Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/652dfe-acae-4243-bf33-30bbfc0855e4/1/jU0yi7PHweJFHYaEaX0jg-4Q_RU.roa
File:                     jU0yi7PHweJFHYaEaX0jg-4Q_RU.roa (raw, json)
Hash identifier:          8PA9xbvSb0ZvYzYhTOCmIzBIyrP4FgGrFueLXskDR54=
Subject key identifier:   8D:4D:32:8B:B3:C7:C1:E2:45:1D:86:84:69:7D:23:83:EE:10:FD:15
Certificate issuer:       /CN=dd5b224b6593e558038a9e40e660c77142755c1b
Certificate serial:       019422FB92BF3113EE6C4EA2D268F56D14C3
Authority key identifier: DD:5B:22:4B:65:93:E5:58:03:8A:9E:40:E6:60:C7:71:42:75:5C:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3VsiS2WT5VgDip5A5mDHcUJ1XBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/652dfe-acae-4243-bf33-30bbfc0855e4/1/jU0yi7PHweJFHYaEaX0jg-4Q_RU.roa
Signing time:             Wed 01 Jan 2025 17:48:19 +0000
ROA not before:           Wed 01 Jan 2025 17:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13011
IP address blocks:        91.209.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/652dfe-acae-4243-bf33-30bbfc0855e4/1/3VsiS2WT5VgDip5A5mDHcUJ1XBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/652dfe-acae-4243-bf33-30bbfc0855e4/1/3VsiS2WT5VgDip5A5mDHcUJ1XBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3VsiS2WT5VgDip5A5mDHcUJ1XBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:92:bf:31:13:ee:6c:4e:a2:d2:68:f5:6d:14:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd5b224b6593e558038a9e40e660c77142755c1b
        Validity
            Not Before: Jan  1 17:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d4d328bb3c7c1e2451d8684697d2383ee10fd15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:35:5b:83:63:78:9a:ca:83:c4:6d:37:9e:1e:
                    49:9b:af:52:4d:41:70:12:05:67:7b:a1:6a:38:8d:
                    cc:c5:9c:5d:85:6c:1f:8b:51:b4:c1:30:9c:77:e0:
                    0a:34:04:0f:b3:eb:62:a3:ff:ae:60:24:d3:e3:0c:
                    f5:07:c4:13:2a:d9:e4:6c:c6:8d:ee:fc:65:38:1d:
                    dd:c4:6d:9a:83:ad:f1:22:fd:d3:82:4e:9e:2d:5e:
                    3d:e7:43:d3:b6:45:9f:69:a8:1e:f4:d5:44:a7:f1:
                    3d:63:47:1c:f1:49:fa:13:14:f7:81:a6:a6:47:4b:
                    81:0d:21:08:f4:a0:97:88:ab:99:91:b5:2e:93:66:
                    ec:85:4a:e1:7c:97:47:0b:3c:6d:16:89:5d:78:c0:
                    31:cf:b9:86:d4:99:10:0b:17:2b:59:fe:3c:48:38:
                    94:22:1b:5d:ca:ab:f5:44:ce:35:85:85:46:84:86:
                    b4:1f:aa:f0:18:92:2f:d9:8d:34:3b:40:45:70:92:
                    af:90:76:dc:69:ee:b0:e4:2f:82:75:db:99:a7:11:
                    7e:3c:23:a3:a1:02:f7:83:35:97:93:16:a0:62:0e:
                    7f:9e:22:a8:f0:4b:1f:f7:f1:d5:a3:35:0b:63:cc:
                    72:b8:c5:4a:94:31:b1:49:c6:1b:09:b2:30:61:9f:
                    9c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:4D:32:8B:B3:C7:C1:E2:45:1D:86:84:69:7D:23:83:EE:10:FD:15
            X509v3 Authority Key Identifier:
