Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/UtENKEhEm8aI0Ou7bKpM_GJZgfw.roa
File:                     UtENKEhEm8aI0Ou7bKpM_GJZgfw.roa (raw, json)
Hash identifier:          uJUKEvtya4FeDlxGJPwjMFWIfPRKUsKW7PNJHjdDHAQ=
Subject key identifier:   52:D1:0D:28:48:44:9B:C6:88:D0:EB:BB:6C:AA:4C:FC:62:59:81:FC
Certificate issuer:       /CN=291d83c3f4b877cf7d084cb530c4a9e36fcf7ad0
Certificate serial:       019423D6B6096619A85CEE572FDFAF9E0E07
Authority key identifier: 29:1D:83:C3:F4:B8:77:CF:7D:08:4C:B5:30:C4:A9:E3:6F:CF:7A:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KR2Dw_S4d899CEy1MMSp42_PetA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/UtENKEhEm8aI0Ou7bKpM_GJZgfw.roa
Signing time:             Wed 01 Jan 2025 21:47:41 +0000
ROA not before:           Wed 01 Jan 2025 21:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30367
IP address blocks:        91.213.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/KR2Dw_S4d899CEy1MMSp42_PetA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/KR2Dw_S4d899CEy1MMSp42_PetA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KR2Dw_S4d899CEy1MMSp42_PetA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:b6:09:66:19:a8:5c:ee:57:2f:df:af:9e:0e:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=291d83c3f4b877cf7d084cb530c4a9e36fcf7ad0
        Validity
            Not Before: Jan  1 21:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52d10d2848449bc688d0ebbb6caa4cfc625981fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:f4:d7:69:36:76:36:80:db:db:63:09:76:4d:
                    74:be:92:0e:81:2f:e2:5c:0e:46:fa:d5:bb:5e:79:
                    88:e3:e1:cf:8c:fc:fb:3d:24:5e:a8:b6:bd:fc:14:
                    ed:be:c4:2e:63:ba:90:f9:b3:7c:87:40:01:8c:f4:
                    78:07:6a:20:c3:81:b7:09:ae:e8:dc:2a:d8:60:d0:
                    30:d6:7b:cd:9c:4a:07:72:42:3e:81:3b:b0:88:7a:
                    78:a4:63:ad:df:16:be:e0:3a:15:0f:15:57:50:da:
                    c2:45:d9:f5:c7:79:44:c7:e0:b5:64:ed:18:68:f8:
                    df:8a:dc:1e:31:5d:13:e6:bb:3f:31:9f:6a:29:7a:
                    43:85:b5:e6:15:d0:bd:97:35:c8:a0:90:6c:53:8a:
                    fa:a1:6a:81:7a:1f:7c:18:8d:47:a1:72:30:2e:f2:
                    d9:21:c2:55:d3:d1:30:a3:3f:f3:b6:c6:7a:8f:95:
                    bb:ef:42:d8:cd:cf:ab:38:1f:7f:9f:c2:dc:ca:a5:
                    3b:49:e1:4b:c7:cd:78:73:4e:15:1b:91:32:cd:56:
                    a8:0e:b8:bf:57:c9:eb:81:44:73:70:f3:17:f0:f1:
                    a8:3c:b2:33:3b:3c:b5:51:a0:8c:1b:c2:7d:12:cc:
                    36:cd:cc:bf:0e:b2:57:f2:52:ee:9b:60:f9:4d:08:
                    11:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:D1:0D:28:48:44:9B:C6:88:D0:EB:BB:6C:AA:4C:FC:62:59:81:FC
            X509v3 Authority Key Identifier:
