:2d:7b:64:41:15:26:5d:51:25:
                    a1:39:43:c0:7a:8c:bd:4d:05:b2:94:24:47:97:19:
                    f5:15:26:8f:6b:8a:93:f8:58:14:6a:c4:7d:9b:d2:
                    f7:e4:32:23:f3:ec:cd:3a:f1:81:74:1b:89:54:37:
                    49:5a:af:92:e7:90:5e:1d:93:48:bb:a3:e5:81:39:
                    da:60:92:ef:c7:5b:4a:5e:18:b4:62:e7:2e:e1:f9:
                    66:09:f2:12:78:f1:d6:0f:1e:af:47:62:e5:51:91:
                    83:70:de:24:cd:3c:26:38:c9:6a:99:47:76:f1:1d:
                    ab:13:60:ee:f3:8b:39:88:8d:cb:0a:cd:6f:ca:d7:
                    31:c1:a7:a3:c2:fa:90:6c:df:90:5b:64:45:c6:bb:
                    55:df:50:67:af:93:53:ec:98:5c:21:e8:44:5e:b3:
                    83:a0:5b:68:ce:c2:56:ee:8e:4b:3f:90:f4:6c:f4:
                    da:e1:fc:93:f6:d3:ba:db:42:8c:84:9c:16:7f:69:
                    44:c7:10:c0:9a:b9:ba:e1:cc:58:45:e9:e5:eb:5e:
                    29:73:36:a6:ea:56:05:85:7f:c3:cb:00:98:74:bc:
                    15:da:3d:f7:a1:85:94:3e:1a:40:13:e7:5f:c6:63:
                    bd:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:52:9F:55:F6:34:38:06:9B:56:1D:8D:CB:8A:08:D2:B4:EA:9D:CC
            X509v3 Authority Key Identifier:
                keyid:8C:06:00:40:EF:3A:08:23:AA:97:3F:0D:05:92:B1:DD:A8:08:F7:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jAYAQO86CCOqlz8NBZKx3agI94I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/mFKfVfY0OAabVh2Ny4oI0rTqncw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/jAYAQO86CCOqlz8NBZKx3agI94I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:08:4e:de:e7:63:b5:04:8e:25:97:1c:ca:b3:e0:c6:be:db:
         5c:5d:64:87:53:65:02:fd:c9:7d:ed:51:27:76:fe:12:3e:bb:
         c8:dd:7e:e5:e1:1f:97:16:b6:f2:4b:60:ac:59:60:df:ef:02:
         d1:bd:d5:59:24:59:ee:91:c4:ec:b9:d5:76:6f:51:ea:e0:8d:
         19:cc:c5:73:6f:47:ec:89:07:12:26:04:bc:1f:01:3f:06:39:
         cb:e4:a7:7c:a5:40:83:93:df:e1:de:11:45:c5:ee:6d:b8:a2:
         4c:bd:60:f1:d6:37:8c:61:ce:0e:22:1c:bc:0b:a4:e8:b7:ba:
         a7:8a:d3:4d:fb:8d:db:42:d0:92:ca:e6:e7:47:3b:9e:7b:ed:
         ce:c0:57:9b:ad:b0:53:c3:8a:cb:2f:5b:58:0a:58:65:f5:43:
         23:04:a4:71:35:38:dd:f7:c3:32:36:d6:bc:50:1a:7c:39:e4:
         46:d1:9b:c2:7b:d3:47:7c:62:7e:da:1b:88:db:68:48:21:ac:
         f8:f4:82:5d:92:f7:5d:f6:df:8b:b8:db:14:13:52:61:18:44:
         05:4d:41:54:af:3a:9e:b0:d7:55:4a:5e:9b:1d:4c:50:e2:b7:
         97:9d:05:54:38:04:7c:8c:23:64:ef:2d:51:00:fe:c4:83:9a:
         3e:a8:06:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1qWkEaJfsDV9njQtjrwN8kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMDYwMDQwZWYzYTA4MjNhYTk3M2YwZDA1OTJiMWRkYTgw
OGY3ODIwHhcNMjQwMjAyMTUwNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODUyOWY1NWY2MzQzODA2OWI1NjFkOGRjYjhhMDhkMmI0ZWE5ZGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfVlzDK0LpVe+UpAf215pA3nSiMt
e2RBFSZdUSWhOUPAeoy9TQWylCRHlxn1FSaPa4qT+FgUasR9m9L35DIj8+zNOvGB
dBuJVDdJWq+S55BeHZNIu6PlgTnaYJLvx1tKXhi0Yucu4flmCfISePHWDx6vR2Ll
UZGDcN4kzTwmOMlqmUd28R2rE2Du84s5iI3LCs1vytcxwaejwvqQbN+QW2RFxrtV
31Bnr5NT7JhcIehEXrODoFtozsJW7o5LP5D0bPTa4fyT9tO620KMhJwWf2lExxDA
mrm64cxYRenl614pczam6lYFhX/DywCYdLwV2j33oYWUPhpAE+dfxmO9BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJhSn1X2NDgGm1YdjcuKCNK06p3MMB8GA1UdIwQY
MBaAFIwGAEDvOggjqpc/DQWSsd2oCPeCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakFZQVFPODZDQ09xbHo4TkJaS3gzYWdJOTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9lNzU0OWUtNWIyNS00MjAwLTg4Yjkt
NGU0YTM1ZGQzNjc3LzEvbUZLZlZmWTBPQWFiVmgyTnk0b0kwclRxbmN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9lNzU0OWUtNWIyNS00MjAwLTg4YjktNGU0YTM1ZGQzNjc3
LzEvakFZQVFPODZDQ09xbHo4TkJaS3gzYWdJOTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9ZxMA0G
CSqGSIb3DQEBCwUAA4IBAQCUCE7e52O1BI4llxzKs+DGvttcXWSHU2UC/cl97VEn
dv4SPrvI3X7l4R+XFrbyS2CsWWDf7wLRvdVZJFnukcTsudV2b1Hq4I0ZzMVzb0fs
iQcSJgS8HwE/BjnL5Kd8pUCDk9/h3hFFxe5tuKJMvWDx1jeMYc4OIhy8C6Tot7qn
itNN+43bQtCSyubnRzuee+3OwFebrbBTw4rLL1tYClhl9UMjBKRxNTjd98MyNta8
UBp8OeRG0ZvCe9NHfGJ+2huI22hIIaz49IJdkvdd9t+LuNsUE1JhGEQFTUFUrzqe
sNdVSl6bHUxQ4reXnQVUOAR8jCNk7y1RAP7Eg5o+qAbo
-----END CERTIFICATE-----