Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/UQWiGVcgQBfpwcuKo7fbJa4RaEE.roa
File:                     UQWiGVcgQBfpwcuKo7fbJa4RaEE.roa (raw, json)
Hash identifier:          ZgT0t6kUhUht6heJI0SpC59LD5/+nffxYQMEyobuM6Y=
Subject key identifier:   51:05:A2:19:57:20:40:17:E9:C1:CB:8A:A3:B7:DB:25:AE:11:68:41
Certificate issuer:       /CN=1d87f30274951cadfb5b737e1333c73d64b04256
Certificate serial:       01941FFA9AB4C24391A4C35701F4E3D823AC
Authority key identifier: 1D:87:F3:02:74:95:1C:AD:FB:5B:73:7E:13:33:C7:3D:64:B0:42:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HYfzAnSVHK37W3N-EzPHPWSwQlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/UQWiGVcgQBfpwcuKo7fbJa4RaEE.roa
Signing time:             Wed 01 Jan 2025 03:48:24 +0000
ROA not before:           Wed 01 Jan 2025 03:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6696
IP address blocks:        91.220.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/HYfzAnSVHK37W3N-EzPHPWSwQlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/HYfzAnSVHK37W3N-EzPHPWSwQlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HYfzAnSVHK37W3N-EzPHPWSwQlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:9a:b4:c2:43:91:a4:c3:57:01:f4:e3:d8:23:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d87f30274951cadfb5b737e1333c73d64b04256
        Validity
            Not Before: Jan  1 03:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5105a21957204017e9c1cb8aa3b7db25ae116841
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d6:96:5c:fa:2b:cd:07:97:ed:0e:4c:6d:f2:
                    5b:76:17:97:fd:6a:51:2c:bc:03:ef:8d:6c:c6:a5:
                    ab:57:8d:72:9b:ca:f7:ac:b8:3f:12:47:2c:77:50:
                    41:33:28:9b:77:20:b4:59:2f:3c:c0:cb:2f:bb:f3:
                    89:85:99:48:d8:ef:f2:7b:88:9c:a2:42:9a:13:69:
                    62:08:dc:05:e9:54:40:09:cb:9f:f3:f1:97:72:28:
                    88:d5:e0:b0:48:c0:1a:3d:31:2b:f5:0e:5d:6b:48:
                    47:26:7f:72:0c:f8:36:58:da:fd:8c:02:90:c6:11:
                    a9:72:bc:6b:e8:1b:71:98:30:7a:7c:c2:e6:e1:61:
                    d8:37:fc:6c:e4:d3:2d:b1:42:c8:ad:4e:19:a7:a4:
                    c0:84:89:50:f6:2d:2c:78:0e:e1:64:bd:c5:10:c7:
                    30:51:dc:11:97:cf:9a:0b:6a:b4:15:cc:ea:82:73:
                    aa:ce:c8:7f:7f:ad:c6:d9:91:f5:41:ad:8c:64:2e:
                    0f:9f:5e:72:c7:8c:e3:c9:eb:18:b4:41:1e:b8:0f:
                    16:38:48:e2:16:fa:83:9b:04:cc:8a:88:46:27:ac:
                    b5:e0:f6:4b:8d:cb:97:2c:51:41:c7:ed:67:9e:cf:
                    85:b1:76:b4:fb:8c:27:12:ea:fa:b8:f7:d4:96:8c:
                    6b:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:05:A2:19:57:20:40:17:E9:C1:CB:8A:A3:B7:DB:25:AE:11:68:41
            X509v3 Authority Key Identifier:
                keyid:1D:87:F3:02:74:95:1C:AD:FB:5B:73:7E:13:33:C7:3D:64:B0:42:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HYfzAnSVHK37W3N-EzPHPWSwQlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/UQWiGVcgQBfpwcuKo7fbJa4RaEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/2485f5-df3e-4dba-810e-fe440111d807/1/HYfzAnSVHK37W3N-EzPHPWSwQlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:5f:68:41:d9:29:2e:b5:61:a8:7e:a1:9f:7c:c9:76:1d:c0:
         2c:2d:17:1d:aa:0a:c0:19:15:fa:9e:5f:cd:b4:6a:39:8d:cc:
         27:39:be:25:27:bf:db:26:d4:98:fc:18:89:b5:f1:bf:a9:79:
         65:ed:58:d4:93:a6:ea:8e:b4:4c:a7:6c:b7:70:07:e3:3c:08:
         2e:3f:1f:7e:b6:c7:d8:81:e0:a0:0d:96:94:b9:27:7e:47:28:
         47:f1:3c:3a:69:d1:f4:00:b5:eb:f8:29:95:a7:dd:05:78:98:
         7f:76:fc:e4:3f:1b:5c:b6:63:de:32:9d:32:fb:d1:c3:0a:db:
         32:ca:92:83:74:79:3a:b5:2d:07:e2:54:32:84:f6:33:e5:ff:
         aa:5a:ce:e8:f1:9f:e9:00:6a:59:4a:64:7e:65:07:4d:a5:dc:
         91:f4:4b:71:cb:fb:67:bd:e2:f0:34:c3:e3:bc:01:78:05:42:
         4a:22:b0:61:e3:df:2e:f1:85:8e:cf:f5:af:62:0c:05:1c:b5:
         50:ea:dc:07:da:9b:9c:51:8c:20:33:1f:33:ce:c3:33:d7:f4:
         f0:0a:45:0c:45:f6:a3:35:47:d1:c5:c9:a2:40:ac:6f:48:d9:
         f5:5c:ef:bb:a5:6a:e7:82:f5:22:ee:ef:a9:52:4f:28:8c:6d:
         b1:a2:84:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+pq0wkORpMNXAfTj2COsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkODdmMzAyNzQ5NTFjYWRmYjViNzM3ZTEzMzNjNzNkNjRi
MDQyNTYwHhcNMjUwMTAxMDM0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTA1YTIxOTU3MjA0MDE3ZTljMWNiOGFhM2I3ZGIyNWFlMTE2ODQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNaWXPorzQeX7Q5MbfJbdheX/WpR
LLwD741sxqWrV41ym8r3rLg/Ekcsd1BBMyibdyC0WS88wMsvu/OJhZlI2O/ye4ic
okKaE2liCNwF6VRACcuf8/GXciiI1eCwSMAaPTEr9Q5da0hHJn9yDPg2WNr9jAKQ
xhGpcrxr6BtxmDB6fMLm4WHYN/xs5NMtsULIrU4Zp6TAhIlQ9i0seA7hZL3FEMcw
UdwRl8+aC2q0FczqgnOqzsh/f63G2ZH1Qa2MZC4Pn15yx4zjyesYtEEeuA8WOEji
FvqDmwTMiohGJ6y14PZLjcuXLFFBx+1nns+FsXa0+4wnEur6uPfUloxrJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEFohlXIEAX6cHLiqO32yWuEWhBMB8GA1UdIwQY
MBaAFB2H8wJ0lRyt+1tzfhMzxz1ksEJWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFlmekFuU1ZISzM3VzNOLUV6UEhQV1N3UWxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS8yNDg1ZjUtZGYzZS00ZGJhLTgxMGUt
ZmU0NDAxMTFkODA3LzEvVVFXaUdWY2dRQmZwd2N1S283ZmJKYTRSYUVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS8yNDg1ZjUtZGYzZS00ZGJhLTgxMGUtZmU0NDAxMTFkODA3
LzEvSFlmekFuU1ZISzM3VzNOLUV6UEhQV1N3UWxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9xvMA0G
CSqGSIb3DQEBCwUAA4IBAQCSX2hB2SkutWGofqGffMl2HcAsLRcdqgrAGRX6nl/N
tGo5jcwnOb4lJ7/bJtSY/BiJtfG/qXll7VjUk6bqjrRMp2y3cAfjPAguPx9+tsfY
geCgDZaUuSd+RyhH8Tw6adH0ALXr+CmVp90FeJh/dvzkPxtctmPeMp0y+9HDCtsy
ypKDdHk6tS0H4lQyhPYz5f+qWs7o8Z/pAGpZSmR+ZQdNpdyR9Etxy/tnveLwNMPj
vAF4BUJKIrBh498u8YWOz/WvYgwFHLVQ6twH2pucUYwgMx8zzsMz1/TwCkUMRfaj
NUfRxcmiQKxvSNn1XO+7pWrngvUi7u+pUk8ojG2xooTx
-----END CERTIFICATE-----