Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/37ac59-8529-4ac9-ba4e-3bf7d77749ab/1/IUPmSacAKNwq4KD4Q_rQ0GxfJbI.roa
File:                     IUPmSacAKNwq4KD4Q_rQ0GxfJbI.roa (raw, json)
Hash identifier:          6ZCgyZH5WEKU4y+8p7G30+FNTgCUdwWHIz9B9T9EWWM=
Subject key identifier:   21:43:E6:49:A7:00:28:DC:2A:E0:A0:F8:43:FA:D0:D0:6C:5F:25:B2
Certificate issuer:       /CN=9194b857c037a7d7cb0575e35823e5e28032bda3
Certificate serial:       018CC34949E76238D674D2951E4B501CB4E8
Authority key identifier: 91:94:B8:57:C0:37:A7:D7:CB:05:75:E3:58:23:E5:E2:80:32:BD:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kZS4V8A3p9fLBXXjWCPl4oAyvaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/37ac59-8529-4ac9-ba4e-3bf7d77749ab/1/IUPmSacAKNwq4KD4Q_rQ0GxfJbI.roa
Signing time:             Mon 01 Jan 2024 04:30:09 +0000
ROA not before:           Mon 01 Jan 2024 04:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200977
IP address blocks:        185.90.240.0/24 maxlen: 24
                          185.90.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/37ac59-8529-4ac9-ba4e-3bf7d77749ab/1/kZS4V8A3p9fLBXXjWCPl4oAyvaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/37ac59-8529-4ac9-ba4e-3bf7d77749ab/1/kZS4V8A3p9fLBXXjWCPl4oAyvaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kZS4V8A3p9fLBXXjWCPl4oAyvaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:49:e7:62:38:d6:74:d2:95:1e:4b:50:1c:b4:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9194b857c037a7d7cb0575e35823e5e28032bda3
        Validity
            Not Before: Jan  1 04:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2143e649a70028dc2ae0a0f843fad0d06c5f25b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7b:4d:fd:d1:e8:e1:b3:c5:68:dd:cd:1d:74:
                    18:f5:06:04:ce:e8:2f:c2:fa:93:62:19:d2:1b:7f:
                    28:72:26:41:a2:18:d1:6d:67:9e:c4:c6:b8:3e:83:
                    20:39:b0:65:5e:b2:7e:93:45:b7:4c:b0:f5:c7:29:
                    80:20:bf:94:e6:c8:ea:ba:dd:d3:a0:26:78:54:48:
                    32:5a:6c:17:dc:fa:e3:e3:bf:84:ad:83:89:01:ac:
                    7f:dd:d3:5f:77:06:2f:f1:c1:9d:e6:45:44:fc:b9:
                    2e:12:5f:ad:55:22:40:54:bb:5e:ea:2b:1e:67:d2:
                    c5:c4:b7:09:e0:a4:a7:75:84:a7:58:2e:77:6e:22:
                    fd:e7:06:2b:c0:03:01:a1:5e:4f:db:50:89:06:f6:
                    62:c0:37:13:53:5e:6a:87:57:62:72:5c:a8:c3:83:
                    55:dc:a7:9e:c6:94:6c:05:b5:df:40:a4:8d:88:09:
                    46:fd:0f:3a:68:2f:34:44:e1:1b:7f:12:0d:2e:bf:
                    ac:a8:95:76:b5:82:ad:49:55:b3:7a:7a:a1:37:29:
                    9d:0e:bf:00:2c:06:e0:11:a4:43:22:bb:e7:eb:67:
                    d0:52:a8:2c:c5:43:d4:ae:86:82:45:65:7c:30:43:
                    59:96:42:a5:d0:e9:6d:7b:a7:47:cf:e6:83:81:f2:
                    5c:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:43:E6:49:A7:00:28:DC:2A:E0:A0:F8:43:FA:D0:D0:6C:5F:25:B2
            X509v3 Authority Key Identifier:
                keyid:91:94:B8:57:C0:37:A7:D7:CB:05:75:E3:58:23:E5:E2:80:32:BD:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kZS4V8A3p9fLBXXjWCPl4oAyvaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/37ac59-8529-4ac9-ba4e-3bf7d77749ab/1/IUPmSacAKNwq4KD4Q_rQ0GxfJbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/37ac59-8529-4ac9-ba4e-3bf7d77749ab/1/kZS4V8A3p9fLBXXjWCPl4oAyvaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d9:5a:1b:84:c9:90:90:b0:a8:4c:3b:fa:b8:89:bf:2c:6a:24:
         cb:e3:91:3b:d0:4f:8f:8e:37:82:bc:d0:c5:50:f2:48:c8:51:
         33:1c:59:91:92:83:5b:dc:4b:51:78:4e:85:45:b9:d7:50:c0:
         d4:63:26:0c:53:b5:c6:18:19:3e:d3:05:3d:e7:d6:8b:47:82:
         34:97:f1:46:59:e1:b2:84:45:e1:14:48:af:b3:d1:96:c9:82:
         52:16:cb:d5:5c:66:23:6e:d3:0d:4f:3d:5d:f0:8f:7d:f5:d1:
         04:71:30:06:e7:1d:94:91:0a:2b:19:15:9d:96:58:af:06:8d:
         78:8f:72:02:70:31:2c:49:ac:d1:31:e0:70:56:0d:c0:1f:41:
         ee:b4:34:eb:4f:2d:07:25:b5:d7:bb:89:a6:4d:0b:ad:2a:ee:
         83:e0:ad:6a:b0:e5:cd:a8:0a:6a:54:22:1a:43:b1:6b:27:d6:
         c4:37:de:3d:e0:d0:93:b9:ff:b8:e2:b1:5b:e2:d4:33:57:36:
         b9:23:eb:4c:4e:32:66:f1:31:58:18:7a:a4:2c:65:89:85:50:
         dc:68:ef:c8:49:08:df:65:17:31:e9:f7:d2:df:69:dd:22:99:
         1c:29:51:40:ab:86:80:9a:ba:5b:53:01:1a:11:c8:9d:6a:c2:
         d6:f9:1e:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSUnnYjjWdNKVHktQHLToMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxOTRiODU3YzAzN2E3ZDdjYjA1NzVlMzU4MjNlNWUyODAz
MmJkYTMwHhcNMjQwMTAxMDQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTQzZTY0OWE3MDAyOGRjMmFlMGEwZjg0M2ZhZDBkMDZjNWYyNWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3tN/dHo4bPFaN3NHXQY9QYEzugv
wvqTYhnSG38ociZBohjRbWeexMa4PoMgObBlXrJ+k0W3TLD1xymAIL+U5sjqut3T
oCZ4VEgyWmwX3Prj47+ErYOJAax/3dNfdwYv8cGd5kVE/LkuEl+tVSJAVLte6ise
Z9LFxLcJ4KSndYSnWC53biL95wYrwAMBoV5P21CJBvZiwDcTU15qh1diclyow4NV
3KeexpRsBbXfQKSNiAlG/Q86aC80ROEbfxINLr+sqJV2tYKtSVWzenqhNymdDr8A
LAbgEaRDIrvn62fQUqgsxUPUroaCRWV8MENZlkKl0Olte6dHz+aDgfJcWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFD5kmnACjcKuCg+EP60NBsXyWyMB8GA1UdIwQY
MBaAFJGUuFfAN6fXywV141gj5eKAMr2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1pTNFY4QTNwOWZMQlhYaldDUGw0b0F5dmFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8zN2FjNTktODUyOS00YWM5LWJhNGUt
M2JmN2Q3Nzc0OWFiLzEvSVVQbVNhY0FLTndxNEtENFFfclEwR3hmSmJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8zN2FjNTktODUyOS00YWM5LWJhNGUtM2JmN2Q3Nzc0OWFi
LzEva1pTNFY4QTNwOWZMQlhYaldDUGw0b0F5dmFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVrwMA0G
CSqGSIb3DQEBCwUAA4IBAQDZWhuEyZCQsKhMO/q4ib8saiTL45E70E+PjjeCvNDF
UPJIyFEzHFmRkoNb3EtReE6FRbnXUMDUYyYMU7XGGBk+0wU959aLR4I0l/FGWeGy
hEXhFEivs9GWyYJSFsvVXGYjbtMNTz1d8I999dEEcTAG5x2UkQorGRWdllivBo14
j3ICcDEsSazRMeBwVg3AH0HutDTrTy0HJbXXu4mmTQutKu6D4K1qsOXNqApqVCIa
Q7FrJ9bEN9494NCTuf+44rFb4tQzVza5I+tMTjJm8TFYGHqkLGWJhVDcaO/ISQjf
ZRcx6ffS32ndIpkcKVFAq4aAmrpbUwEaEcidasLW+R5t
-----END CERTIFICATE-----