                keyid:DD:5B:22:4B:65:93:E5:58:03:8A:9E:40:E6:60:C7:71:42:75:5C:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3VsiS2WT5VgDip5A5mDHcUJ1XBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/652dfe-acae-4243-bf33-30bbfc0855e4/1/jU0yi7PHweJFHYaEaX0jg-4Q_RU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/652dfe-acae-4243-bf33-30bbfc0855e4/1/3VsiS2WT5VgDip5A5mDHcUJ1XBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:b8:f5:33:bd:4a:37:13:d4:c4:f1:00:5c:91:e8:df:c9:91:
         81:04:6a:25:36:2b:be:11:d1:18:a6:49:1e:80:5f:fd:91:32:
         b1:0a:06:e8:ba:1e:b4:47:8c:0d:16:20:74:ba:f5:fa:5e:0f:
         6d:4a:35:1c:5e:18:1b:27:c0:4a:a5:83:67:12:6e:9b:f3:5f:
         12:2c:ce:c3:2d:b4:e8:92:3d:93:fc:f3:08:28:e7:56:4e:99:
         6b:0f:ef:23:fd:85:b9:b3:45:91:ab:f2:45:1c:f0:5b:ba:40:
         f1:62:7b:34:51:3c:a7:1b:5a:a5:f1:d2:dc:8a:23:ae:86:22:
         7c:2c:d3:d8:f4:5e:ad:6e:5e:cc:78:68:cd:cf:db:b6:e8:ba:
         38:ed:42:8a:9d:de:2d:8a:eb:9b:81:90:aa:83:56:f5:b6:1c:
         d1:62:22:99:5b:4f:ba:19:37:4c:e2:89:d0:f8:fb:d5:e9:69:
         bb:87:2f:74:b3:24:cd:d0:88:92:f1:d9:6c:7d:fc:ed:ab:e9:
         85:c9:31:90:80:bb:02:09:78:d8:bd:1d:2e:c4:f8:58:75:db:
         70:97:79:e0:dd:b5:89:78:7f:04:4b:67:34:c3:50:cc:e2:92:
         e6:8e:17:28:01:40:60:62:12:30:84:0b:8a:73:32:15:64:d8:
         25:57:38:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+5K/MRPubE6i0mj1bRTDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNWIyMjRiNjU5M2U1NTgwMzhhOWU0MGU2NjBjNzcxNDI3
NTVjMWIwHhcNMjUwMTAxMTc0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDRkMzI4YmIzYzdjMWUyNDUxZDg2ODQ2OTdkMjM4M2VlMTBmZDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjVbg2N4msqDxG03nh5Jm69STUFw
EgVne6FqOI3MxZxdhWwfi1G0wTCcd+AKNAQPs+tio/+uYCTT4wz1B8QTKtnkbMaN
7vxlOB3dxG2ag63xIv3Tgk6eLV4950PTtkWfaage9NVEp/E9Y0cc8Un6ExT3gaam
R0uBDSEI9KCXiKuZkbUuk2bshUrhfJdHCzxtFoldeMAxz7mG1JkQCxcrWf48SDiU
Ihtdyqv1RM41hYVGhIa0H6rwGJIv2Y00O0BFcJKvkHbcae6w5C+CdduZpxF+PCOj
oQL3gzWXkxagYg5/niKo8Esf9/HVozULY8xyuMVKlDGxScYbCbIwYZ+c/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI1NMouzx8HiRR2GhGl9I4PuEP0VMB8GA1UdIwQY
MBaAFN1bIktlk+VYA4qeQOZgx3FCdVwbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1ZzaVMyV1Q1VmdEaXA1QTVtREhjVUoxWEJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi82NTJkZmUtYWNhZS00MjQzLWJmMzMt
MzBiYmZjMDg1NWU0LzEvalUweWk3UEh3ZUpGSFlhRWFYMGpnLTRRX1JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi82NTJkZmUtYWNhZS00MjQzLWJmMzMtMzBiYmZjMDg1NWU0
LzEvM1ZzaVMyV1Q1VmdEaXA1QTVtREhjVUoxWEJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9F7MA0G
CSqGSIb3DQEBCwUAA4IBAQCOuPUzvUo3E9TE8QBckejfyZGBBGolNiu+EdEYpkke
gF/9kTKxCgbouh60R4wNFiB0uvX6Xg9tSjUcXhgbJ8BKpYNnEm6b818SLM7DLbTo
kj2T/PMIKOdWTplrD+8j/YW5s0WRq/JFHPBbukDxYns0UTynG1ql8dLciiOuhiJ8
LNPY9F6tbl7MeGjNz9u26Lo47UKKnd4tiuubgZCqg1b1thzRYiKZW0+6GTdM4onQ
+PvV6Wm7hy90syTN0IiS8dlsffztq+mFyTGQgLsCCXjYvR0uxPhYddtwl3ng3bWJ
eH8ES2c0w1DM4pLmjhcoAUBgYhIwhAuKczIVZNglVzho
-----END CERTIFICATE-----