                keyid:29:1D:83:C3:F4:B8:77:CF:7D:08:4C:B5:30:C4:A9:E3:6F:CF:7A:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KR2Dw_S4d899CEy1MMSp42_PetA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/UtENKEhEm8aI0Ou7bKpM_GJZgfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/KR2Dw_S4d899CEy1MMSp42_PetA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:8d:79:35:66:ef:98:5e:e4:99:24:3c:dd:f6:d2:81:70:54:
         22:dc:b3:82:42:18:76:5a:b7:b8:ed:8d:01:ea:11:a9:3d:d6:
         b0:5d:88:b4:0d:bc:d5:75:ab:62:9a:77:22:8b:63:4a:01:58:
         7a:c2:7c:bb:32:f0:6a:ef:b2:9e:0c:c6:fc:78:66:ae:5f:df:
         63:28:0d:ae:e1:43:75:c5:17:f1:7a:d1:fd:c1:9e:97:71:a0:
         38:14:b0:ee:f5:48:f7:bd:e8:ef:02:5c:6a:40:66:be:90:a4:
         b8:8d:66:09:ea:93:c0:ac:3a:66:ca:4d:56:8c:8e:32:fc:f2:
         23:58:c7:85:3e:b5:c6:40:73:19:5c:18:42:44:4d:32:ea:c5:
         a5:4c:b1:cd:fd:34:67:34:60:1c:7c:ea:c6:14:ae:3c:81:6e:
         33:38:14:ff:70:a1:be:ae:f7:dc:24:fe:65:54:e4:fd:57:04:
         29:54:ad:91:9d:e6:10:0a:e4:00:41:02:2f:05:de:d2:ba:39:
         da:b9:e3:27:b4:22:97:7b:13:79:be:6c:b5:4c:a5:f1:49:94:
         5a:30:67:30:0b:61:8f:03:03:aa:c1:b9:ac:5d:0d:ab:ee:66:
         d5:45:49:fd:9d:d5:01:0b:91:dc:8a:7b:12:8b:5e:d4:48:9a:
         00:09:08:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1rYJZhmoXO5XL9+vng4HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MWQ4M2MzZjRiODc3Y2Y3ZDA4NGNiNTMwYzRhOWUzNmZj
ZjdhZDAwHhcNMjUwMTAxMjE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmQxMGQyODQ4NDQ5YmM2ODhkMGViYmI2Y2FhNGNmYzYyNTk4MWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfTXaTZ2NoDb22MJdk10vpIOgS/i
XA5G+tW7XnmI4+HPjPz7PSReqLa9/BTtvsQuY7qQ+bN8h0ABjPR4B2ogw4G3Ca7o
3CrYYNAw1nvNnEoHckI+gTuwiHp4pGOt3xa+4DoVDxVXUNrCRdn1x3lEx+C1ZO0Y
aPjfitweMV0T5rs/MZ9qKXpDhbXmFdC9lzXIoJBsU4r6oWqBeh98GI1HoXIwLvLZ
IcJV09Ewoz/ztsZ6j5W770LYzc+rOB9/n8LcyqU7SeFLx814c04VG5EyzVaoDri/
V8nrgURzcPMX8PGoPLIzOzy1UaCMG8J9Esw2zcy/DrJX8lLum2D5TQgRDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFLRDShIRJvGiNDru2yqTPxiWYH8MB8GA1UdIwQY
MBaAFCkdg8P0uHfPfQhMtTDEqeNvz3rQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1IyRHdfUzRkODk5Q0V5MU1NU3A0Ml9QZXRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS81OTQ1NjktNmYxOC00NjBhLWExOTYt
ZmZjZDQ3NzM0OWZjLzEvVXRFTktFaEVtOGFJME91N2JLcE1fR0paZ2Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS81OTQ1NjktNmYxOC00NjBhLWExOTYtZmZjZDQ3NzM0OWZj
LzEvS1IyRHdfUzRkODk5Q0V5MU1NU3A0Ml9QZXRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9UDMA0G
CSqGSIb3DQEBCwUAA4IBAQAejXk1Zu+YXuSZJDzd9tKBcFQi3LOCQhh2Wre47Y0B
6hGpPdawXYi0DbzVdatimncii2NKAVh6wny7MvBq77KeDMb8eGauX99jKA2u4UN1
xRfxetH9wZ6XcaA4FLDu9Uj3vejvAlxqQGa+kKS4jWYJ6pPArDpmyk1WjI4y/PIj
WMeFPrXGQHMZXBhCRE0y6sWlTLHN/TRnNGAcfOrGFK48gW4zOBT/cKG+rvfcJP5l
VOT9VwQpVK2RneYQCuQAQQIvBd7SujnaueMntCKXexN5vmy1TKXxSZRaMGcwC2GP
AwOqwbmsXQ2r7mbVRUn9ndUBC5HcinsSi17USJoACQgU
-----END CERTIFICATE-----