Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/c68bd1-8a98-41b2-b36b-386eea8d8dd6/1/ubBLzYK970uCPs-YK4zluW46aDA.roa
File:                     ubBLzYK970uCPs-YK4zluW46aDA.roa (raw, json)
Hash identifier:          2CPV2+SVKbtctAZjBBWKlR63hzPVXZeNXj3E5ScppHw=
Subject key identifier:   B9:B0:4B:CD:82:BD:EF:4B:82:3E:CF:98:2B:8C:E5:B9:6E:3A:68:30
Certificate issuer:       /CN=4eee86b22c24bca7713071de95d6822c339cfd1c
Certificate serial:       018CC3494A05E445C6C8BFCB3596CF263B9B
Authority key identifier: 4E:EE:86:B2:2C:24:BC:A7:71:30:71:DE:95:D6:82:2C:33:9C:FD:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tu6GsiwkvKdxMHHeldaCLDOc_Rw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/c68bd1-8a98-41b2-b36b-386eea8d8dd6/1/ubBLzYK970uCPs-YK4zluW46aDA.roa
Signing time:             Mon 01 Jan 2024 04:30:09 +0000
ROA not before:           Mon 01 Jan 2024 04:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30781
IP address blocks:        91.240.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/c68bd1-8a98-41b2-b36b-386eea8d8dd6/1/Tu6GsiwkvKdxMHHeldaCLDOc_Rw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/c68bd1-8a98-41b2-b36b-386eea8d8dd6/1/Tu6GsiwkvKdxMHHeldaCLDOc_Rw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tu6GsiwkvKdxMHHeldaCLDOc_Rw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:4a:05:e4:45:c6:c8:bf:cb:35:96:cf:26:3b:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4eee86b22c24bca7713071de95d6822c339cfd1c
        Validity
            Not Before: Jan  1 04:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9b04bcd82bdef4b823ecf982b8ce5b96e3a6830
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5b:14:e0:f2:b4:cd:4e:1b:85:34:8d:d8:09:
                    0f:57:10:f8:39:e5:97:ee:c1:e5:ba:5a:e6:7b:4e:
                    9b:81:cf:51:dd:0f:b3:6b:87:2c:46:b0:bb:5e:ba:
                    8b:ed:cf:f5:23:fc:df:22:b4:b4:09:47:51:fe:e4:
                    51:7a:2b:b8:ff:79:b7:c7:5a:93:bc:58:aa:b2:10:
                    08:3c:28:0e:8f:e6:bd:ac:5d:bf:5c:8d:90:08:38:
                    99:fc:af:20:36:e1:85:84:af:f3:97:6c:d9:1e:db:
                    4d:7d:c9:7d:d3:f7:05:eb:6b:92:59:ce:95:b1:48:
                    62:df:dd:9e:b5:be:70:3a:fe:8b:9a:24:9f:1c:6f:
                    f8:c7:98:95:7c:df:b7:41:af:cc:ae:b4:d2:cb:36:
                    13:b0:cf:3a:cb:b9:8e:2b:61:02:8f:2b:88:6d:af:
                    d6:bb:aa:a6:f4:86:2d:24:d8:a3:90:73:f8:a6:c6:
                    aa:26:5e:67:db:28:87:73:2d:ef:fc:f1:2a:dc:be:
                    4a:58:89:74:a1:60:ea:d3:8b:c9:b8:29:8f:1b:ef:
                    8c:f1:3b:4c:9d:f5:16:47:85:fe:e5:da:6f:57:d3:
                    00:ea:ff:3a:29:18:c2:85:66:8d:5c:99:a1:07:64:
                    2e:59:95:18:c9:69:d2:73:5b:59:ff:d9:94:8f:e7:
                    21:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:B0:4B:CD:82:BD:EF:4B:82:3E:CF:98:2B:8C:E5:B9:6E:3A:68:30
            X509v3 Authority Key Identifier:
                keyid:4E:EE:86:B2:2C:24:BC:A7:71:30:71:DE:95:D6:82:2C:33:9C:FD:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tu6GsiwkvKdxMHHeldaCLDOc_Rw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/c68bd1-8a98-41b2-b36b-386eea8d8dd6/1/ubBLzYK970uCPs-YK4zluW46aDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/c68bd1-8a98-41b2-b36b-386eea8d8dd6/1/Tu6GsiwkvKdxMHHeldaCLDOc_Rw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:cd:7e:7b:03:35:ce:67:b0:e8:e6:17:d6:02:27:09:09:ca:
         1e:5f:23:c1:8e:f1:6a:8b:01:8e:08:e4:d0:f9:8e:16:2b:c9:
         44:34:a1:5f:40:bf:91:4b:16:96:be:1c:a9:ca:ad:8d:b9:1c:
         8b:77:dd:78:cd:bd:18:8b:67:06:b4:b0:b8:5b:dd:17:b4:7d:
         90:22:b0:aa:f1:ed:f7:7f:af:26:5a:c0:ff:4f:fb:45:10:23:
         15:4b:0c:35:e6:54:ee:be:5f:fa:1a:46:dc:24:85:5b:60:45:
         ac:55:7b:b7:af:13:78:18:92:a0:7c:1b:20:7e:63:9f:98:c2:
         ba:7c:b0:db:57:05:25:2f:79:84:86:51:ab:1e:39:75:87:b6:
         d5:e3:06:a8:b2:ce:de:18:d9:87:2e:4a:5d:95:c9:f5:19:64:
         f4:65:fd:a3:f1:c3:a2:da:16:85:bf:f5:de:f3:9e:99:98:ae:
         63:0e:8f:17:00:64:56:b3:6a:b6:ef:b7:eb:54:c5:3a:e8:27:
         3b:2c:23:5b:01:77:f1:6f:58:cc:c1:39:b2:94:c8:fc:df:6a:
         64:4b:03:59:4b:7a:ff:0f:8a:63:10:5d:c3:2b:e2:55:cc:99:
         82:3b:da:6f:73:5d:5c:71:b2:af:d5:a2:28:d4:69:bb:99:55:
         c9:9f:75:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSUoF5EXGyL/LNZbPJjubMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlZWU4NmIyMmMyNGJjYTc3MTMwNzFkZTk1ZDY4MjJjMzM5
Y2ZkMWMwHhcNMjQwMTAxMDQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWIwNGJjZDgyYmRlZjRiODIzZWNmOTgyYjhjZTViOTZlM2E2ODMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFsU4PK0zU4bhTSN2AkPVxD4OeWX
7sHlulrme06bgc9R3Q+za4csRrC7XrqL7c/1I/zfIrS0CUdR/uRReiu4/3m3x1qT
vFiqshAIPCgOj+a9rF2/XI2QCDiZ/K8gNuGFhK/zl2zZHttNfcl90/cF62uSWc6V
sUhi392etb5wOv6LmiSfHG/4x5iVfN+3Qa/MrrTSyzYTsM86y7mOK2ECjyuIba/W
u6qm9IYtJNijkHP4psaqJl5n2yiHcy3v/PEq3L5KWIl0oWDq04vJuCmPG++M8TtM
nfUWR4X+5dpvV9MA6v86KRjChWaNXJmhB2QuWZUYyWnSc1tZ/9mUj+chCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLmwS82Cve9Lgj7PmCuM5bluOmgwMB8GA1UdIwQY
MBaAFE7uhrIsJLyncTBx3pXWgiwznP0cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHU2R3Npd2t2S2R4TUhIZWxkYUNMRE9jX1J3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9jNjhiZDEtOGE5OC00MWIyLWIzNmIt
Mzg2ZWVhOGQ4ZGQ2LzEvdWJCTHpZSzk3MHVDUHMtWUs0emx1VzQ2YURBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9jNjhiZDEtOGE5OC00MWIyLWIzNmItMzg2ZWVhOGQ4ZGQ2
LzEvVHU2R3Npd2t2S2R4TUhIZWxkYUNMRE9jX1J3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/BtMA0G
CSqGSIb3DQEBCwUAA4IBAQBXzX57AzXOZ7Do5hfWAicJCcoeXyPBjvFqiwGOCOTQ
+Y4WK8lENKFfQL+RSxaWvhypyq2NuRyLd914zb0Yi2cGtLC4W90XtH2QIrCq8e33
f68mWsD/T/tFECMVSww15lTuvl/6GkbcJIVbYEWsVXu3rxN4GJKgfBsgfmOfmMK6
fLDbVwUlL3mEhlGrHjl1h7bV4waoss7eGNmHLkpdlcn1GWT0Zf2j8cOi2haFv/Xe
856ZmK5jDo8XAGRWs2q277frVMU66Cc7LCNbAXfxb1jMwTmylMj832pkSwNZS3r/
D4pjEF3DK+JVzJmCO9pvc11ccbKv1aIo1Gm7mVXJn3Vd
-----END CERTIFICATE-----