Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/afae7c-6ebf-4543-bc2f-b8c3dd76613e/1/PMFwvTAxfhGKJmrLSIFVTDEuW3I.roa
File:                     PMFwvTAxfhGKJmrLSIFVTDEuW3I.roa (raw, json)
Hash identifier:          HYp8t9eAVcEw+uZrQ21I7eKONuoQGa89OFuwBzm+DCo=
Subject key identifier:   3C:C1:70:BD:30:31:7E:11:8A:26:6A:CB:48:81:55:4C:31:2E:5B:72
Certificate issuer:       /CN=8348cce4fb6d36140eb7d56fed289b3871fc4d74
Certificate serial:       019426D9E40976275912844713C3693F2CC4
Authority key identifier: 83:48:CC:E4:FB:6D:36:14:0E:B7:D5:6F:ED:28:9B:38:71:FC:4D:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g0jM5PttNhQOt9Vv7SibOHH8TXQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/afae7c-6ebf-4543-bc2f-b8c3dd76613e/1/PMFwvTAxfhGKJmrLSIFVTDEuW3I.roa
Signing time:             Thu 02 Jan 2025 11:50:01 +0000
ROA not before:           Thu 02 Jan 2025 11:50:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29104
IP address blocks:        91.213.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/afae7c-6ebf-4543-bc2f-b8c3dd76613e/1/g0jM5PttNhQOt9Vv7SibOHH8TXQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/afae7c-6ebf-4543-bc2f-b8c3dd76613e/1/g0jM5PttNhQOt9Vv7SibOHH8TXQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g0jM5PttNhQOt9Vv7SibOHH8TXQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:e4:09:76:27:59:12:84:47:13:c3:69:3f:2c:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8348cce4fb6d36140eb7d56fed289b3871fc4d74
        Validity
            Not Before: Jan  2 11:50:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3cc170bd30317e118a266acb4881554c312e5b72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:33:d0:a2:9c:82:1e:5c:e4:99:65:31:d0:45:
                    7c:9f:92:a7:2b:de:e2:8a:0f:a9:46:f0:af:e0:5c:
                    24:b5:d4:3a:36:93:bb:7a:af:19:f3:39:13:2e:8e:
                    0c:60:53:6e:08:8c:c7:4c:8b:4e:b5:53:72:4c:db:
                    a7:67:83:2a:a0:36:dd:0b:7f:ea:b4:ea:2d:ad:67:
                    8a:c4:e9:a1:18:5f:27:b4:88:ec:34:cf:94:06:63:
                    ae:fb:28:4f:bd:20:4d:09:5a:6a:da:df:f5:e2:7c:
                    e4:ef:2f:81:93:a5:ad:37:03:b7:79:94:14:e9:66:
                    62:24:f5:02:84:b4:d2:4d:8a:c2:ea:34:ac:32:55:
                    84:86:1e:11:4b:e8:58:4d:61:96:9e:83:c9:12:cd:
                    d3:c6:0c:13:2e:9f:7b:b2:2d:44:db:19:ae:5c:3f:
                    93:83:c2:92:79:36:af:bf:99:c3:c5:a3:56:fa:e5:
                    05:12:f6:62:d5:9a:89:5b:27:37:5c:eb:58:e5:42:
                    aa:21:b0:13:c6:ea:89:cf:15:77:81:fe:97:a0:a1:
                    c4:05:60:cf:7f:39:8f:98:66:f8:60:3a:45:a0:52:
                    bb:a0:1b:25:8a:65:f9:96:c0:e7:26:05:f0:d8:76:
                    f1:0a:94:78:13:63:87:99:4e:5f:fb:8a:2d:ca:28:
                    b1:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:C1:70:BD:30:31:7E:11:8A:26:6A:CB:48:81:55:4C:31:2E:5B:72
            X509v3 Authority Key Identifier:
                keyid:83:48:CC:E4:FB:6D:36:14:0E:B7:D5:6F:ED:28:9B:38:71:FC:4D:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g0jM5PttNhQOt9Vv7SibOHH8TXQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/afae7c-6ebf-4543-bc2f-b8c3dd76613e/1/PMFwvTAxfhGKJmrLSIFVTDEuW3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/afae7c-6ebf-4543-bc2f-b8c3dd76613e/1/g0jM5PttNhQOt9Vv7SibOHH8TXQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:62:da:cb:a5:50:d1:a1:8c:99:43:f2:0b:b3:ef:d0:b7:dd:
         9e:32:29:84:c5:61:cd:47:28:e7:46:11:6b:b0:89:99:2e:ed:
         16:82:6c:14:5e:b6:34:24:58:7e:04:3a:e8:ce:e6:98:1b:c0:
         67:20:30:b7:24:7e:d3:b7:f0:3d:95:d2:80:61:97:82:8e:13:
         dc:a9:f6:22:11:81:34:8a:f0:57:07:c5:a8:11:61:e1:a7:da:
         98:90:d6:9d:c3:1f:8a:ef:3d:0e:ca:d0:8d:a8:d2:4c:7a:02:
         2f:fa:c2:b1:3a:ff:7b:c5:c6:59:13:27:76:a7:4f:63:fb:18:
         d9:af:66:a0:a0:e4:d1:b2:78:1a:f4:ac:db:53:a0:16:8e:cf:
         3a:42:c9:f9:0c:60:76:5f:09:66:fb:ff:7c:be:ff:74:b9:f4:
         05:0b:29:f2:c2:93:cc:4c:7d:4e:57:47:49:7e:cc:bf:d0:e7:
         03:80:20:22:5f:a3:d4:aa:5a:7c:3e:d4:82:e0:02:81:d7:c5:
         f3:2a:c2:30:e1:12:f9:63:69:81:6b:a7:e0:6f:9b:2b:79:65:
         8a:9e:08:88:ab:58:f6:6e:b0:15:a1:38:4c:16:47:a0:c3:b8:
         a2:13:a8:8f:ca:30:62:86:a0:67:ed:ac:78:d4:ab:71:8e:46:
         6f:a0:f2:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2eQJdidZEoRHE8NpPyzEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNDhjY2U0ZmI2ZDM2MTQwZWI3ZDU2ZmVkMjg5YjM4NzFm
YzRkNzQwHhcNMjUwMTAyMTE1MDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2MxNzBiZDMwMzE3ZTExOGEyNjZhY2I0ODgxNTU0YzMxMmU1YjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3zPQopyCHlzkmWUx0EV8n5KnK97i
ig+pRvCv4FwktdQ6NpO7eq8Z8zkTLo4MYFNuCIzHTItOtVNyTNunZ4MqoDbdC3/q
tOotrWeKxOmhGF8ntIjsNM+UBmOu+yhPvSBNCVpq2t/14nzk7y+Bk6WtNwO3eZQU
6WZiJPUChLTSTYrC6jSsMlWEhh4RS+hYTWGWnoPJEs3TxgwTLp97si1E2xmuXD+T
g8KSeTavv5nDxaNW+uUFEvZi1ZqJWyc3XOtY5UKqIbATxuqJzxV3gf6XoKHEBWDP
fzmPmGb4YDpFoFK7oBslimX5lsDnJgXw2HbxCpR4E2OHmU5f+4otyiixrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDzBcL0wMX4RiiZqy0iBVUwxLltyMB8GA1UdIwQY
MBaAFINIzOT7bTYUDrfVb+0omzhx/E10MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzBqTTVQdHROaFFPdDlWdjdTaWJPSEg4VFhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9hZmFlN2MtNmViZi00NTQzLWJjMmYt
YjhjM2RkNzY2MTNlLzEvUE1Gd3ZUQXhmaEdLSm1yTFNJRlZUREV1VzNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9hZmFlN2MtNmViZi00NTQzLWJjMmYtYjhjM2RkNzY2MTNl
LzEvZzBqTTVQdHROaFFPdDlWdjdTaWJPSEg4VFhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9W0MA0G
CSqGSIb3DQEBCwUAA4IBAQCBYtrLpVDRoYyZQ/ILs+/Qt92eMimExWHNRyjnRhFr
sImZLu0WgmwUXrY0JFh+BDrozuaYG8BnIDC3JH7Tt/A9ldKAYZeCjhPcqfYiEYE0
ivBXB8WoEWHhp9qYkNadwx+K7z0OytCNqNJMegIv+sKxOv97xcZZEyd2p09j+xjZ
r2agoOTRsnga9KzbU6AWjs86Qsn5DGB2Xwlm+/98vv90ufQFCynywpPMTH1OV0dJ
fsy/0OcDgCAiX6PUqlp8PtSC4AKB18XzKsIw4RL5Y2mBa6fgb5sreWWKngiIq1j2
brAVoThMFkegw7iiE6iPyjBihqBn7ax41KtxjkZvoPL6
-----END CERTIFICATE-----