Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/mLlcijXItTJuxw5Y1wpsNMxCzs4.roa
File:                     mLlcijXItTJuxw5Y1wpsNMxCzs4.roa (raw, json)
Hash identifier:          WzBDC+Him+otkWOImv8SN31g+hkBSLUUymKwEqrFJ5Q=
Subject key identifier:   98:B9:5C:8A:35:C8:B5:32:6E:C7:0E:58:D7:0A:6C:34:CC:42:CE:CE
Certificate issuer:       /CN=16979d37da016abd13279270ba55d6b3c2960578
Certificate serial:       018CCA2BDA86919AE4A2F76478B79EF21490
Authority key identifier: 16:97:9D:37:DA:01:6A:BD:13:27:92:70:BA:55:D6:B3:C2:96:05:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FpedN9oBar0TJ5JwulXWs8KWBXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/mLlcijXItTJuxw5Y1wpsNMxCzs4.roa
Signing time:             Tue 02 Jan 2024 12:35:20 +0000
ROA not before:           Tue 02 Jan 2024 12:35:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15576
IP address blocks:        91.198.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/FpedN9oBar0TJ5JwulXWs8KWBXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/FpedN9oBar0TJ5JwulXWs8KWBXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FpedN9oBar0TJ5JwulXWs8KWBXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:da:86:91:9a:e4:a2:f7:64:78:b7:9e:f2:14:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16979d37da016abd13279270ba55d6b3c2960578
        Validity
            Not Before: Jan  2 12:35:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98b95c8a35c8b5326ec70e58d70a6c34cc42cece
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:3a:5d:69:a0:80:0a:ba:0e:7a:6e:22:5e:4f:
                    a2:aa:42:d2:35:e6:68:aa:1f:b8:9a:ee:ab:42:90:
                    f9:63:03:8d:28:6d:d9:55:e1:32:66:2e:24:49:91:
                    db:2f:e5:31:b7:bd:bc:d9:f9:72:84:60:a3:3b:0d:
                    1c:c1:82:d1:eb:e9:32:0f:95:7d:2b:5e:9f:87:1c:
                    9c:9a:58:02:10:d9:f5:59:19:1b:fc:88:f1:62:61:
                    c1:98:b4:7f:d3:3a:2b:99:5f:99:12:c4:75:c0:f8:
                    9a:37:c4:da:25:4c:82:09:cc:da:43:31:4e:15:65:
                    d9:86:1d:1b:c7:80:50:30:5a:1e:ee:cc:74:ce:73:
                    1d:07:96:f2:b5:48:58:ed:94:63:57:4e:86:86:18:
                    e2:38:35:92:b3:ee:29:20:ad:6e:ea:4f:65:43:3b:
                    e2:b9:18:6b:5a:fb:9a:39:16:89:c4:11:67:a9:ca:
                    92:dd:22:0e:c2:e4:ae:31:cf:a2:01:e4:78:83:51:
                    ac:f1:15:cc:71:05:7b:8d:30:b3:66:74:6a:d6:f7:
                    b8:d0:a2:41:39:7a:fd:14:ae:17:1a:1f:11:dc:b8:
                    75:eb:72:2e:18:62:1e:55:d8:b7:b9:a4:06:a0:d6:
                    5a:c9:7f:2f:31:fa:52:5c:62:7a:67:e0:d5:41:39:
                    2c:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:B9:5C:8A:35:C8:B5:32:6E:C7:0E:58:D7:0A:6C:34:CC:42:CE:CE
            X509v3 Authority Key Identifier:
                keyid:16:97:9D:37:DA:01:6A:BD:13:27:92:70:BA:55:D6:B3:C2:96:05:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FpedN9oBar0TJ5JwulXWs8KWBXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/mLlcijXItTJuxw5Y1wpsNMxCzs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/FpedN9oBar0TJ5JwulXWs8KWBXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:89:b2:d5:a9:e1:b1:45:ab:4e:9e:ca:6c:dc:70:38:b1:52:
         27:4f:8f:42:b2:9a:0d:d5:ed:7d:47:d0:88:35:7f:28:de:0b:
         6f:94:96:aa:f6:33:88:b3:fb:21:9d:8f:34:b5:be:69:99:ed:
         8f:b2:7b:e0:63:f6:23:1e:40:c3:6d:a1:50:50:da:8d:ae:74:
         83:fd:e1:94:82:10:f0:b0:40:5a:22:25:3f:19:33:ce:41:d9:
         9c:bb:ad:68:e2:c0:80:91:74:c1:09:5f:cd:e8:4f:b1:05:1f:
         74:17:cb:7a:e6:e5:9b:5f:e7:16:12:84:f8:65:d1:c2:b2:3d:
         b6:7b:06:51:a9:87:01:a4:fc:d5:37:73:ac:44:10:5e:0c:c3:
         65:d0:29:e6:05:d9:05:2a:d0:1b:ad:68:4e:53:d5:79:ca:7a:
         f9:06:eb:33:bc:88:1b:7c:68:7a:d3:b3:98:cc:04:19:7f:23:
         12:38:36:cb:6c:12:25:dc:43:9f:db:e0:f1:ae:df:32:48:93:
         67:e2:a6:5c:f6:7e:1f:02:1d:ec:5b:c7:15:f1:a0:f8:e2:ef:
         0e:b8:b8:82:ab:59:25:61:44:55:67:b8:bb:c1:c7:64:7c:b1:
         10:1c:cb:cc:9d:8a:5b:08:dc:05:f2:90:17:86:16:b9:3f:71:
         de:ce:73:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK9qGkZrkovdkeLee8hSQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2OTc5ZDM3ZGEwMTZhYmQxMzI3OTI3MGJhNTVkNmIzYzI5
NjA1NzgwHhcNMjQwMTAyMTIzNTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGI5NWM4YTM1YzhiNTMyNmVjNzBlNThkNzBhNmMzNGNjNDJjZWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDpdaaCACroOem4iXk+iqkLSNeZo
qh+4mu6rQpD5YwONKG3ZVeEyZi4kSZHbL+Uxt7282flyhGCjOw0cwYLR6+kyD5V9
K16fhxycmlgCENn1WRkb/IjxYmHBmLR/0zormV+ZEsR1wPiaN8TaJUyCCczaQzFO
FWXZhh0bx4BQMFoe7sx0znMdB5bytUhY7ZRjV06GhhjiODWSs+4pIK1u6k9lQzvi
uRhrWvuaORaJxBFnqcqS3SIOwuSuMc+iAeR4g1Gs8RXMcQV7jTCzZnRq1ve40KJB
OXr9FK4XGh8R3Lh163IuGGIeVdi3uaQGoNZayX8vMfpSXGJ6Z+DVQTks6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJi5XIo1yLUybscOWNcKbDTMQs7OMB8GA1UdIwQY
MBaAFBaXnTfaAWq9EyeScLpV1rPClgV4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnBlZE45b0JhcjBUSjVKd3VsWFdzOEtXQlhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS85ODI1YTAtMWZkYy00MTYyLTgzNzIt
YjlkYmRjOGI0MzljLzEvbUxsY2lqWEl0VEp1eHc1WTF3cHNOTXhDenM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS85ODI1YTAtMWZkYy00MTYyLTgzNzItYjlkYmRjOGI0Mzlj
LzEvRnBlZE45b0JhcjBUSjVKd3VsWFdzOEtXQlhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8blMA0G
CSqGSIb3DQEBCwUAA4IBAQDJibLVqeGxRatOnsps3HA4sVInT49CspoN1e19R9CI
NX8o3gtvlJaq9jOIs/shnY80tb5pme2PsnvgY/YjHkDDbaFQUNqNrnSD/eGUghDw
sEBaIiU/GTPOQdmcu61o4sCAkXTBCV/N6E+xBR90F8t65uWbX+cWEoT4ZdHCsj22
ewZRqYcBpPzVN3OsRBBeDMNl0CnmBdkFKtAbrWhOU9V5ynr5BuszvIgbfGh607OY
zAQZfyMSODbLbBIl3EOf2+Dxrt8ySJNn4qZc9n4fAh3sW8cV8aD44u8OuLiCq1kl
YURVZ7i7wcdkfLEQHMvMnYpbCNwF8pAXhha5P3HeznNZ
-----END CERTIFICATE-----