Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/6c3d9f-8a4f-4a6c-8579-e92ece4d3cb3/1/mOcRJgQmXj3IsC7NUxzh_dB7lAo.roa
File:                     mOcRJgQmXj3IsC7NUxzh_dB7lAo.roa (raw, json)
Hash identifier:          Ongp2jwFE64IB3buF9wts+3h8h4aIhNnIaBU8GLBY1k=
Subject key identifier:   98:E7:11:26:04:26:5E:3D:C8:B0:2E:CD:53:1C:E1:FD:D0:7B:94:0A
Certificate issuer:       /CN=21a00080cd2cb1bb073903b32b25ad660a366486
Certificate serial:       0192F68283EFEBD03843A85C83A393D0EF58
Authority key identifier: 21:A0:00:80:CD:2C:B1:BB:07:39:03:B3:2B:25:AD:66:0A:36:64:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IaAAgM0ssbsHOQOzKyWtZgo2ZIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/6c3d9f-8a4f-4a6c-8579-e92ece4d3cb3/1/mOcRJgQmXj3IsC7NUxzh_dB7lAo.roa
Signing time:             Mon 04 Nov 2024 09:30:01 +0000
ROA not before:           Mon 04 Nov 2024 09:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51167
IP address blocks:        91.239.43.0/24 maxlen: 24
                          195.191.65.0/24 maxlen: 24
                          213.109.76.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/6c3d9f-8a4f-4a6c-8579-e92ece4d3cb3/1/IaAAgM0ssbsHOQOzKyWtZgo2ZIY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/6c3d9f-8a4f-4a6c-8579-e92ece4d3cb3/1/IaAAgM0ssbsHOQOzKyWtZgo2ZIY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IaAAgM0ssbsHOQOzKyWtZgo2ZIY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f6:82:83:ef:eb:d0:38:43:a8:5c:83:a3:93:d0:ef:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21a00080cd2cb1bb073903b32b25ad660a366486
        Validity
            Not Before: Nov  4 09:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98e7112604265e3dc8b02ecd531ce1fdd07b940a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f5:af:26:c8:02:ae:71:39:b9:37:d8:91:45:
                    bf:38:8e:e0:dd:58:0e:08:e5:5c:76:22:77:37:1e:
                    30:58:0e:1a:94:5b:24:fa:1b:d4:fb:54:37:73:18:
                    b8:02:6e:7f:b6:66:b0:28:09:6c:f7:1f:31:81:85:
                    24:cc:24:e6:2d:a7:d3:7e:99:27:8a:18:8d:c2:ea:
                    54:40:f9:14:4c:46:4a:96:c6:5b:c3:67:06:b8:d4:
                    fd:a7:bc:0c:2f:4d:a4:27:4a:a5:32:c3:5e:5c:d1:
                    ca:a3:6c:db:f2:7c:66:f4:b6:00:59:9d:66:7c:73:
                    95:e4:61:c2:39:e4:7f:1c:09:0b:f8:d6:e9:7f:79:
                    93:a3:d0:73:ef:01:b7:15:53:43:5d:36:1b:c2:bc:
                    40:ee:ce:ab:06:cc:37:1e:02:83:b6:86:03:de:ba:
                    61:f7:ee:ea:91:80:ad:1f:f0:b1:82:45:a7:ac:ae:
                    c5:58:46:4a:41:b6:1a:a4:5c:35:87:25:83:62:db:
                    28:d8:fa:62:08:43:f5:e1:35:3d:f3:ed:b3:90:68:
                    1a:8a:dc:8f:63:da:da:15:e0:45:78:e7:3a:c3:ef:
                    3f:76:56:10:d5:34:3b:f0:2d:14:23:ba:fc:09:63:
                    8e:4c:30:53:1c:00:05:b8:b0:d1:ea:cf:91:49:cb:
                    95:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:E7:11:26:04:26:5E:3D:C8:B0:2E:CD:53:1C:E1:FD:D0:7B:94:0A
            X509v3 Authority Key Identifier:
                keyid:21:A0:00:80:CD:2C:B1:BB:07:39:03:B3:2B:25:AD:66:0A:36:64:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IaAAgM0ssbsHOQOzKyWtZgo2ZIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6c3d9f-8a4f-4a6c-8579-e92ece4d3cb3/1/mOcRJgQmXj3IsC7NUxzh_dB7lAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6c3d9f-8a4f-4a6c-8579-e92ece4d3cb3/1/IaAAgM0ssbsHOQOzKyWtZgo2ZIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.43.0/24
                  195.191.65.0/24
                  213.109.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         79:72:cf:fa:8b:5b:74:2a:f8:75:12:82:a0:39:0d:9e:72:01:
         96:e3:02:15:4c:39:06:d5:19:94:6f:b7:36:77:e4:f7:8e:e4:
         9a:e3:f0:a9:71:61:4c:2f:50:77:d0:f2:6b:ff:68:5e:92:4e:
         99:8a:ff:b6:38:43:d6:06:2e:7c:55:54:cd:26:76:bc:60:bb:
         55:0e:83:82:17:02:0b:75:e0:46:1e:1e:db:28:f7:96:79:78:
         9d:52:fe:c1:29:c9:4c:10:3f:06:f3:03:7d:0f:6c:e7:35:ac:
         c8:65:50:ea:52:cf:8d:16:3a:42:1d:3c:0e:27:17:b2:09:07:
         9b:da:30:ba:de:eb:1e:62:99:b3:af:9f:06:01:b1:7f:fd:d2:
         ab:fd:0f:b2:33:a5:12:fc:e1:98:16:7c:09:31:69:8a:c3:8b:
         ef:aa:d0:24:cd:25:35:f9:3f:66:41:49:4c:95:23:8c:00:ed:
         8b:8f:91:4b:1e:3b:7b:13:d2:7b:e2:fd:ea:65:7a:99:a7:5b:
         7d:28:e7:da:b1:f2:53:73:02:4d:94:a1:f6:1e:40:89:03:d7:
         93:74:df:d0:7a:fa:d1:20:6d:20:e5:f7:7d:bf:9e:db:c0:60:
         d5:6d:fd:9a:68:82:9d:56:db:02:ac:0b:b5:ad:ed:63:16:e6:
         88:f2:d4:fb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZL2goPv69A4Q6hcg6OT0O9YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxYTAwMDgwY2QyY2IxYmIwNzM5MDNiMzJiMjVhZDY2MGEz
NjY0ODYwHhcNMjQxMTA0MDkzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGU3MTEyNjA0MjY1ZTNkYzhiMDJlY2Q1MzFjZTFmZGQwN2I5NDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/WvJsgCrnE5uTfYkUW/OI7g3VgO
COVcdiJ3Nx4wWA4alFsk+hvU+1Q3cxi4Am5/tmawKAls9x8xgYUkzCTmLafTfpkn
ihiNwupUQPkUTEZKlsZbw2cGuNT9p7wML02kJ0qlMsNeXNHKo2zb8nxm9LYAWZ1m
fHOV5GHCOeR/HAkL+Nbpf3mTo9Bz7wG3FVNDXTYbwrxA7s6rBsw3HgKDtoYD3rph
9+7qkYCtH/CxgkWnrK7FWEZKQbYapFw1hyWDYtso2PpiCEP14TU98+2zkGgaityP
Y9raFeBFeOc6w+8/dlYQ1TQ78C0UI7r8CWOOTDBTHAAFuLDR6s+RScuVSwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJjnESYEJl49yLAuzVMc4f3Qe5QKMB8GA1UdIwQY
MBaAFCGgAIDNLLG7BzkDsyslrWYKNmSGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWFBQWdNMHNzYnNIT1FPekt5V3RaZ28yWklZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy82YzNkOWYtOGE0Zi00YTZjLTg1Nzkt
ZTkyZWNlNGQzY2IzLzEvbU9jUkpnUW1YajNJc0M3TlV4emhfZEI3bEFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy82YzNkOWYtOGE0Zi00YTZjLTg1NzktZTkyZWNlNGQzY2Iz
LzEvSWFBQWdNMHNzYnNIT1FPekt5V3RaZ28yWklZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW+8rAwQA
w79BAwQB1W1MMA0GCSqGSIb3DQEBCwUAA4IBAQB5cs/6i1t0Kvh1EoKgOQ2ecgGW
4wIVTDkG1RmUb7c2d+T3juSa4/CpcWFML1B30PJr/2hekk6Ziv+2OEPWBi58VVTN
Jna8YLtVDoOCFwILdeBGHh7bKPeWeXidUv7BKclMED8G8wN9D2znNazIZVDqUs+N
FjpCHTwOJxeyCQeb2jC63useYpmzr58GAbF//dKr/Q+yM6US/OGYFnwJMWmKw4vv
qtAkzSU1+T9mQUlMlSOMAO2Lj5FLHjt7E9J74v3qZXqZp1t9KOfasfJTcwJNlKH2
HkCJA9eTdN/QevrRIG0g5fd9v57bwGDVbf2aaIKdVtsCrAu1re1jFuaI8tT7
-----END CERTIFICATE-----