Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/b66429-4f20-4b90-a6b8-4c10e3360577/1/UvojC1ENhPbEF8CWrIQdqvN_EPk.roa
File:                     UvojC1ENhPbEF8CWrIQdqvN_EPk.roa (raw, json)
Hash identifier:          M3fEcWwNkOYKiYYPvaWdy7xS9Gzd5XLhj8l6RknzTeQ=
Subject key identifier:   52:FA:23:0B:51:0D:84:F6:C4:17:C0:96:AC:84:1D:AA:F3:7F:10:F9
Certificate issuer:       /CN=a3c03158aed81161d4f57c1742d460834173a79e
Certificate serial:       019420D5E3440B025AB29E92CCA9F3B3317F
Authority key identifier: A3:C0:31:58:AE:D8:11:61:D4:F5:7C:17:42:D4:60:83:41:73:A7:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o8AxWK7YEWHU9XwXQtRgg0Fzp54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/b66429-4f20-4b90-a6b8-4c10e3360577/1/UvojC1ENhPbEF8CWrIQdqvN_EPk.roa
Signing time:             Wed 01 Jan 2025 07:47:55 +0000
ROA not before:           Wed 01 Jan 2025 07:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201011
IP address blocks:        91.194.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/b66429-4f20-4b90-a6b8-4c10e3360577/1/o8AxWK7YEWHU9XwXQtRgg0Fzp54.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/b66429-4f20-4b90-a6b8-4c10e3360577/1/o8AxWK7YEWHU9XwXQtRgg0Fzp54.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o8AxWK7YEWHU9XwXQtRgg0Fzp54.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 04:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:e3:44:0b:02:5a:b2:9e:92:cc:a9:f3:b3:31:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3c03158aed81161d4f57c1742d460834173a79e
        Validity
            Not Before: Jan  1 07:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52fa230b510d84f6c417c096ac841daaf37f10f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:c5:20:db:9e:ae:b9:c7:58:24:5c:4f:87:70:
                    30:39:eb:91:7d:75:64:84:07:4c:cd:4b:08:4a:4d:
                    10:cc:5a:fe:af:5e:77:ef:9d:6c:5e:68:cf:58:43:
                    46:e6:c8:62:6a:f0:10:1c:d8:a8:5a:c0:a2:2c:0e:
                    72:65:ab:80:54:9d:e1:a0:b9:0b:55:cc:34:82:dd:
                    cb:ce:a0:5d:57:69:8b:b8:ca:56:fe:53:de:db:bd:
                    a2:b2:a3:e6:c4:44:23:df:a1:a7:98:79:1e:50:8d:
                    16:78:5b:7a:8d:e7:ae:b7:94:42:b6:9a:b2:7e:52:
                    76:d1:94:a8:a8:e0:f1:88:e8:34:99:ab:31:f9:41:
                    50:39:a5:af:54:ed:0d:3f:3b:b1:d3:c7:09:20:e0:
                    e3:41:a2:1c:f0:c2:6b:38:56:f4:18:8c:9b:e6:05:
                    ea:b7:f3:c1:24:0e:fd:b2:ef:a3:92:06:3f:31:bf:
                    3f:9d:8c:7b:bf:bd:49:14:9c:27:e0:93:3a:17:b5:
                    d9:dc:bb:0e:f5:dd:0f:20:e3:3d:93:83:0c:f1:a0:
                    a1:26:06:1c:0f:00:86:83:b8:bf:20:6c:73:3f:f1:
                    7a:62:d5:a6:16:26:f7:a6:8f:9a:3d:53:e7:79:f2:
                    ab:e1:4b:30:e4:7e:55:34:81:45:38:ad:db:b0:1e:
                    07:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:FA:23:0B:51:0D:84:F6:C4:17:C0:96:AC:84:1D:AA:F3:7F:10:F9
            X509v3 Authority Key Identifier:
