Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/5dfc76-e7eb-4d35-8ad7-7993591113e4/1/uGc5t7k323l4bPrHZfSA3DeJkwQ.roa
File:                     uGc5t7k323l4bPrHZfSA3DeJkwQ.roa (raw, json)
Hash identifier:          52cPW1R4c52wh/nl0QrnbIVetrEdtRu/919p0DoIobU=
Subject key identifier:   B8:67:39:B7:B9:37:DB:79:78:6C:FA:C7:65:F4:80:DC:37:89:93:04
Certificate issuer:       /CN=90fd8aae1b6e159a2fa8f03d7a3188a1e18072a0
Certificate serial:       018CC64AB0CEB1688266AF106A6A9571ADA0
Authority key identifier: 90:FD:8A:AE:1B:6E:15:9A:2F:A8:F0:3D:7A:31:88:A1:E1:80:72:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kP2KrhtuFZovqPA9ejGIoeGAcqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/5dfc76-e7eb-4d35-8ad7-7993591113e4/1/uGc5t7k323l4bPrHZfSA3DeJkwQ.roa
Signing time:             Mon 01 Jan 2024 18:30:32 +0000
ROA not before:           Mon 01 Jan 2024 18:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212073
IP address blocks:        91.209.16.0/24 maxlen: 24
                          2a0f:c444::/32 maxlen: 48
                          2a0f:c440::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/5dfc76-e7eb-4d35-8ad7-7993591113e4/1/kP2KrhtuFZovqPA9ejGIoeGAcqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/5dfc76-e7eb-4d35-8ad7-7993591113e4/1/kP2KrhtuFZovqPA9ejGIoeGAcqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kP2KrhtuFZovqPA9ejGIoeGAcqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:b0:ce:b1:68:82:66:af:10:6a:6a:95:71:ad:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90fd8aae1b6e159a2fa8f03d7a3188a1e18072a0
        Validity
            Not Before: Jan  1 18:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b86739b7b937db79786cfac765f480dc37899304
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:c5:c3:36:d3:1c:cc:6e:67:c7:bd:c3:e4:6c:
                    a6:9b:91:b1:5a:5b:b5:1d:8f:6a:4e:89:38:88:d4:
                    4b:1e:df:1f:03:10:2e:5a:80:36:00:04:0f:4b:6d:
                    8b:a9:f6:64:22:6a:c3:4d:82:af:cc:1e:14:6f:b2:
                    5c:51:6b:44:7d:d1:b9:25:72:26:36:31:d2:24:af:
                    b9:f0:3a:4d:a5:52:92:c3:ea:49:5e:f0:c9:a3:cf:
                    93:3b:01:c8:6b:90:9a:77:b5:3a:c2:cd:7a:ec:d1:
                    45:bd:b9:63:06:44:d9:77:69:ae:36:73:c6:23:0a:
                    17:29:c7:a4:cb:78:82:1a:c7:e5:86:27:51:70:41:
                    f0:3e:b9:d3:3a:43:fe:28:df:07:a5:76:2d:07:ee:
                    16:3d:51:f1:28:b9:09:97:07:6e:2a:38:01:56:a3:
                    7b:ff:37:1c:ca:09:01:50:95:0b:bc:bd:81:01:4d:
                    87:2b:1d:8c:72:b9:a4:6c:0e:ce:ae:a7:41:48:03:
                    7f:c0:c5:80:9f:21:2f:64:83:61:76:32:ce:58:c8:
                    59:7a:f8:d6:99:d3:b4:2a:fc:a1:3a:cb:c8:7d:6f:
                    a0:d6:c2:87:60:81:56:13:9d:a7:ce:3b:14:ed:56:
                    66:05:e9:ff:c7:d8:11:e5:8b:14:46:d8:c0:e9:84:
                    17:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:67:39:B7:B9:37:DB:79:78:6C:FA:C7:65:F4:80:DC:37:89:93:04
            X509v3 Authority Key Identifier:
                keyid:90:FD:8A:AE:1B:6E:15:9A:2F:A8:F0:3D:7A:31:88:A1:E1:80:72:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kP2KrhtuFZovqPA9ejGIoeGAcqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/5dfc76-e7eb-4d35-8ad7-7993591113e4/1/uGc5t7k323l4bPrHZfSA3DeJkwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/5dfc76-e7eb-4d35-8ad7-7993591113e4/1/kP2KrhtuFZovqPA9ejGIoeGAcqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.16.0/24
                IPv6:
                  2a0f:c440::/48
                  2a0f:c444::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:d5:6a:71:f9:3f:93:ef:04:00:6e:fa:30:41:ab:3c:86:27:
         06:ca:65:d3:8d:4f:38:f8:e9:e9:91:f6:2f:60:16:fe:0f:8d:
         46:15:ad:51:9b:7c:ee:be:ff:23:05:5a:f6:8a:ef:cb:99:0a:
         12:f7:24:1c:a7:8a:7c:d2:25:6f:75:9e:0e:16:07:82:58:96:
         1f:69:ff:e8:87:f5:e5:70:6d:a4:fc:28:9e:f0:2b:2e:b7:cb:
         22:7b:82:3c:95:61:62:ca:89:1b:7b:b6:c2:33:e9:19:f3:5f:
         2a:b2:bb:67:87:b4:a2:0c:b3:42:50:79:1e:67:a6:bb:d5:ac:
         0f:27:ff:6a:27:00:ab:fe:d1:a0:57:8c:49:74:94:1d:d9:be:
         31:39:8a:99:ab:2c:0a:5c:41:2d:ab:2b:70:e5:35:5c:11:27:
         03:b8:50:26:eb:08:29:aa:b3:6f:48:56:13:33:97:d6:1a:02:
         b8:c6:9c:02:a8:6b:a9:0d:37:53:db:68:43:97:c2:cb:ee:d5:
         a8:b8:94:47:01:11:3f:e3:e8:a3:3a:96:21:41:ae:59:25:c8:
         68:a5:87:4e:84:04:9c:8d:ba:ac:5d:6d:33:fc:6c:eb:3b:cc:
         71:02:e6:2c:cd:50:03:3a:92:07:20:8a:34:85:6a:86:6a:7b:
         bb:5a:1b:17
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzGSrDOsWiCZq8QamqVca2gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZmQ4YWFlMWI2ZTE1OWEyZmE4ZjAzZDdhMzE4OGExZTE4
MDcyYTAwHhcNMjQwMTAxMTgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODY3MzliN2I5MzdkYjc5Nzg2Y2ZhYzc2NWY0ODBkYzM3ODk5MzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8MXDNtMczG5nx73D5Gymm5GxWlu1
HY9qTok4iNRLHt8fAxAuWoA2AAQPS22LqfZkImrDTYKvzB4Ub7JcUWtEfdG5JXIm
NjHSJK+58DpNpVKSw+pJXvDJo8+TOwHIa5Cad7U6ws167NFFvbljBkTZd2muNnPG
IwoXKceky3iCGsflhidRcEHwPrnTOkP+KN8HpXYtB+4WPVHxKLkJlwduKjgBVqN7
/zccygkBUJULvL2BAU2HKx2McrmkbA7OrqdBSAN/wMWAnyEvZINhdjLOWMhZevjW
mdO0KvyhOsvIfW+g1sKHYIFWE52nzjsU7VZmBen/x9gR5YsURtjA6YQX9wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFLhnObe5N9t5eGz6x2X0gNw3iZMEMB8GA1UdIwQY
MBaAFJD9iq4bbhWaL6jwPXoxiKHhgHKgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1AyS3JodHVGWm92cVBBOWVqR0lvZUdBY3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi81ZGZjNzYtZTdlYi00ZDM1LThhZDct
Nzk5MzU5MTExM2U0LzEvdUdjNXQ3azMyM2w0YlBySFpmU0EzRGVKa3dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi81ZGZjNzYtZTdlYi00ZDM1LThhZDctNzk5MzU5MTExM2U0
LzEva1AyS3JodHVGWm92cVBBOWVqR0lvZUdBY3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQAW9EQMBYE
AgACMBADBwAqD8RAAAADBQAqD8REMA0GCSqGSIb3DQEBCwUAA4IBAQBI1Wpx+T+T
7wQAbvowQas8hicGymXTjU84+OnpkfYvYBb+D41GFa1Rm3zuvv8jBVr2iu/LmQoS
9yQcp4p80iVvdZ4OFgeCWJYfaf/oh/XlcG2k/Cie8Csut8sie4I8lWFiyokbe7bC
M+kZ818qsrtnh7SiDLNCUHkeZ6a71awPJ/9qJwCr/tGgV4xJdJQd2b4xOYqZqywK
XEEtqytw5TVcEScDuFAm6wgpqrNvSFYTM5fWGgK4xpwCqGupDTdT22hDl8LL7tWo
uJRHARE/4+ijOpYhQa5ZJchopYdOhAScjbqsXW0z/GzrO8xxAuYszVADOpIHIIo0
hWqGanu7WhsX
-----END CERTIFICATE-----