Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/9UkCw4b12dxaFQuWu2BWrAq18cs.roa
File:                     9UkCw4b12dxaFQuWu2BWrAq18cs.roa (raw, json)
Hash identifier:          uCtVg42ZHDXRQtsH4hBM45QWmlQhdogsHZ3bdPv3hOo=
Subject key identifier:   F5:49:02:C3:86:F5:D9:DC:5A:15:0B:96:BB:60:56:AC:0A:B5:F1:CB
Certificate issuer:       /CN=2793bde946ae936d3cacc136a5f3239edf2431f4
Certificate serial:       019428243C8D92A3C441B63BF5639CA0FF5F
Authority key identifier: 27:93:BD:E9:46:AE:93:6D:3C:AC:C1:36:A5:F3:23:9E:DF:24:31:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/9UkCw4b12dxaFQuWu2BWrAq18cs.roa
Signing time:             Thu 02 Jan 2025 17:50:50 +0000
ROA not before:           Thu 02 Jan 2025 17:50:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211373
IP address blocks:        91.188.252.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 02:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:3c:8d:92:a3:c4:41:b6:3b:f5:63:9c:a0:ff:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2793bde946ae936d3cacc136a5f3239edf2431f4
        Validity
            Not Before: Jan  2 17:50:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f54902c386f5d9dc5a150b96bb6056ac0ab5f1cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:92:e4:fe:39:b5:d5:b5:23:cb:56:3c:be:90:
                    64:e0:78:c7:b2:2d:ac:8d:28:8c:4a:38:92:79:cb:
                    f1:c7:b8:ad:73:25:69:b8:4d:88:25:71:58:ac:56:
                    3f:d0:34:82:e4:af:94:f6:59:d5:eb:67:93:f5:fc:
                    10:26:f5:f7:67:b8:6e:e4:a7:43:8a:98:8e:2b:51:
                    ec:3c:2f:7e:66:59:9c:68:eb:d7:01:e8:bf:88:d4:
                    7b:06:01:82:d9:4d:52:f8:11:32:8a:02:63:18:bd:
                    84:d7:b0:c1:59:03:89:17:d4:81:3b:45:ec:1e:b5:
                    3a:f4:ac:96:a8:ad:e1:2f:fc:34:4c:e5:74:d9:d5:
                    2a:73:19:43:f6:fe:bd:75:82:72:7f:91:a7:40:c3:
                    80:13:6d:a1:0d:9d:0b:1a:b1:f5:ef:c9:12:c2:7e:
                    88:35:7d:4d:a4:dd:89:8f:10:ab:4d:bc:e9:dc:1d:
                    aa:97:05:6f:42:4c:9a:6b:4c:1c:c8:fd:3f:e8:30:
                    cc:4b:73:83:7d:c6:43:92:8e:92:22:32:12:1f:b2:
                    3e:2f:cc:f8:a7:fc:cd:8f:28:7c:20:41:2a:a2:63:
                    a6:41:a3:e7:53:e3:22:8d:dc:39:16:c6:9d:a6:84:
                    34:75:3c:ed:93:6a:fc:fe:02:9f:63:5f:12:8c:d9:
                    8f:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:49:02:C3:86:F5:D9:DC:5A:15:0B:96:BB:60:56:AC:0A:B5:F1:CB
            X509v3 Authority Key Identifier:
                keyid:27:93:BD:E9:46:AE:93:6D:3C:AC:C1:36:A5:F3:23:9E:DF:24:31:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/9UkCw4b12dxaFQuWu2BWrAq18cs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.188.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:11:b0:09:ab:ca:e0:14:df:a7:7c:72:8f:62:7b:d9:88:23:
         9b:cf:f4:3e:cc:59:4c:7c:5c:f3:2c:9d:16:4e:83:82:82:94:
         22:73:0e:3c:3e:a6:4a:74:26:0f:6b:35:d8:69:93:4b:5d:e4:
         dc:26:ce:51:87:ef:f4:e7:00:9b:75:10:db:41:8f:76:a2:d6:
         ea:4c:f9:ae:ab:59:57:3b:fe:de:9e:3c:50:60:07:8c:3b:b1:
         1f:15:d8:a9:fc:60:e3:c1:49:4a:f3:7a:27:18:62:b6:1e:b9:
         c3:d1:cc:c7:5a:89:07:5f:75:94:b4:90:a5:03:b5:7b:26:44:
         f0:47:ad:83:6f:4b:68:64:88:28:e4:60:d2:e0:8c:58:e5:ab:
         62:5e:06:23:4b:e5:d0:54:07:e4:f2:ab:c0:0d:a0:47:9c:56:
         0b:f3:7d:f5:01:ea:c8:5f:92:63:e3:c1:99:1b:df:e5:37:d8:
         4a:a0:f7:77:84:a4:1d:4a:54:34:ac:cf:27:60:e7:19:8e:56:
         d8:b9:82:ea:d9:cd:b9:31:94:23:a7:e7:74:05:4c:9c:ee:ed:
         44:8b:f1:d5:ee:f6:38:84:30:03:d2:5b:b1:e3:36:05:8c:b4:
         da:5b:10:66:fb:01:b9:d2:29:35:e4:16:7f:54:74:cf:20:96:
         75:f5:f4:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJDyNkqPEQbY79WOcoP9fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTNiZGU5NDZhZTkzNmQzY2FjYzEzNmE1ZjMyMzllZGYy
NDMxZjQwHhcNMjUwMTAyMTc1MDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTQ5MDJjMzg2ZjVkOWRjNWExNTBiOTZiYjYwNTZhYzBhYjVmMWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJLk/jm11bUjy1Y8vpBk4HjHsi2s
jSiMSjiSecvxx7itcyVpuE2IJXFYrFY/0DSC5K+U9lnV62eT9fwQJvX3Z7hu5KdD
ipiOK1HsPC9+ZlmcaOvXAei/iNR7BgGC2U1S+BEyigJjGL2E17DBWQOJF9SBO0Xs
HrU69KyWqK3hL/w0TOV02dUqcxlD9v69dYJyf5GnQMOAE22hDZ0LGrH178kSwn6I
NX1NpN2JjxCrTbzp3B2qlwVvQkyaa0wcyP0/6DDMS3ODfcZDko6SIjISH7I+L8z4
p/zNjyh8IEEqomOmQaPnU+Mijdw5FsadpoQ0dTztk2r8/gKfY18SjNmPlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPVJAsOG9dncWhULlrtgVqwKtfHLMB8GA1UdIwQY
MBaAFCeTvelGrpNtPKzBNqXzI57fJDH0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVPOTZVYXVrMjA4ck1FMnBmTWpudDhrTWZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9iZjU4ZGEtYTlkMi00MjFhLWI0M2Et
OTJjM2JmNzRhOTdiLzEvOVVrQ3c0YjEyZHhhRlF1V3UyQldyQXExOGNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9iZjU4ZGEtYTlkMi00MjFhLWI0M2EtOTJjM2JmNzRhOTdi
LzEvSjVPOTZVYXVrMjA4ck1FMnBmTWpudDhrTWZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7z8MA0G
CSqGSIb3DQEBCwUAA4IBAQA/EbAJq8rgFN+nfHKPYnvZiCObz/Q+zFlMfFzzLJ0W
ToOCgpQicw48PqZKdCYPazXYaZNLXeTcJs5Rh+/05wCbdRDbQY92otbqTPmuq1lX
O/7enjxQYAeMO7EfFdip/GDjwUlK83onGGK2HrnD0czHWokHX3WUtJClA7V7JkTw
R62Db0toZIgo5GDS4IxY5atiXgYjS+XQVAfk8qvADaBHnFYL8331AerIX5Jj48GZ
G9/lN9hKoPd3hKQdSlQ0rM8nYOcZjlbYuYLq2c25MZQjp+d0BUyc7u1Ei/HV7vY4
hDAD0lux4zYFjLTaWxBm+wG50ik15BZ/VHTPIJZ19fR4
-----END CERTIFICATE-----