Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/mHeU-YQSqYOTR2-ukosoLMKrPn4.roa
File:                     mHeU-YQSqYOTR2-ukosoLMKrPn4.roa (raw, json)
Hash identifier:          0lmbtXmEnnebMAeaVgNMOeG8Kwd0nVx+rXxNttyiWwE=
Subject key identifier:   98:77:94:F9:84:12:A9:83:93:47:6F:AE:92:8B:28:2C:C2:AB:3E:7E
Certificate issuer:       /CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
Certificate serial:       018CC425335B39C26B9D8556477DE7E08BB6
Authority key identifier: D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/mHeU-YQSqYOTR2-ukosoLMKrPn4.roa
Signing time:             Mon 01 Jan 2024 08:30:21 +0000
ROA not before:           Mon 01 Jan 2024 08:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50311
IP address blocks:        91.220.131.0/24 maxlen: 24
                          2a04:3e00:1000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:33:5b:39:c2:6b:9d:85:56:47:7d:e7:e0:8b:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
        Validity
            Not Before: Jan  1 08:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=987794f98412a98393476fae928b282cc2ab3e7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:30:a0:6c:e6:b8:4c:72:11:f7:de:06:4e:a4:
                    b3:59:24:6d:65:8f:42:05:d7:cc:76:22:5d:0c:bb:
                    0b:bb:1d:cc:1c:21:5c:95:54:5b:0b:13:4f:37:bf:
                    64:14:57:7c:80:35:6d:fd:de:2c:b6:4d:5c:30:ab:
                    ec:4f:0d:47:41:5f:32:0b:66:01:2c:8e:98:e2:99:
                    dc:a5:ae:68:54:79:87:49:58:6b:b5:15:a4:1b:14:
                    3d:21:c1:dd:bf:b3:09:cf:b3:5d:c6:d6:3c:43:4c:
                    2a:19:a2:07:f7:de:3c:d3:e6:59:03:75:31:a5:bf:
                    37:f0:e5:c4:45:0f:a4:70:40:f6:3d:a1:ce:b5:1d:
                    a4:24:83:86:7a:e5:29:cb:a8:ce:07:77:29:04:96:
                    d5:a6:69:58:de:30:e8:14:e0:c0:91:1a:22:8a:f9:
                    4a:a6:d8:e3:b3:72:fc:ef:9a:2a:59:f0:f0:84:f2:
                    b5:2c:6f:c3:4d:c5:4d:2c:d2:ca:f4:4f:fc:07:d4:
                    00:6d:61:09:8b:66:68:29:90:4d:cc:2e:c1:26:e1:
                    24:3c:b8:6a:a2:a2:47:f9:3b:09:62:20:33:e5:e8:
                    5b:1f:64:5d:f2:33:7b:44:0d:fe:43:01:b0:30:b3:
                    68:2f:57:33:49:6e:ce:df:5d:14:41:1e:43:b2:dd:
                    33:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:77:94:F9:84:12:A9:83:93:47:6F:AE:92:8B:28:2C:C2:AB:3E:7E
            X509v3 Authority Key Identifier:
                keyid:D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/mHeU-YQSqYOTR2-ukosoLMKrPn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.131.0/24
                IPv6:
                  2a04:3e00:1000::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:6e:eb:ed:71:aa:05:10:39:03:36:80:6b:38:93:50:5f:5e:
         c7:84:78:d4:7c:19:75:93:5a:3e:89:0e:3b:64:b6:d5:89:57:
         9e:2a:f6:9b:83:6f:30:00:6b:cf:f6:e3:f1:08:0c:ca:ba:04:
         8a:a3:ab:12:a4:92:a4:c2:e2:83:03:10:bf:c5:a2:ff:5e:a9:
         e8:37:63:1e:4c:53:27:20:ce:37:3a:9a:24:4f:7c:1e:99:28:
         33:75:7e:5c:05:6a:d6:a9:52:97:bb:af:50:c6:35:e0:88:76:
         cd:ca:d1:ca:79:30:e9:20:bc:bd:8b:a1:0c:e4:79:00:b9:02:
         32:a6:47:51:18:d1:33:ef:3e:55:4d:cd:08:af:41:1b:f5:e4:
         86:b8:c5:81:b0:99:c4:51:73:a8:52:ef:69:eb:dc:7d:b3:d4:
         8d:86:6f:f0:d7:21:29:36:1a:ff:14:96:dd:20:50:7d:17:37:
         f6:72:d2:cf:a0:c6:9a:d0:c2:ad:10:8a:4f:56:fc:0e:89:11:
         99:f8:e7:36:87:4a:18:27:ed:a1:79:da:87:6c:9c:b2:c0:0c:
         90:19:40:51:1a:86:6f:24:40:57:2e:12:00:e3:b6:b8:78:9e:
         e7:b0:8b:ca:93:b6:c7:87:96:8d:3b:00:ad:b2:0f:3e:f1:ec:
         93:59:8e:a6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJTNbOcJrnYVWR33n4Iu2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNjAwY2JhZmQyNmZlZTUwNjRmYzg5ZjMwMWRmYzhlM2Mx
ZDNjYTUwHhcNMjQwMTAxMDgzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODc3OTRmOTg0MTJhOTgzOTM0NzZmYWU5MjhiMjgyY2MyYWIzZTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDCgbOa4THIR994GTqSzWSRtZY9C
BdfMdiJdDLsLux3MHCFclVRbCxNPN79kFFd8gDVt/d4stk1cMKvsTw1HQV8yC2YB
LI6Y4pncpa5oVHmHSVhrtRWkGxQ9IcHdv7MJz7NdxtY8Q0wqGaIH99480+ZZA3Ux
pb838OXERQ+kcED2PaHOtR2kJIOGeuUpy6jOB3cpBJbVpmlY3jDoFODAkRoiivlK
ptjjs3L875oqWfDwhPK1LG/DTcVNLNLK9E/8B9QAbWEJi2ZoKZBNzC7BJuEkPLhq
oqJH+TsJYiAz5ehbH2Rd8jN7RA3+QwGwMLNoL1czSW7O310UQR5Dst0zOQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJh3lPmEEqmDk0dvrpKLKCzCqz5+MB8GA1UdIwQY
MBaAFNNgDLr9Jv7lBk/InzAd/I48HTylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmIt
MWM2ODBhZGY3YTI2LzEvbUhlVS1ZUVNxWU9UUjItdWtvc29MTUtyUG40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmItMWM2ODBhZGY3YTI2
LzEvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9yDMA8E
AgACMAkDBwAqBD4AEAAwDQYJKoZIhvcNAQELBQADggEBAKBu6+1xqgUQOQM2gGs4
k1BfXseEeNR8GXWTWj6JDjtkttWJV54q9puDbzAAa8/24/EIDMq6BIqjqxKkkqTC
4oMDEL/Fov9eqeg3Yx5MUycgzjc6miRPfB6ZKDN1flwFatapUpe7r1DGNeCIds3K
0cp5MOkgvL2LoQzkeQC5AjKmR1EY0TPvPlVNzQivQRv15Ia4xYGwmcRRc6hS72nr
3H2z1I2Gb/DXISk2Gv8Ult0gUH0XN/Zy0s+gxprQwq0Qik9W/A6JEZn45zaHShgn
7aF52odsnLLADJAZQFEahm8kQFcuEgDjtrh4nuewi8qTtseHlo07AK2yDz7x7JNZ
jqY=
-----END CERTIFICATE-----