Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/c64d50-fcdd-4a9f-9047-293f6122a19d/1/uYHKtKuRAQeHOfD7lB4qDgo66SU.roa
File:                     uYHKtKuRAQeHOfD7lB4qDgo66SU.roa (raw, json)
Hash identifier:          t+Ob5Y5NgLCxa3TxH9Z/GTAtTAwcsjfnwDTYcaden8w=
Subject key identifier:   B9:81:CA:B4:AB:91:01:07:87:39:F0:FB:94:1E:2A:0E:0A:3A:E9:25
Certificate issuer:       /CN=92fb8fa10dff3473e653dbf61c9a86432180a5c7
Certificate serial:       019425FDD4BE1DF65FE0E46EBFE1927B201A
Authority key identifier: 92:FB:8F:A1:0D:FF:34:73:E6:53:DB:F6:1C:9A:86:43:21:80:A5:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kvuPoQ3_NHPmU9v2HJqGQyGApcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/c64d50-fcdd-4a9f-9047-293f6122a19d/1/uYHKtKuRAQeHOfD7lB4qDgo66SU.roa
Signing time:             Thu 02 Jan 2025 07:49:39 +0000
ROA not before:           Thu 02 Jan 2025 07:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211671
IP address blocks:        91.220.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/c64d50-fcdd-4a9f-9047-293f6122a19d/1/kvuPoQ3_NHPmU9v2HJqGQyGApcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/c64d50-fcdd-4a9f-9047-293f6122a19d/1/kvuPoQ3_NHPmU9v2HJqGQyGApcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kvuPoQ3_NHPmU9v2HJqGQyGApcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:d4:be:1d:f6:5f:e0:e4:6e:bf:e1:92:7b:20:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92fb8fa10dff3473e653dbf61c9a86432180a5c7
        Validity
            Not Before: Jan  2 07:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b981cab4ab9101078739f0fb941e2a0e0a3ae925
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:44:3a:c5:d3:e9:21:15:ca:c5:56:98:47:80:
                    ce:10:c1:9e:4c:34:08:38:70:dd:7c:31:e3:14:60:
                    1b:65:3f:55:e5:9c:f7:e1:5e:a4:50:60:8a:98:9f:
                    bc:00:70:ff:2d:10:44:2a:77:fb:a9:90:9c:68:42:
                    32:42:01:e4:ca:56:94:74:3f:80:9d:86:fc:70:5e:
                    43:a9:65:85:79:ed:8d:4c:c0:da:5e:90:78:c8:bd:
                    97:1e:11:e4:50:5b:22:39:06:a7:90:d9:9d:13:b8:
                    d0:4a:c6:6f:7e:7f:51:cb:61:c3:4c:4f:ab:85:64:
                    28:f8:80:0e:fb:c2:a6:ef:10:49:49:68:64:ee:a4:
                    6d:6d:f9:73:a0:bf:d3:e5:3b:65:9b:ec:bd:65:f3:
                    f0:58:ec:4f:0b:d6:62:b2:2b:54:02:b0:54:fe:ca:
                    47:85:28:0d:ef:9c:c7:79:3a:ae:77:fe:bf:bf:7a:
                    09:55:8a:bc:dc:c1:c0:ba:d6:ae:e1:90:84:77:17:
                    24:c3:97:3b:04:7f:e4:cf:08:e2:2f:79:dd:c2:05:
                    4a:b4:ec:3c:02:be:1b:2f:da:5c:0f:87:60:94:b7:
                    a8:3a:c6:c4:9e:5c:dd:2d:08:c3:c6:46:bb:03:3d:
                    5c:3b:86:78:c7:98:87:39:ca:2e:fa:22:92:88:58:
                    5e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:81:CA:B4:AB:91:01:07:87:39:F0:FB:94:1E:2A:0E:0A:3A:E9:25
            X509v3 Authority Key Identifier:
                keyid:92:FB:8F:A1:0D:FF:34:73:E6:53:DB:F6:1C:9A:86:43:21:80:A5:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kvuPoQ3_NHPmU9v2HJqGQyGApcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/c64d50-fcdd-4a9f-9047-293f6122a19d/1/uYHKtKuRAQeHOfD7lB4qDgo66SU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/c64d50-fcdd-4a9f-9047-293f6122a19d/1/kvuPoQ3_NHPmU9v2HJqGQyGApcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:24:6d:7e:29:a3:54:32:0c:ce:6b:84:cd:37:b1:6f:96:fa:
         41:99:8e:6a:c9:01:e0:66:93:05:7d:74:34:d6:c4:91:67:1f:
         03:8c:8f:61:1e:76:82:85:cf:4d:f0:fe:7b:a5:60:24:28:c0:
         d8:9b:5a:e7:94:c2:cc:bf:14:d0:74:67:a1:ed:4e:90:02:51:
         76:70:b0:a4:9c:bc:8e:f9:b6:0d:00:07:f3:6a:e7:9c:a6:0c:
         a2:5b:de:f6:e2:bf:a2:7e:6f:ce:d9:5b:2f:2f:2b:a4:fc:2d:
         3a:2e:d6:b0:a1:a4:4e:e0:64:27:73:b0:90:2b:6c:e7:6f:93:
         8b:97:89:7c:88:40:87:75:e3:b6:f5:1a:d8:2b:e1:0f:30:02:
         35:f5:ac:78:5e:5f:91:26:2a:91:8c:9b:4b:40:b3:58:95:8e:
         47:07:5f:26:a8:8f:91:67:a7:d5:a3:3c:fe:0d:46:29:71:52:
         9f:cd:13:29:1f:89:65:59:d2:71:97:1f:03:fd:da:14:27:f9:
         53:33:75:3d:62:37:00:b6:bc:20:ed:47:b0:eb:b8:0e:45:75:
         6a:e4:65:3a:85:5b:53:cb:41:67:76:a9:88:b0:49:b9:50:69:
         21:e0:29:ad:8f:c3:06:38:0f:68:87:ca:8a:4f:cc:6a:0c:98:
         f8:9b:11:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/dS+HfZf4ORuv+GSeyAaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZmI4ZmExMGRmZjM0NzNlNjUzZGJmNjFjOWE4NjQzMjE4
MGE1YzcwHhcNMjUwMTAyMDc0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTgxY2FiNGFiOTEwMTA3ODczOWYwZmI5NDFlMmEwZTBhM2FlOTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1EQ6xdPpIRXKxVaYR4DOEMGeTDQI
OHDdfDHjFGAbZT9V5Zz34V6kUGCKmJ+8AHD/LRBEKnf7qZCcaEIyQgHkylaUdD+A
nYb8cF5DqWWFee2NTMDaXpB4yL2XHhHkUFsiOQankNmdE7jQSsZvfn9Ry2HDTE+r
hWQo+IAO+8Km7xBJSWhk7qRtbflzoL/T5Ttlm+y9ZfPwWOxPC9ZisitUArBU/spH
hSgN75zHeTqud/6/v3oJVYq83MHAutau4ZCEdxckw5c7BH/kzwjiL3ndwgVKtOw8
Ar4bL9pcD4dglLeoOsbEnlzdLQjDxka7Az1cO4Z4x5iHOcou+iKSiFherQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmByrSrkQEHhznw+5QeKg4KOuklMB8GA1UdIwQY
MBaAFJL7j6EN/zRz5lPb9hyahkMhgKXHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3Z1UG9RM19OSFBtVTl2MkhKcUdReUdBcGNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9jNjRkNTAtZmNkZC00YTlmLTkwNDct
MjkzZjYxMjJhMTlkLzEvdVlIS3RLdVJBUWVIT2ZEN2xCNHFEZ282NlNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9jNjRkNTAtZmNkZC00YTlmLTkwNDctMjkzZjYxMjJhMTlk
LzEva3Z1UG9RM19OSFBtVTl2MkhKcUdReUdBcGNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9wKMA0G
CSqGSIb3DQEBCwUAA4IBAQAKJG1+KaNUMgzOa4TNN7FvlvpBmY5qyQHgZpMFfXQ0
1sSRZx8DjI9hHnaChc9N8P57pWAkKMDYm1rnlMLMvxTQdGeh7U6QAlF2cLCknLyO
+bYNAAfzauecpgyiW9724r+ifm/O2VsvLyuk/C06LtawoaRO4GQnc7CQK2znb5OL
l4l8iECHdeO29RrYK+EPMAI19ax4Xl+RJiqRjJtLQLNYlY5HB18mqI+RZ6fVozz+
DUYpcVKfzRMpH4llWdJxlx8D/doUJ/lTM3U9YjcAtrwg7Uew67gORXVq5GU6hVtT
y0FndqmIsEm5UGkh4Cmtj8MGOA9oh8qKT8xqDJj4mxH8
-----END CERTIFICATE-----