Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/UNUa4oFxwFdm00m5r-G61s8Ikh4.roa
File:                     UNUa4oFxwFdm00m5r-G61s8Ikh4.roa (raw, json)
Hash identifier:          k9276a/1X0ewFXRF6cwjGjRo8BKQKSRBiWAxipeCeXc=
Subject key identifier:   50:D5:1A:E2:81:71:C0:57:66:D3:49:B9:AF:E1:BA:D6:CF:08:92:1E
Certificate issuer:       /CN=8c96c66af331c985b859d403b36974c0632e1ef2
Certificate serial:       01942444A1395F030BC3EB20532ABA8150AF
Authority key identifier: 8C:96:C6:6A:F3:31:C9:85:B8:59:D4:03:B3:69:74:C0:63:2E:1E:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jJbGavMxyYW4WdQDs2l0wGMuHvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/UNUa4oFxwFdm00m5r-G61s8Ikh4.roa
Signing time:             Wed 01 Jan 2025 23:47:44 +0000
ROA not before:           Wed 01 Jan 2025 23:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        91.233.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/jJbGavMxyYW4WdQDs2l0wGMuHvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/jJbGavMxyYW4WdQDs2l0wGMuHvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jJbGavMxyYW4WdQDs2l0wGMuHvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:a1:39:5f:03:0b:c3:eb:20:53:2a:ba:81:50:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c96c66af331c985b859d403b36974c0632e1ef2
        Validity
            Not Before: Jan  1 23:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50d51ae28171c05766d349b9afe1bad6cf08921e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a5:f7:62:6f:e9:52:06:45:25:75:b0:82:f6:
                    13:62:5f:0d:fc:d6:cc:72:d0:d7:ff:42:24:0a:e0:
                    91:a7:39:46:80:ce:7c:5f:89:4a:9f:f9:90:44:27:
                    cf:80:35:58:7b:ae:f6:de:b6:66:bc:1e:b1:36:f1:
                    44:b7:bf:5b:a0:1a:b3:23:c2:d6:ec:e8:3d:1d:1e:
                    77:16:64:a4:2c:09:4b:b2:58:7e:9a:2f:44:7c:d7:
                    15:d8:d3:22:b4:fc:cd:c1:ee:df:74:0c:aa:ef:81:
                    2b:60:3b:ea:c2:57:bc:c2:df:2f:18:62:26:1c:f1:
                    2d:2d:12:04:7c:8f:23:ec:20:51:be:96:09:36:d9:
                    ae:d6:6e:5c:04:82:d4:e3:0a:36:b5:be:be:28:bf:
                    f2:d2:8b:83:00:b6:b6:3f:2e:8a:70:d6:50:e6:e0:
                    bc:d3:9d:25:f2:f7:09:fe:30:0f:23:04:d2:55:17:
                    0f:48:28:90:52:aa:16:c0:b8:f2:b4:50:73:5b:e3:
                    2d:89:42:a9:20:c6:9b:f5:9a:3e:09:d6:c1:b5:f3:
                    8a:40:12:91:16:10:71:6d:3e:c0:f2:16:91:f0:28:
                    1c:61:d9:7a:d7:26:59:87:05:61:0c:73:0f:6a:bb:
                    88:47:e6:86:03:0a:e4:54:e7:1b:af:fa:7e:0e:1b:
                    34:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:D5:1A:E2:81:71:C0:57:66:D3:49:B9:AF:E1:BA:D6:CF:08:92:1E
            X509v3 Authority Key Identifier:
                keyid:8C:96:C6:6A:F3:31:C9:85:B8:59:D4:03:B3:69:74:C0:63:2E:1E:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jJbGavMxyYW4WdQDs2l0wGMuHvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/UNUa4oFxwFdm00m5r-G61s8Ikh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/jJbGavMxyYW4WdQDs2l0wGMuHvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:f6:bc:ed:4c:52:ab:04:7b:ef:3d:b3:32:54:c5:3f:9e:d0:
         a9:6e:a3:8e:b4:bb:4c:79:79:9e:93:66:fd:eb:64:a1:64:25:
         45:77:ef:bd:8a:90:c4:03:07:ce:0f:d5:45:e7:35:78:5d:dc:
         da:cf:b9:95:3c:d3:f0:13:36:c7:fe:cb:8c:52:b5:15:9b:e4:
         79:e7:c7:97:0b:24:b1:52:fd:73:a0:d0:98:66:2b:7c:8c:79:
         cc:28:96:16:e2:c6:2f:d9:56:c8:9e:3b:5e:02:36:2e:f5:83:
         c5:48:33:09:20:b7:b5:5c:eb:66:73:fa:71:a1:25:74:40:fc:
         82:00:32:48:7b:84:8b:22:0d:b4:3d:fe:4a:80:18:f8:17:74:
         c1:95:c3:1d:2a:ff:ae:51:85:ed:38:cf:41:04:af:68:4e:ca:
         14:1b:90:19:39:60:01:98:37:04:7e:b8:92:5b:d5:94:d4:71:
         d8:03:76:8c:9d:1e:a9:99:bf:c4:50:12:a8:57:e5:62:8f:34:
         c7:f6:c9:9d:45:37:9e:a6:e0:0d:da:05:e7:db:fa:83:af:99:
         78:8a:0f:41:05:62:61:3f:87:0c:ef:27:9a:fb:9a:60:df:2e:
         0f:a0:8c:ea:22:1d:24:6e:4d:71:9c:76:9c:5e:9b:80:0b:99:
         85:54:a2:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRKE5XwMLw+sgUyq6gVCvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjOTZjNjZhZjMzMWM5ODViODU5ZDQwM2IzNjk3NGMwNjMy
ZTFlZjIwHhcNMjUwMTAxMjM0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGQ1MWFlMjgxNzFjMDU3NjZkMzQ5YjlhZmUxYmFkNmNmMDg5MjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqX3Ym/pUgZFJXWwgvYTYl8N/NbM
ctDX/0IkCuCRpzlGgM58X4lKn/mQRCfPgDVYe6723rZmvB6xNvFEt79boBqzI8LW
7Og9HR53FmSkLAlLslh+mi9EfNcV2NMitPzNwe7fdAyq74ErYDvqwle8wt8vGGIm
HPEtLRIEfI8j7CBRvpYJNtmu1m5cBILU4wo2tb6+KL/y0ouDALa2Py6KcNZQ5uC8
050l8vcJ/jAPIwTSVRcPSCiQUqoWwLjytFBzW+MtiUKpIMab9Zo+CdbBtfOKQBKR
FhBxbT7A8haR8CgcYdl61yZZhwVhDHMParuIR+aGAwrkVOcbr/p+Dhs0ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFDVGuKBccBXZtNJua/hutbPCJIeMB8GA1UdIwQY
MBaAFIyWxmrzMcmFuFnUA7NpdMBjLh7yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakpiR2F2TXh5WVc0V2RRRHMybDB3R011SHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC85N2UwNTctMGY2MC00YWFmLTlhNDgt
ODNhNDQzMTBhOTY0LzEvVU5VYTRvRnh3RmRtMDBtNXItRzYxczhJa2g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC85N2UwNTctMGY2MC00YWFmLTlhNDgtODNhNDQzMTBhOTY0
LzEvakpiR2F2TXh5WVc0V2RRRHMybDB3R011SHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+lDMA0G
CSqGSIb3DQEBCwUAA4IBAQBx9rztTFKrBHvvPbMyVMU/ntCpbqOOtLtMeXmek2b9
62ShZCVFd++9ipDEAwfOD9VF5zV4Xdzaz7mVPNPwEzbH/suMUrUVm+R558eXCySx
Uv1zoNCYZit8jHnMKJYW4sYv2VbInjteAjYu9YPFSDMJILe1XOtmc/pxoSV0QPyC
ADJIe4SLIg20Pf5KgBj4F3TBlcMdKv+uUYXtOM9BBK9oTsoUG5AZOWABmDcEfriS
W9WU1HHYA3aMnR6pmb/EUBKoV+VijzTH9smdRTeepuAN2gXn2/qDr5l4ig9BBWJh
P4cM7yea+5pg3y4PoIzqIh0kbk1xnHacXpuAC5mFVKLO
-----END CERTIFICATE-----