Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/96a6a8-fb81-4a0f-ab83-a299b022d84e/1/U7D4TZTpDT8HLh7cA3VX7s7UwLM.roa
File:                     U7D4TZTpDT8HLh7cA3VX7s7UwLM.roa (raw, json)
Hash identifier:          lHErScciJYCx6ZKhuLnaAHIj3ArNIjAbGMParEdy3fc=
Subject key identifier:   53:B0:F8:4D:94:E9:0D:3F:07:2E:1E:DC:03:75:57:EE:CE:D4:C0:B3
Certificate issuer:       /CN=2410e4d1182515c47df36a1001b7f681e2dcf414
Certificate serial:       018CCA2A0C65936107BFCE38A33BD9BD3629
Authority key identifier: 24:10:E4:D1:18:25:15:C4:7D:F3:6A:10:01:B7:F6:81:E2:DC:F4:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JBDk0RglFcR982oQAbf2geLc9BQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/96a6a8-fb81-4a0f-ab83-a299b022d84e/1/U7D4TZTpDT8HLh7cA3VX7s7UwLM.roa
Signing time:             Tue 02 Jan 2024 12:33:22 +0000
ROA not before:           Tue 02 Jan 2024 12:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49591
IP address blocks:        91.213.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/96a6a8-fb81-4a0f-ab83-a299b022d84e/1/JBDk0RglFcR982oQAbf2geLc9BQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/96a6a8-fb81-4a0f-ab83-a299b022d84e/1/JBDk0RglFcR982oQAbf2geLc9BQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JBDk0RglFcR982oQAbf2geLc9BQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:0c:65:93:61:07:bf:ce:38:a3:3b:d9:bd:36:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2410e4d1182515c47df36a1001b7f681e2dcf414
        Validity
            Not Before: Jan  2 12:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53b0f84d94e90d3f072e1edc037557eeced4c0b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:b8:56:fd:d2:f3:2f:5e:8e:12:0c:d0:d2:1e:
                    1d:b4:44:77:de:83:13:a5:a4:fb:cd:57:17:b7:1f:
                    1a:e5:7b:27:ae:9d:18:ff:05:e4:6a:b2:f9:c6:eb:
                    82:f3:b6:c5:8b:0c:f3:bc:36:d6:59:fb:21:ec:2f:
                    3e:4b:67:07:17:8c:96:39:e2:30:a3:7c:63:f2:4c:
                    51:c6:34:8f:19:c7:95:d2:86:44:26:04:9a:8d:70:
                    f6:d1:66:7b:ca:c5:27:80:2f:73:ec:6d:fa:0a:ed:
                    13:1d:7c:75:3d:33:1f:9c:c0:02:0c:e4:f1:4a:79:
                    f6:d7:a6:be:1d:5c:a2:00:62:60:19:0e:ea:ab:ed:
                    e9:a1:87:35:20:2a:08:b6:77:7a:e1:51:9b:e8:85:
                    6a:95:2b:47:26:73:4a:f5:f4:19:d1:0e:11:d0:e7:
                    93:0f:62:2b:cc:5f:72:45:fd:82:2e:36:9d:21:a9:
                    02:93:b8:5e:6c:ce:a7:59:b0:ae:dd:88:86:78:c8:
                    0f:8a:3f:5b:9e:28:e9:90:da:7a:c2:91:c2:f9:53:
                    70:48:1a:2a:f5:6c:dd:17:44:10:30:7e:e8:72:43:
                    36:9e:61:b6:f7:32:11:6c:18:1b:4f:d7:28:a9:f7:
                    4d:a1:18:b5:b7:d0:0b:b8:ca:83:07:72:33:68:29:
                    51:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:B0:F8:4D:94:E9:0D:3F:07:2E:1E:DC:03:75:57:EE:CE:D4:C0:B3
            X509v3 Authority Key Identifier:
                keyid:24:10:E4:D1:18:25:15:C4:7D:F3:6A:10:01:B7:F6:81:E2:DC:F4:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JBDk0RglFcR982oQAbf2geLc9BQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/96a6a8-fb81-4a0f-ab83-a299b022d84e/1/U7D4TZTpDT8HLh7cA3VX7s7UwLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/96a6a8-fb81-4a0f-ab83-a299b022d84e/1/JBDk0RglFcR982oQAbf2geLc9BQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:0a:23:9a:19:9a:83:d6:f6:0f:18:50:23:b7:16:82:90:32:
         95:b4:26:e2:77:74:d3:ff:55:f9:b2:f6:a8:ff:c2:33:59:7d:
         ca:52:3c:b5:1c:2a:c2:43:dd:af:6e:bd:80:41:c5:9e:a3:67:
         c6:03:a1:bf:26:8b:1b:08:9b:ba:ce:a9:b5:36:3f:a8:48:5b:
         a4:f5:45:ea:6a:7c:32:3f:17:5f:86:e9:04:68:7e:3c:7b:2d:
         a1:31:d0:fc:8c:c7:96:7b:fe:c6:6d:79:78:a9:cc:5c:9b:80:
         85:b0:90:2e:f7:1f:7d:30:c8:6c:fc:7b:6b:3c:70:1f:54:88:
         d2:66:8b:30:67:ed:29:eb:ed:78:7f:d9:0d:a7:34:cc:ca:9d:
         5e:dc:fb:4c:96:f7:6b:77:8c:49:f5:33:d5:a1:d7:4f:a9:cc:
         12:1a:bb:6f:60:6a:14:77:f1:31:e2:6d:b3:12:f1:d8:ee:30:
         22:42:10:4c:ce:31:2a:4e:f2:9c:9f:52:ec:0d:bd:80:de:8f:
         15:d0:b0:6a:23:be:c3:db:a6:5e:1a:c5:84:7e:cf:56:cb:23:
         7d:73:98:5e:4f:e5:10:e2:2a:e5:de:dc:74:d7:72:f8:d0:09:
         a0:a3:b3:19:60:66:11:57:18:85:e1:8b:7f:bc:c9:5f:2b:d2:
         91:18:13:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKgxlk2EHv844ozvZvTYpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MTBlNGQxMTgyNTE1YzQ3ZGYzNmExMDAxYjdmNjgxZTJk
Y2Y0MTQwHhcNMjQwMTAyMTIzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2IwZjg0ZDk0ZTkwZDNmMDcyZTFlZGMwMzc1NTdlZWNlZDRjMGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5LhW/dLzL16OEgzQ0h4dtER33oMT
paT7zVcXtx8a5Xsnrp0Y/wXkarL5xuuC87bFiwzzvDbWWfsh7C8+S2cHF4yWOeIw
o3xj8kxRxjSPGceV0oZEJgSajXD20WZ7ysUngC9z7G36Cu0THXx1PTMfnMACDOTx
Snn216a+HVyiAGJgGQ7qq+3poYc1ICoItnd64VGb6IVqlStHJnNK9fQZ0Q4R0OeT
D2IrzF9yRf2CLjadIakCk7hebM6nWbCu3YiGeMgPij9bnijpkNp6wpHC+VNwSBoq
9WzdF0QQMH7ockM2nmG29zIRbBgbT9coqfdNoRi1t9ALuMqDB3IzaClRcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFOw+E2U6Q0/By4e3AN1V+7O1MCzMB8GA1UdIwQY
MBaAFCQQ5NEYJRXEffNqEAG39oHi3PQUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkJEazBSZ2xGY1I5ODJvUUFiZjJnZUxjOUJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy85NmE2YTgtZmI4MS00YTBmLWFiODMt
YTI5OWIwMjJkODRlLzEvVTdENFRaVHBEVDhITGg3Y0EzVlg3czdVd0xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy85NmE2YTgtZmI4MS00YTBmLWFiODMtYTI5OWIwMjJkODRl
LzEvSkJEazBSZ2xGY1I5ODJvUUFiZjJnZUxjOUJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9U3MA0G
CSqGSIb3DQEBCwUAA4IBAQAlCiOaGZqD1vYPGFAjtxaCkDKVtCbid3TT/1X5svao
/8IzWX3KUjy1HCrCQ92vbr2AQcWeo2fGA6G/JosbCJu6zqm1Nj+oSFuk9UXqanwy
PxdfhukEaH48ey2hMdD8jMeWe/7GbXl4qcxcm4CFsJAu9x99MMhs/HtrPHAfVIjS
ZoswZ+0p6+14f9kNpzTMyp1e3PtMlvdrd4xJ9TPVoddPqcwSGrtvYGoUd/Ex4m2z
EvHY7jAiQhBMzjEqTvKcn1LsDb2A3o8V0LBqI77D26ZeGsWEfs9WyyN9c5heT+UQ
4irl3tx013L40Amgo7MZYGYRVxiF4Yt/vMlfK9KRGBN6
-----END CERTIFICATE-----