Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/abb89f-09b9-44e8-8487-e31c0fdecd27/1/CMlrDDFsYjHx1MPg2lyXpQ3DpFs.roa
File:                     CMlrDDFsYjHx1MPg2lyXpQ3DpFs.roa (raw, json)
Hash identifier:          MsLGIx/t++duqgpMvVk0jo/ApATi4rMLAAgAWe7j6rM=
Subject key identifier:   08:C9:6B:0C:31:6C:62:31:F1:D4:C3:E0:DA:5C:97:A5:0D:C3:A4:5B
Certificate issuer:       /CN=ad39fa7cd1533da975cf399b9acffebfed26a9eb
Certificate serial:       0194258FBB7292B7CF8F9C105E5AB1E080C4
Authority key identifier: AD:39:FA:7C:D1:53:3D:A9:75:CF:39:9B:9A:CF:FE:BF:ED:26:A9:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rTn6fNFTPal1zzmbms_-v-0mqes.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/abb89f-09b9-44e8-8487-e31c0fdecd27/1/CMlrDDFsYjHx1MPg2lyXpQ3DpFs.roa
Signing time:             Thu 02 Jan 2025 05:49:24 +0000
ROA not before:           Thu 02 Jan 2025 05:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59401
IP address blocks:        91.240.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/abb89f-09b9-44e8-8487-e31c0fdecd27/1/rTn6fNFTPal1zzmbms_-v-0mqes.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/abb89f-09b9-44e8-8487-e31c0fdecd27/1/rTn6fNFTPal1zzmbms_-v-0mqes.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rTn6fNFTPal1zzmbms_-v-0mqes.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:bb:72:92:b7:cf:8f:9c:10:5e:5a:b1:e0:80:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad39fa7cd1533da975cf399b9acffebfed26a9eb
        Validity
            Not Before: Jan  2 05:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08c96b0c316c6231f1d4c3e0da5c97a50dc3a45b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:41:25:a9:06:e0:d0:ac:10:e5:02:5f:51:47:
                    c5:d7:32:84:87:16:b1:01:9d:c0:6d:a7:c5:82:3e:
                    23:b0:24:5a:ca:0b:e5:6f:0b:c8:cd:58:ac:3b:e0:
                    cb:7b:e5:b4:2d:d6:05:81:fc:7d:36:56:49:c7:f2:
                    bd:ec:b2:4d:6d:ab:16:1f:39:cd:90:74:23:1e:c5:
                    1d:73:69:3a:82:06:5b:31:19:24:60:4c:b6:ac:ba:
                    59:48:d6:a7:18:46:f3:87:5d:9a:5f:cf:b9:90:6e:
                    86:77:10:fb:dc:39:ea:09:31:60:ed:c9:9f:14:94:
                    3a:fd:a7:5d:78:5c:b8:24:72:72:ef:b1:6b:56:c7:
                    46:e7:b0:a6:f6:67:06:e0:df:bd:3c:30:05:dc:2f:
                    d9:17:5a:fa:99:8d:7d:c7:bc:5d:30:f3:9d:cc:69:
                    d0:54:f8:6b:b2:44:d2:43:1b:13:b8:74:9f:6f:6a:
                    eb:f7:16:b7:e2:04:a0:37:38:36:c8:dd:af:3c:94:
                    b0:8a:28:eb:09:a3:45:8b:c4:3e:fa:b0:b4:04:5a:
                    f2:94:1f:db:18:31:1b:f6:22:9a:0c:a3:51:5e:a2:
                    66:91:43:41:dd:e4:26:ea:48:11:9d:b4:e0:e5:19:
                    7e:9f:6c:61:21:d9:bb:0c:8b:9d:de:71:3c:1c:d5:
                    81:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:C9:6B:0C:31:6C:62:31:F1:D4:C3:E0:DA:5C:97:A5:0D:C3:A4:5B
            X509v3 Authority Key Identifier:
                keyid:AD:39:FA:7C:D1:53:3D:A9:75:CF:39:9B:9A:CF:FE:BF:ED:26:A9:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rTn6fNFTPal1zzmbms_-v-0mqes.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/abb89f-09b9-44e8-8487-e31c0fdecd27/1/CMlrDDFsYjHx1MPg2lyXpQ3DpFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/abb89f-09b9-44e8-8487-e31c0fdecd27/1/rTn6fNFTPal1zzmbms_-v-0mqes.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:ac:8f:14:78:6f:84:63:ec:dd:b8:71:54:18:0c:36:07:c8:
         4f:32:08:ba:1f:c8:f4:b9:19:89:5f:22:1b:45:1f:91:e8:63:
         b5:f7:8c:d1:16:63:75:20:73:ca:2b:0b:dd:ca:74:5a:87:7e:
         dd:5a:4f:9f:d4:e2:cf:55:0e:d3:f6:34:2c:8b:23:ca:10:61:
         00:7a:cc:10:45:9c:b2:20:c8:6b:03:59:df:e1:6b:56:79:23:
         f0:2c:9e:0b:00:a5:a5:d9:eb:71:6e:38:62:8f:21:5f:36:78:
         09:ae:6a:cd:5c:17:57:1c:79:ed:0b:e5:e5:0d:8e:16:ca:67:
         9b:df:3f:44:62:b7:55:70:6e:27:99:4b:9d:99:14:ea:2f:4a:
         40:77:ae:15:57:bf:5e:a3:0d:f1:62:c6:0b:4e:52:c5:ce:d9:
         cc:a6:59:f9:6b:81:f4:83:7a:a5:70:db:2a:90:d5:d8:db:99:
         5e:9b:a1:6b:ff:02:12:b5:96:79:fa:a1:43:b5:9b:48:d5:24:
         b0:f0:f1:6d:b3:5d:5d:5c:91:c7:4b:ce:5b:9d:1e:6f:5a:8d:
         21:34:e5:eb:87:40:cf:22:6b:11:7e:ca:0b:ef:57:3e:6a:df:
         55:c0:18:aa:75:75:41:d8:0f:af:ed:e2:6c:d6:00:61:58:ec:
         46:ed:84:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj7tykrfPj5wQXlqx4IDEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMzlmYTdjZDE1MzNkYTk3NWNmMzk5YjlhY2ZmZWJmZWQy
NmE5ZWIwHhcNMjUwMTAyMDU0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGM5NmIwYzMxNmM2MjMxZjFkNGMzZTBkYTVjOTdhNTBkYzNhNDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEElqQbg0KwQ5QJfUUfF1zKEhxax
AZ3AbafFgj4jsCRaygvlbwvIzVisO+DLe+W0LdYFgfx9NlZJx/K97LJNbasWHznN
kHQjHsUdc2k6ggZbMRkkYEy2rLpZSNanGEbzh12aX8+5kG6GdxD73DnqCTFg7cmf
FJQ6/addeFy4JHJy77FrVsdG57Cm9mcG4N+9PDAF3C/ZF1r6mY19x7xdMPOdzGnQ
VPhrskTSQxsTuHSfb2rr9xa34gSgNzg2yN2vPJSwiijrCaNFi8Q++rC0BFrylB/b
GDEb9iKaDKNRXqJmkUNB3eQm6kgRnbTg5Rl+n2xhIdm7DIud3nE8HNWBtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjJawwxbGIx8dTD4Npcl6UNw6RbMB8GA1UdIwQY
MBaAFK05+nzRUz2pdc85m5rP/r/tJqnrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclRuNmZORlRQYWwxenptYm1zXy12LTBtcWVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9hYmI4OWYtMDliOS00NGU4LTg0ODct
ZTMxYzBmZGVjZDI3LzEvQ01sckRERnNZakh4MU1QZzJseVhwUTNEcEZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9hYmI4OWYtMDliOS00NGU4LTg0ODctZTMxYzBmZGVjZDI3
LzEvclRuNmZORlRQYWwxenptYm1zXy12LTBtcWVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/C8MA0G
CSqGSIb3DQEBCwUAA4IBAQBRrI8UeG+EY+zduHFUGAw2B8hPMgi6H8j0uRmJXyIb
RR+R6GO194zRFmN1IHPKKwvdynRah37dWk+f1OLPVQ7T9jQsiyPKEGEAeswQRZyy
IMhrA1nf4WtWeSPwLJ4LAKWl2etxbjhijyFfNngJrmrNXBdXHHntC+XlDY4Wymeb
3z9EYrdVcG4nmUudmRTqL0pAd64VV79eow3xYsYLTlLFztnMpln5a4H0g3qlcNsq
kNXY25lem6Fr/wIStZZ5+qFDtZtI1SSw8PFts11dXJHHS85bnR5vWo0hNOXrh0DP
ImsRfsoL71c+at9VwBiqdXVB2A+v7eJs1gBhWOxG7YTJ
-----END CERTIFICATE-----