Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/6b60ed-0c46-4873-91fe-f5948c716e16/1/UJ4olMWApP7MwaE2AnHAAWvvURE.roa
File:                     UJ4olMWApP7MwaE2AnHAAWvvURE.roa (raw, json)
Hash identifier:          j8yhG+CkxtZBOA9heOK1DNmQYHzy/3/vJayn7f/Unnk=
Subject key identifier:   50:9E:28:94:C5:80:A4:FE:CC:C1:A1:36:02:71:C0:01:6B:EF:51:11
Certificate issuer:       /CN=1adc0093c5af894cf520b5936e30b215090de9f8
Certificate serial:       019424B2B06ED3ED90D75F92542F5AC6A940
Authority key identifier: 1A:DC:00:93:C5:AF:89:4C:F5:20:B5:93:6E:30:B2:15:09:0D:E9:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GtwAk8WviUz1ILWTbjCyFQkN6fg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/6b60ed-0c46-4873-91fe-f5948c716e16/1/UJ4olMWApP7MwaE2AnHAAWvvURE.roa
Signing time:             Thu 02 Jan 2025 01:47:57 +0000
ROA not before:           Thu 02 Jan 2025 01:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62313
IP address blocks:        91.209.240.0/24 maxlen: 24
                          193.22.141.0/24 maxlen: 24
                          212.46.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/6b60ed-0c46-4873-91fe-f5948c716e16/1/GtwAk8WviUz1ILWTbjCyFQkN6fg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/6b60ed-0c46-4873-91fe-f5948c716e16/1/GtwAk8WviUz1ILWTbjCyFQkN6fg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GtwAk8WviUz1ILWTbjCyFQkN6fg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:b0:6e:d3:ed:90:d7:5f:92:54:2f:5a:c6:a9:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1adc0093c5af894cf520b5936e30b215090de9f8
        Validity
            Not Before: Jan  2 01:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=509e2894c580a4feccc1a1360271c0016bef5111
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:fc:ab:da:0a:de:a2:92:e5:4e:18:76:f2:9d:
                    89:bc:00:78:39:84:5c:16:3a:ab:9b:15:b5:be:93:
                    b3:3b:30:7c:3c:5c:2e:86:2f:e3:80:2d:cf:4e:c4:
                    b5:1f:c6:1d:b3:e9:7d:9f:bc:f2:37:f2:c3:c2:c4:
                    c9:3d:92:9f:78:99:34:7d:4c:b8:8c:bb:02:c1:a3:
                    04:2d:a8:a6:86:ba:f2:bc:d4:a0:36:30:b0:dc:21:
                    54:b2:78:0c:ee:8b:13:1b:63:75:a0:31:fb:92:20:
                    1b:b5:af:85:a3:a0:63:c0:06:bf:ab:80:c6:fa:89:
                    d4:7d:84:9b:e6:77:c4:50:3a:e1:cd:36:2e:f2:2b:
                    4b:43:ae:f4:84:30:79:47:3e:49:b0:af:c7:0b:ec:
                    cd:3b:73:c0:64:4c:43:64:77:e2:4a:77:46:32:c8:
                    8c:72:a8:6f:9e:cb:88:01:4a:e4:35:47:be:16:3e:
                    53:ae:47:b7:9b:09:f1:b1:01:9b:3a:80:51:dd:3a:
                    fa:0f:c1:55:d7:47:32:18:ec:c9:f3:40:88:05:6b:
                    7f:ef:78:2c:fd:dc:8b:8d:24:b1:dc:62:81:0a:b1:
                    e3:bf:c2:9e:1e:46:30:16:5f:e0:35:df:a0:4f:4d:
                    b3:9d:74:55:8e:ae:11:2e:b4:f2:ae:26:4c:c6:82:
                    56:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:9E:28:94:C5:80:A4:FE:CC:C1:A1:36:02:71:C0:01:6B:EF:51:11
            X509v3 Authority Key Identifier:
                keyid:1A:DC:00:93:C5:AF:89:4C:F5:20:B5:93:6E:30:B2:15:09:0D:E9:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GtwAk8WviUz1ILWTbjCyFQkN6fg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/6b60ed-0c46-4873-91fe-f5948c716e16/1/UJ4olMWApP7MwaE2AnHAAWvvURE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/6b60ed-0c46-4873-91fe-f5948c716e16/1/GtwAk8WviUz1ILWTbjCyFQkN6fg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.240.0/24
                  193.22.141.0/24
                  212.46.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:32:e5:25:5c:67:e2:f7:5c:80:65:c7:c7:d8:f5:46:13:2f:
         66:9d:a5:68:02:cf:3e:a2:5d:7f:fd:ac:e8:a1:9b:8c:ab:6f:
         08:47:97:8e:18:41:fe:22:0d:93:c9:a0:d7:2e:86:3b:18:11:
         ed:ef:d7:86:e8:3d:c2:a4:46:74:60:35:15:08:d3:17:5e:c9:
         9e:e5:84:33:40:1e:13:c8:f4:11:a6:b7:06:96:7f:ea:bd:76:
         0f:7d:75:4f:f9:d7:c1:01:c1:f1:6b:e9:af:f6:c1:6b:3d:a3:
         19:65:25:4e:8e:e3:7d:d2:39:ad:f8:35:f2:b5:6f:34:5e:d6:
         fa:c9:2c:04:30:2a:99:e6:59:75:c2:36:a9:7a:e8:02:57:a9:
         86:a4:29:24:1f:5f:e6:6a:92:b9:f9:89:29:35:01:b9:97:a9:
         80:ab:7b:f3:db:33:4a:6e:bd:6f:5b:dd:e7:36:c8:61:11:fc:
         5f:45:5b:05:44:02:e6:4c:7c:df:88:af:d8:a1:cb:02:87:9b:
         89:2b:b3:7b:94:7a:4a:12:3a:7e:e3:73:f5:5f:a4:f2:6b:a6:
         77:11:b2:09:62:97:19:d6:6d:92:80:e2:1f:08:b5:6e:6c:be:
         ca:59:ec:c4:1c:78:09:10:bf:d0:ec:ff:d7:43:aa:39:13:c7:
         3d:1b:3b:22
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQksrBu0+2Q11+SVC9axqlAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhZGMwMDkzYzVhZjg5NGNmNTIwYjU5MzZlMzBiMjE1MDkw
ZGU5ZjgwHhcNMjUwMTAyMDE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDllMjg5NGM1ODBhNGZlY2NjMWExMzYwMjcxYzAwMTZiZWY1MTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPyr2greopLlThh28p2JvAB4OYRc
FjqrmxW1vpOzOzB8PFwuhi/jgC3PTsS1H8Yds+l9n7zyN/LDwsTJPZKfeJk0fUy4
jLsCwaMELaimhrryvNSgNjCw3CFUsngM7osTG2N1oDH7kiAbta+Fo6BjwAa/q4DG
+onUfYSb5nfEUDrhzTYu8itLQ670hDB5Rz5JsK/HC+zNO3PAZExDZHfiSndGMsiM
cqhvnsuIAUrkNUe+Fj5Trke3mwnxsQGbOoBR3Tr6D8FV10cyGOzJ80CIBWt/73gs
/dyLjSSx3GKBCrHjv8KeHkYwFl/gNd+gT02znXRVjq4RLrTyriZMxoJWLQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFCeKJTFgKT+zMGhNgJxwAFr71ERMB8GA1UdIwQY
MBaAFBrcAJPFr4lM9SC1k24wshUJDen4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3R3QWs4V3ZpVXoxSUxXVGJqQ3lGUWtONmZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC82YjYwZWQtMGM0Ni00ODczLTkxZmUt
ZjU5NDhjNzE2ZTE2LzEvVUo0b2xNV0FwUDdNd2FFMkFuSEFBV3Z2VVJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC82YjYwZWQtMGM0Ni00ODczLTkxZmUtZjU5NDhjNzE2ZTE2
LzEvR3R3QWs4V3ZpVXoxSUxXVGJqQ3lGUWtONmZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9HwAwQA
wRaNAwQA1C4zMA0GCSqGSIb3DQEBCwUAA4IBAQBDMuUlXGfi91yAZcfH2PVGEy9m
naVoAs8+ol1//azooZuMq28IR5eOGEH+Ig2TyaDXLoY7GBHt79eG6D3CpEZ0YDUV
CNMXXsme5YQzQB4TyPQRprcGln/qvXYPfXVP+dfBAcHxa+mv9sFrPaMZZSVOjuN9
0jmt+DXytW80Xtb6ySwEMCqZ5ll1wjapeugCV6mGpCkkH1/mapK5+YkpNQG5l6mA
q3vz2zNKbr1vW93nNshhEfxfRVsFRALmTHzfiK/YocsCh5uJK7N7lHpKEjp+43P1
X6Tya6Z3EbIJYpcZ1m2SgOIfCLVubL7KWezEHHgJEL/Q7P/XQ6o5E8c9Gzsi
-----END CERTIFICATE-----