Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/1nUEd9XAFqDWEykKA06-e3Jht8E.roa
File:                     1nUEd9XAFqDWEykKA06-e3Jht8E.roa (raw, json)
Hash identifier:          FjXuDY1LWSoerVvC1COnQH7k++3mS52vkkMLizNO12Q=
Subject key identifier:   D6:75:04:77:D5:C0:16:A0:D6:13:29:0A:03:4E:BE:7B:72:61:B7:C1
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       01942521B4BC22AC2BCD8D843E1D770A1999
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/1nUEd9XAFqDWEykKA06-e3Jht8E.roa
Signing time:             Thu 02 Jan 2025 03:49:13 +0000
ROA not before:           Thu 02 Jan 2025 03:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        91.213.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 04:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:b4:bc:22:ac:2b:cd:8d:84:3e:1d:77:0a:19:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jan  2 03:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6750477d5c016a0d613290a034ebe7b7261b7c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:04:c5:66:cc:e9:0d:d1:19:e8:57:e7:05:2f:
                    e1:29:99:49:26:08:26:ae:d0:d4:5a:a7:09:4c:c8:
                    72:35:9b:d0:19:03:3f:81:01:ac:bd:08:da:68:cc:
                    26:1a:ce:18:a1:41:f5:9a:a9:5d:f0:b6:a3:25:a3:
                    7e:2e:ce:1c:7b:22:f1:90:34:3f:8c:8a:dc:07:a9:
                    e4:24:7b:7f:e2:e4:77:ea:3d:a0:58:b2:bd:fa:d0:
                    5e:aa:34:72:b4:26:6d:e2:2b:51:e4:be:0d:05:54:
                    57:9c:87:58:c4:ea:34:c5:bb:13:e7:82:05:b4:2c:
                    06:97:b7:4a:f7:a3:01:af:09:be:e4:92:38:12:bf:
                    41:31:c2:3e:bd:2b:58:ac:1d:06:97:2d:f6:6a:2e:
                    33:04:1e:4e:e4:07:d6:ae:ff:79:5a:2f:21:e4:61:
                    35:3c:dd:f0:e9:e5:74:52:b5:f0:71:cc:c1:d0:88:
                    d6:c8:72:6c:c0:cc:4f:ef:31:0e:99:e5:dc:ba:4d:
                    2f:7f:0b:29:84:e8:5d:9d:f0:ce:ef:b2:e9:18:8c:
                    45:06:d4:b7:d5:c3:7f:00:28:26:b9:32:3b:1c:86:
                    ab:53:76:42:21:c1:9b:15:b2:00:cc:74:1a:e4:60:
                    34:26:34:4f:4c:da:cf:ac:3a:fb:16:93:48:39:a9:
                    f8:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:75:04:77:D5:C0:16:A0:D6:13:29:0A:03:4E:BE:7B:72:61:B7:C1
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/1nUEd9XAFqDWEykKA06-e3Jht8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:f5:87:12:d6:49:3c:73:a4:3d:a3:57:d0:e2:5e:84:8c:06:
         94:2f:97:a3:4f:92:a6:5b:58:cd:3f:81:8f:31:61:d8:5f:8b:
         c7:5b:dc:6f:c9:53:72:49:a4:b5:37:ae:7f:73:2b:18:96:3a:
         ea:07:ab:4a:40:5b:26:a8:02:ca:8e:45:25:3d:c9:59:ee:d6:
         13:c2:ac:ad:a2:b7:dc:8f:8e:51:0e:78:3a:b1:1f:f1:19:74:
         20:28:fa:6d:ed:74:07:82:18:9d:86:c7:3d:f8:eb:c0:6d:b4:
         e3:d8:63:14:ff:b5:c4:af:cd:1a:ca:9c:68:f2:07:a8:26:cb:
         cb:0c:7b:9c:4d:05:a8:b1:66:a5:a2:bb:0d:42:ca:46:db:ae:
         33:7b:d4:13:d9:f1:09:3a:d7:ff:80:85:69:3f:20:6c:e6:e0:
         d5:68:30:86:69:b8:f7:d7:f6:76:c4:e4:f0:55:80:bf:80:19:
         39:aa:67:d0:d8:b9:ba:3c:03:11:c3:37:13:9d:da:66:47:8e:
         41:f9:8d:f8:be:91:2a:b1:82:25:90:a8:c8:f9:4f:8c:8f:a5:
         93:4f:08:da:b5:7c:23:77:3c:87:85:3e:69:18:19:39:b3:78:
         e8:46:be:2a:f8:c3:0a:eb:54:be:ee:2e:73:dc:2a:4e:13:8e:
         d3:0b:79:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIbS8IqwrzY2EPh13ChmZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjUwMTAyMDM0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjc1MDQ3N2Q1YzAxNmEwZDYxMzI5MGEwMzRlYmU3YjcyNjFiN2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQTFZszpDdEZ6FfnBS/hKZlJJggm
rtDUWqcJTMhyNZvQGQM/gQGsvQjaaMwmGs4YoUH1mqld8LajJaN+Ls4ceyLxkDQ/
jIrcB6nkJHt/4uR36j2gWLK9+tBeqjRytCZt4itR5L4NBVRXnIdYxOo0xbsT54IF
tCwGl7dK96MBrwm+5JI4Er9BMcI+vStYrB0Gly32ai4zBB5O5AfWrv95Wi8h5GE1
PN3w6eV0UrXwcczB0IjWyHJswMxP7zEOmeXcuk0vfwsphOhdnfDO77LpGIxFBtS3
1cN/ACgmuTI7HIarU3ZCIcGbFbIAzHQa5GA0JjRPTNrPrDr7FpNIOan4owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNZ1BHfVwBag1hMpCgNOvntyYbfBMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvMW5VRWQ5WEFGcURXRXlrS0EwNi1lM0podDhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9WuMA0G
CSqGSIb3DQEBCwUAA4IBAQAY9YcS1kk8c6Q9o1fQ4l6EjAaUL5ejT5KmW1jNP4GP
MWHYX4vHW9xvyVNySaS1N65/cysYljrqB6tKQFsmqALKjkUlPclZ7tYTwqytorfc
j45RDng6sR/xGXQgKPpt7XQHghidhsc9+OvAbbTj2GMU/7XEr80aypxo8geoJsvL
DHucTQWosWalorsNQspG264ze9QT2fEJOtf/gIVpPyBs5uDVaDCGabj31/Z2xOTw
VYC/gBk5qmfQ2Lm6PAMRwzcTndpmR45B+Y34vpEqsYIlkKjI+U+Mj6WTTwjatXwj
dzyHhT5pGBk5s3joRr4q+MMK61S+7i5z3CpOE47TC3ku
-----END CERTIFICATE-----