                keyid:A3:C0:31:58:AE:D8:11:61:D4:F5:7C:17:42:D4:60:83:41:73:A7:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o8AxWK7YEWHU9XwXQtRgg0Fzp54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/b66429-4f20-4b90-a6b8-4c10e3360577/1/UvojC1ENhPbEF8CWrIQdqvN_EPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/b66429-4f20-4b90-a6b8-4c10e3360577/1/o8AxWK7YEWHU9XwXQtRgg0Fzp54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:5b:3e:a4:16:6a:d9:39:8f:ce:42:7b:dd:1e:05:56:d3:ef:
         ed:83:26:2c:5a:f5:06:f1:3f:a6:45:3d:d7:66:4c:8d:43:27:
         60:a7:26:b9:c0:08:cd:94:31:cd:d6:dc:cd:0a:2f:6d:0a:67:
         84:97:cd:de:0a:cf:67:ec:71:40:29:ed:83:ce:c2:b7:75:0d:
         53:c1:b1:8e:73:7e:09:cf:47:81:f0:33:e1:5b:8f:c3:da:84:
         fa:31:fb:da:54:41:0e:56:fa:4e:be:7a:a2:20:d0:5f:26:74:
         ef:fa:11:f2:13:9e:d5:e9:8d:1d:a9:a9:e9:f8:09:df:6f:56:
         2c:6a:41:d5:2d:f9:b8:b3:c6:14:6d:45:b7:03:b3:94:5e:20:
         4e:56:91:55:d7:07:49:06:3e:f1:9c:3b:6e:68:bf:3e:a1:8c:
         f3:83:f3:27:4e:8a:70:27:f4:a8:fb:fe:1d:42:7f:d9:55:06:
         6b:bb:74:23:ba:66:c7:3c:b2:95:81:4c:45:52:62:8b:ef:7a:
         0d:2e:57:0c:f2:ef:2e:10:58:3b:5a:1f:18:97:b4:2d:5b:da:
         9a:c5:8e:7e:c5:1b:d6:71:74:30:8f:d4:d7:7d:25:25:e4:9d:
         0e:55:9d:d9:b3:c6:e3:62:f3:64:fd:3c:79:97:b6:56:64:03:
         62:e6:5c:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1eNECwJasp6SzKnzszF/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzYzAzMTU4YWVkODExNjFkNGY1N2MxNzQyZDQ2MDgzNDE3
M2E3OWUwHhcNMjUwMTAxMDc0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmZhMjMwYjUxMGQ4NGY2YzQxN2MwOTZhYzg0MWRhYWYzN2YxMGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+sUg256uucdYJFxPh3AwOeuRfXVk
hAdMzUsISk0QzFr+r153751sXmjPWENG5shiavAQHNioWsCiLA5yZauAVJ3hoLkL
Vcw0gt3LzqBdV2mLuMpW/lPe272isqPmxEQj36GnmHkeUI0WeFt6jeeut5RCtpqy
flJ20ZSoqODxiOg0masx+UFQOaWvVO0NPzux08cJIODjQaIc8MJrOFb0GIyb5gXq
t/PBJA79su+jkgY/Mb8/nYx7v71JFJwn4JM6F7XZ3LsO9d0PIOM9k4MM8aChJgYc
DwCGg7i/IGxzP/F6YtWmFib3po+aPVPnefKr4Usw5H5VNIFFOK3bsB4HlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFL6IwtRDYT2xBfAlqyEHarzfxD5MB8GA1UdIwQY
MBaAFKPAMViu2BFh1PV8F0LUYINBc6eeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzhBeFdLN1lFV0hVOVh3WFF0UmdnMEZ6cDU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9iNjY0MjktNGYyMC00YjkwLWE2Yjgt
NGMxMGUzMzYwNTc3LzEvVXZvakMxRU5oUGJFRjhDV3JJUWRxdk5fRVBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9iNjY0MjktNGYyMC00YjkwLWE2YjgtNGMxMGUzMzYwNTc3
LzEvbzhBeFdLN1lFV0hVOVh3WFF0UmdnMEZ6cDU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8LtMA0G
CSqGSIb3DQEBCwUAA4IBAQBNWz6kFmrZOY/OQnvdHgVW0+/tgyYsWvUG8T+mRT3X
ZkyNQydgpya5wAjNlDHN1tzNCi9tCmeEl83eCs9n7HFAKe2DzsK3dQ1TwbGOc34J
z0eB8DPhW4/D2oT6MfvaVEEOVvpOvnqiINBfJnTv+hHyE57V6Y0dqanp+Anfb1Ys
akHVLfm4s8YUbUW3A7OUXiBOVpFV1wdJBj7xnDtuaL8+oYzzg/MnTopwJ/So+/4d
Qn/ZVQZru3QjumbHPLKVgUxFUmKL73oNLlcM8u8uEFg7Wh8Yl7QtW9qaxY5+xRvW
cXQwj9TXfSUl5J0OVZ3Zs8bjYvNk/Tx5l7ZWZANi5lzO
-----END CERTIFICATE-----