Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/mkE0rfBz9XK1VAIoApt7LXJKNDE.roa
File:                     mkE0rfBz9XK1VAIoApt7LXJKNDE.roa (raw, json)
Hash identifier:          Xre+OBBlG8debUYJtnMWBCRl/O0gB4VgCPVdhkg/XqA=
Subject key identifier:   9A:41:34:AD:F0:73:F5:72:B5:54:02:28:02:9B:7B:2D:72:4A:34:31
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       019427B67CB38BACD4367B6A523A0BA66A42
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/mkE0rfBz9XK1VAIoApt7LXJKNDE.roa
Signing time:             Thu 02 Jan 2025 15:50:58 +0000
ROA not before:           Thu 02 Jan 2025 15:50:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49617
IP address blocks:        91.215.60.0/23 maxlen: 23
                          91.236.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:7c:b3:8b:ac:d4:36:7b:6a:52:3a:0b:a6:6a:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jan  2 15:50:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a4134adf073f572b5540228029b7b2d724a3431
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:fe:b4:d7:a2:e5:79:9a:b6:86:a2:27:16:d1:
                    62:48:95:51:4d:c8:02:cb:2b:85:b2:c7:a2:d7:f9:
                    67:c0:37:97:69:21:ef:62:15:8f:a3:98:18:9c:56:
                    39:cc:8c:e8:3d:c4:79:31:85:65:40:fc:3f:28:a6:
                    0a:27:a6:11:47:e7:f7:79:80:34:cd:be:eb:74:6f:
                    06:96:0f:e9:a6:62:79:c0:de:a3:c8:bd:8a:1c:60:
                    b0:07:f6:a4:ce:7a:4c:f6:13:06:20:ee:40:a6:89:
                    1a:20:59:8d:61:72:ce:b0:c2:45:ba:93:03:c6:a2:
                    2e:85:4b:c6:bf:f5:41:7d:7d:2a:cc:28:1f:23:22:
                    68:66:06:45:2a:97:3e:09:70:51:c5:45:a3:48:1a:
                    4d:40:8d:d5:af:ab:19:b2:19:13:a3:be:80:43:f9:
                    65:b6:98:cf:e4:cb:32:dd:9b:ec:ed:b3:33:01:b9:
                    d3:9f:16:1a:5c:a1:17:4d:0e:5c:59:bb:de:6e:62:
                    fb:0e:90:25:ad:48:f7:35:64:69:8e:45:a8:24:36:
                    2e:2e:5b:db:f6:86:96:21:4a:be:df:3b:ed:3d:b0:
                    e2:9d:d8:ab:8a:c8:65:e5:0d:0a:5b:e6:9b:17:82:
                    15:cc:1b:1f:6f:26:5c:89:9a:ce:ff:ee:9b:75:72:
                    3e:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:41:34:AD:F0:73:F5:72:B5:54:02:28:02:9B:7B:2D:72:4A:34:31
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/mkE0rfBz9XK1VAIoApt7LXJKNDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.60.0/23
                  91.236.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:73:51:11:70:b9:5d:d1:8c:e6:4b:c9:2e:fd:fe:b8:23:6e:
         2f:07:0c:83:32:3d:68:e3:13:d2:c4:e0:5e:03:dc:ab:41:ee:
         93:e4:db:8a:74:73:f2:6d:54:b1:9a:ce:94:b8:c4:63:86:ff:
         3b:8c:2b:d1:3e:79:dd:88:5a:d4:49:16:6f:35:61:a7:65:cb:
         f2:3e:36:ee:dc:40:a1:35:63:0d:12:b6:ff:c8:ab:ac:89:4e:
         2f:3c:72:e2:d4:4d:c9:8a:6f:0c:c6:c7:97:5f:e0:72:a1:41:
         25:2a:eb:ee:d6:05:f1:67:54:b9:3c:c7:6b:3b:1b:0a:22:d7:
         19:10:ce:f6:f9:5e:1c:df:43:40:50:f9:12:c4:85:bd:c2:66:
         52:7f:d2:09:96:6e:3e:85:84:71:34:e8:24:8b:72:a6:9e:d9:
         b7:1b:3f:b4:af:96:db:eb:d1:b9:a8:5e:db:dd:12:a0:7a:1b:
         0d:0d:1a:83:22:3b:d6:01:9b:d6:e5:d9:00:45:38:5c:a8:ec:
         27:9c:11:b8:a4:38:70:82:07:bc:5e:24:2c:81:06:f9:63:be:
         eb:bd:97:9d:ca:1f:19:79:4b:09:84:fd:6f:46:e5:d6:c5:e7:
         a7:47:af:6a:ce:ad:fe:8f:a0:cd:dd:d1:c3:88:d4:bc:5d:0e:
         02:67:67:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntnyzi6zUNntqUjoLpmpCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjUwMTAyMTU1MDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTQxMzRhZGYwNzNmNTcyYjU1NDAyMjgwMjliN2IyZDcyNGEzNDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjv6016LleZq2hqInFtFiSJVRTcgC
yyuFssei1/lnwDeXaSHvYhWPo5gYnFY5zIzoPcR5MYVlQPw/KKYKJ6YRR+f3eYA0
zb7rdG8Glg/ppmJ5wN6jyL2KHGCwB/akznpM9hMGIO5ApokaIFmNYXLOsMJFupMD
xqIuhUvGv/VBfX0qzCgfIyJoZgZFKpc+CXBRxUWjSBpNQI3Vr6sZshkTo76AQ/ll
tpjP5Msy3Zvs7bMzAbnTnxYaXKEXTQ5cWbvebmL7DpAlrUj3NWRpjkWoJDYuLlvb
9oaWIUq+3zvtPbDindirishl5Q0KW+abF4IVzBsfbyZciZrO/+6bdXI+cQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJpBNK3wc/VytVQCKAKbey1ySjQxMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvbWtFMHJmQno5WEsxVkFJb0FwdDdMWEpLTkRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW9c8AwQA
W+yGMA0GCSqGSIb3DQEBCwUAA4IBAQBxc1ERcLld0YzmS8ku/f64I24vBwyDMj1o
4xPSxOBeA9yrQe6T5NuKdHPybVSxms6UuMRjhv87jCvRPnndiFrUSRZvNWGnZcvy
Pjbu3EChNWMNErb/yKusiU4vPHLi1E3Jim8MxseXX+ByoUElKuvu1gXxZ1S5PMdr
OxsKItcZEM72+V4c30NAUPkSxIW9wmZSf9IJlm4+hYRxNOgki3Kmntm3Gz+0r5bb
69G5qF7b3RKgehsNDRqDIjvWAZvW5dkARThcqOwnnBG4pDhwgge8XiQsgQb5Y77r
vZedyh8ZeUsJhP1vRuXWxeenR69qzq3+j6DN3dHDiNS8XQ4CZ2dJ
-----END CERTIFICATE-----