Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/UIP8m_cdyqeXpZBjIaj-EBRvCcs.roa
File:                     UIP8m_cdyqeXpZBjIaj-EBRvCcs.roa (raw, json)
Hash identifier:          9JtvOJuLfljkI/wgif7C8B5PToTxkaPCh58Vhmc/AAc=
Subject key identifier:   50:83:FC:9B:F7:1D:CA:A7:97:A5:90:63:21:A8:FE:10:14:6F:09:CB
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018FC9EAA07F0CB39E2A08BA5A5530047BF5
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/UIP8m_cdyqeXpZBjIaj-EBRvCcs.roa
Signing time:             Thu 30 May 2024 14:32:27 +0000
ROA not before:           Thu 30 May 2024 14:32:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        91.212.229.0/24 maxlen: 24
                          146.19.188.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c9:ea:a0:7f:0c:b3:9e:2a:08:ba:5a:55:30:04:7b:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: May 30 14:32:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5083fc9bf71dcaa797a5906321a8fe10146f09cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:2d:bd:bd:5e:23:c5:78:ec:e7:b9:48:f3:85:
                    4e:c4:a6:17:fc:83:c0:a1:51:38:72:7c:e6:21:df:
                    0b:02:96:8b:fa:3d:a3:c2:37:dc:47:04:83:77:29:
                    49:25:8b:89:43:76:55:21:e5:9e:ff:50:4f:64:32:
                    17:c3:2a:c2:98:fb:61:ab:89:7d:d2:fc:12:01:fc:
                    2a:46:36:83:0f:ac:f1:70:71:07:fd:dd:57:77:21:
                    a6:0b:de:6d:3c:de:b2:15:aa:c1:37:b8:27:9a:53:
                    8e:13:d4:8b:9c:95:62:8d:a3:b6:a4:52:67:f5:81:
                    e6:c7:52:f4:95:0b:7d:03:74:b6:25:0a:e0:5c:48:
                    19:9d:8a:32:6f:8f:62:32:f9:39:7c:de:6f:2e:ac:
                    05:9b:2c:73:ce:2e:54:4e:fd:b4:ba:dd:7b:62:c8:
                    fd:9c:e2:d1:e8:b9:7e:11:fe:0b:a3:d0:93:9b:78:
                    65:1f:68:00:69:cd:2d:b9:82:39:e8:73:53:f7:4b:
                    87:62:eb:da:9c:48:b8:dc:ea:bb:f8:6f:32:e6:d1:
                    97:ec:5a:9b:61:bb:24:71:d8:93:30:81:ea:7c:29:
                    b8:fe:94:d5:64:91:96:48:63:44:47:30:27:9c:2b:
                    8d:43:b2:34:cb:31:f1:3e:c4:50:31:fb:dc:f7:89:
                    67:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:83:FC:9B:F7:1D:CA:A7:97:A5:90:63:21:A8:FE:10:14:6F:09:CB
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/UIP8m_cdyqeXpZBjIaj-EBRvCcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.229.0/24
                  146.19.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:f7:78:09:e2:8e:ef:40:ff:02:97:4f:55:56:11:02:65:71:
         ab:d5:b5:0c:f1:e3:38:0d:19:d5:28:cc:f7:d3:7c:fc:42:a4:
         d8:51:45:1a:60:82:ce:b7:54:18:28:17:73:dc:02:9a:81:20:
         4c:8c:4b:ee:f7:a2:73:a3:5a:ff:da:97:cf:8c:dc:ca:02:8a:
         d1:d3:59:77:a5:04:db:1b:f4:04:80:04:99:f5:37:8c:25:b3:
         78:09:85:ed:01:e3:04:11:cf:96:26:33:1c:ff:33:93:1f:10:
         89:c2:ed:c6:90:95:23:e2:77:49:ff:65:8f:8a:9f:b6:b0:c8:
         ed:00:96:e1:08:b2:78:8b:92:c5:63:a6:36:bc:26:c6:8a:9a:
         8d:1b:bb:3a:9f:df:5b:f0:d5:20:76:30:6e:85:c4:9c:7c:64:
         25:34:84:e5:14:94:58:4b:5b:44:c3:2f:25:f0:41:07:58:77:
         b2:98:67:ea:fa:15:fc:b6:a5:ea:b7:5e:d3:cc:18:c8:d0:ee:
         28:6a:1b:78:c9:8c:0b:13:23:20:fe:09:4d:87:9e:11:a1:eb:
         b5:56:aa:32:c5:09:36:5c:eb:51:90:d4:a7:78:6c:22:af:1c:
         be:d6:8b:75:c7:6d:3f:28:02:d5:09:44:9c:e0:66:76:02:83:
         ca:5b:1f:a4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY/J6qB/DLOeKgi6WlUwBHv1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwNTMwMTQzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDgzZmM5YmY3MWRjYWE3OTdhNTkwNjMyMWE4ZmUxMDE0NmYwOWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArC29vV4jxXjs57lI84VOxKYX/IPA
oVE4cnzmId8LApaL+j2jwjfcRwSDdylJJYuJQ3ZVIeWe/1BPZDIXwyrCmPthq4l9
0vwSAfwqRjaDD6zxcHEH/d1XdyGmC95tPN6yFarBN7gnmlOOE9SLnJVijaO2pFJn
9YHmx1L0lQt9A3S2JQrgXEgZnYoyb49iMvk5fN5vLqwFmyxzzi5UTv20ut17Ysj9
nOLR6Ll+Ef4Lo9CTm3hlH2gAac0tuYI56HNT90uHYuvanEi43Oq7+G8y5tGX7Fqb
YbskcdiTMIHqfCm4/pTVZJGWSGNERzAnnCuNQ7I0yzHxPsRQMfvc94ln7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFCD/Jv3Hcqnl6WQYyGo/hAUbwnLMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvVUlQOG1fY2R5cWVYcFpCaklhai1FQlJ2Q2NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9TlAwQA
khO8MA0GCSqGSIb3DQEBCwUAA4IBAQB293gJ4o7vQP8Cl09VVhECZXGr1bUM8eM4
DRnVKMz303z8QqTYUUUaYILOt1QYKBdz3AKagSBMjEvu96Jzo1r/2pfPjNzKAorR
01l3pQTbG/QEgASZ9TeMJbN4CYXtAeMEEc+WJjMc/zOTHxCJwu3GkJUj4ndJ/2WP
ip+2sMjtAJbhCLJ4i5LFY6Y2vCbGipqNG7s6n99b8NUgdjBuhcScfGQlNITlFJRY
S1tEwy8l8EEHWHeymGfq+hX8tqXqt17TzBjI0O4oaht4yYwLEyMg/glNh54Roeu1
VqoyxQk2XOtRkNSneGwirxy+1ot1x20/KALVCUSc4GZ2AoPKWx+k
-----END CERTIFICATE-----