Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/uYw2e8yzvnaCIRMug4OJaHyv-Uk.roa
File:                     uYw2e8yzvnaCIRMug4OJaHyv-Uk.roa (raw, json)
Hash identifier:          bDqiQZbfW+PAtf/F8fb3SNPP3S7momjE/LgQrQYKapg=
Subject key identifier:   B9:8C:36:7B:CC:B3:BE:76:82:21:13:2E:83:83:89:68:7C:AF:F9:49
Certificate issuer:       /CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
Certificate serial:       018CC8DE4A5A4C906F58AC23F8DE7F09CDF8
Authority key identifier: 1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/uYw2e8yzvnaCIRMug4OJaHyv-Uk.roa
Signing time:             Tue 02 Jan 2024 06:31:00 +0000
ROA not before:           Tue 02 Jan 2024 06:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57271
IP address blocks:        185.238.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:4a:5a:4c:90:6f:58:ac:23:f8:de:7f:09:cd:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
        Validity
            Not Before: Jan  2 06:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b98c367bccb3be768221132e838389687caff949
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a2:d0:50:36:98:97:69:f8:8d:e8:5d:ce:a9:
                    66:78:84:89:70:b8:ed:ac:7a:95:48:6b:1c:be:8b:
                    16:8c:89:d4:f3:c3:b6:0d:56:35:a4:23:87:27:b2:
                    4c:b6:36:1c:ae:5a:b5:45:2a:98:a9:02:e7:70:b7:
                    3b:aa:e5:c0:33:e7:e2:d3:32:28:0d:9e:d6:8e:aa:
                    48:61:c9:e8:bd:07:59:6f:c8:39:34:d7:4b:25:93:
                    0a:64:13:1e:4a:50:73:97:8e:68:11:93:15:52:3a:
                    4e:1d:7a:9e:fa:d1:3e:70:83:4c:f7:9b:98:28:30:
                    5d:ad:15:a6:ae:03:97:48:e0:47:cd:80:8d:2a:42:
                    8a:6b:c1:5b:fa:7b:2d:c7:1f:db:4b:a8:c5:0d:da:
                    e3:e7:d1:b2:2f:0d:c5:27:84:5b:ed:38:31:22:e0:
                    5f:e7:0f:76:92:b6:a1:24:f0:3d:02:c5:81:87:52:
                    89:df:8f:99:3d:c4:e5:b7:e6:48:e7:c3:a7:ec:1c:
                    36:29:37:39:81:d0:82:88:f0:4f:05:0c:eb:80:fb:
                    18:ec:f0:69:d0:17:03:3d:42:56:f0:38:e0:64:1d:
                    fa:4c:71:a3:2b:ed:f1:b5:20:92:23:7f:a0:91:c7:
                    be:35:a1:83:10:4e:ca:ed:78:9d:08:50:57:14:3c:
                    92:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:8C:36:7B:CC:B3:BE:76:82:21:13:2E:83:83:89:68:7C:AF:F9:49
            X509v3 Authority Key Identifier:
                keyid:1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/uYw2e8yzvnaCIRMug4OJaHyv-Uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:22:6c:fc:25:f4:d4:ae:28:c1:f2:13:a4:07:01:ab:a4:d0:
         f9:ff:68:7e:d9:4e:1c:51:99:f6:99:39:ee:db:e2:ad:cb:da:
         05:b3:d0:6a:5c:fc:74:07:29:a2:8e:5e:f3:92:ac:24:18:1c:
         6a:b9:ed:48:e3:21:2e:d4:6c:3c:7c:c1:40:dc:3c:72:2a:93:
         b0:6e:07:7e:df:de:b4:eb:cb:59:a0:fe:50:68:bd:d6:d6:f8:
         64:3c:59:ac:01:eb:bf:e8:16:a9:ee:f3:0e:b4:ed:7e:52:ba:
         3d:1a:e0:bb:dd:b8:e1:fd:67:12:4d:00:e8:26:fb:cb:f8:ba:
         a4:20:9d:54:a7:c6:b0:dc:65:7d:2f:f1:89:98:4f:08:21:f7:
         f6:b1:8d:be:29:c7:3e:20:12:b3:df:80:ba:c5:60:a5:a2:3b:
         00:6f:7b:16:a2:3e:73:4e:15:11:b7:12:4c:b1:54:fa:89:c5:
         cf:45:e2:1b:a8:62:06:79:a4:83:47:16:0a:99:5d:90:57:09:
         f9:53:32:40:e6:6f:1e:60:f2:96:f7:f6:55:43:33:cf:e4:e0:
         74:60:0e:5d:03:8e:b2:01:dc:43:41:fd:8f:59:4a:f0:72:77:
         6f:8d:17:cb:ab:67:f3:48:99:0d:fb:96:cf:f2:85:22:b1:10:
         66:b5:06:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3kpaTJBvWKwj+N5/Cc34MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWZkYzdmYjM5ZWJiYmVkNGVlNTRmNzAzZDNhYzYxNTNk
ZGVlNjkwHhcNMjQwMTAyMDYzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOThjMzY3YmNjYjNiZTc2ODIyMTEzMmU4MzgzODk2ODdjYWZmOTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqLQUDaYl2n4jehdzqlmeISJcLjt
rHqVSGscvosWjInU88O2DVY1pCOHJ7JMtjYcrlq1RSqYqQLncLc7quXAM+fi0zIo
DZ7WjqpIYcnovQdZb8g5NNdLJZMKZBMeSlBzl45oEZMVUjpOHXqe+tE+cINM95uY
KDBdrRWmrgOXSOBHzYCNKkKKa8Fb+nstxx/bS6jFDdrj59GyLw3FJ4Rb7TgxIuBf
5w92krahJPA9AsWBh1KJ34+ZPcTlt+ZI58On7Bw2KTc5gdCCiPBPBQzrgPsY7PBp
0BcDPUJW8DjgZB36THGjK+3xtSCSI3+gkce+NaGDEE7K7XidCFBXFDySMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmMNnvMs752giETLoODiWh8r/lJMB8GA1UdIwQY
MBaAFB6f3H+znru+1O5U9wPTrGFT3e5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgt
NjkxZmY1YjQ0YjAxLzEvdVl3MmU4eXp2bmFDSVJNdWc0T0phSHl2LVVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgtNjkxZmY1YjQ0YjAx
LzEvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAue5bMA0G
CSqGSIb3DQEBCwUAA4IBAQBkImz8JfTUrijB8hOkBwGrpND5/2h+2U4cUZn2mTnu
2+Kty9oFs9BqXPx0Bymijl7zkqwkGBxque1I4yEu1Gw8fMFA3DxyKpOwbgd+3960
68tZoP5QaL3W1vhkPFmsAeu/6Bap7vMOtO1+Uro9GuC73bjh/WcSTQDoJvvL+Lqk
IJ1Up8aw3GV9L/GJmE8IIff2sY2+Kcc+IBKz34C6xWClojsAb3sWoj5zThURtxJM
sVT6icXPReIbqGIGeaSDRxYKmV2QVwn5UzJA5m8eYPKW9/ZVQzPP5OB0YA5dA46y
AdxDQf2PWUrwcndvjRfLq2fzSJkN+5bP8oUisRBmtQbS
-----END CERTIFICATE-----