Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/e28021-61d2-4a75-9c2a-b1cb03a3fd5c/1/UIanMCCnRJ931-Tk1hoWinJSB0M.roa
File:                     UIanMCCnRJ931-Tk1hoWinJSB0M.roa (raw, json)
Hash identifier:          AnyZMBxty0eLtBJMG6wbj0B4sAKzvB7Wd+ofxhC7NWo=
Subject key identifier:   50:86:A7:30:20:A7:44:9F:77:D7:E4:E4:D6:1A:16:8A:72:52:07:43
Certificate issuer:       /CN=0419f197f173117b7531facb9a63896a29d9a9a0
Certificate serial:       018CC492F2B5910CA543A42511645B6D9762
Authority key identifier: 04:19:F1:97:F1:73:11:7B:75:31:FA:CB:9A:63:89:6A:29:D9:A9:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BBnxl_FzEXt1MfrLmmOJainZqaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/e28021-61d2-4a75-9c2a-b1cb03a3fd5c/1/UIanMCCnRJ931-Tk1hoWinJSB0M.roa
Signing time:             Mon 01 Jan 2024 10:30:13 +0000
ROA not before:           Mon 01 Jan 2024 10:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210517
IP address blocks:        91.241.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/e28021-61d2-4a75-9c2a-b1cb03a3fd5c/1/BBnxl_FzEXt1MfrLmmOJainZqaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/e28021-61d2-4a75-9c2a-b1cb03a3fd5c/1/BBnxl_FzEXt1MfrLmmOJainZqaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BBnxl_FzEXt1MfrLmmOJainZqaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:02:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:f2:b5:91:0c:a5:43:a4:25:11:64:5b:6d:97:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0419f197f173117b7531facb9a63896a29d9a9a0
        Validity
            Not Before: Jan  1 10:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5086a73020a7449f77d7e4e4d61a168a72520743
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b0:84:8f:78:7a:e4:20:5b:57:b3:42:b6:d4:
                    60:1f:5c:11:75:71:e6:90:f6:af:fc:18:27:2c:e7:
                    e4:3a:93:de:90:1e:60:0d:69:45:bf:ff:61:e5:4b:
                    a9:9b:c1:d0:d3:f5:2e:ad:31:e7:3e:3e:7c:95:9f:
                    5b:46:54:06:e7:a2:35:53:8a:4b:45:c1:2c:02:c1:
                    d9:d3:2f:80:4c:5f:e9:a9:b5:81:f7:1e:73:1c:b7:
                    5f:5d:0f:1f:b1:96:21:da:79:c8:ac:b5:fc:83:f4:
                    20:84:4b:ab:ce:24:8f:fd:db:11:9f:da:be:c9:40:
                    c0:94:52:8e:ae:bf:4d:05:5b:fe:93:e3:08:97:01:
                    1b:7b:85:30:fb:ad:68:35:04:87:71:77:ff:fa:21:
                    6c:b6:58:ad:f6:c7:f2:86:da:17:73:c7:58:a2:34:
                    d3:1f:5f:9c:b3:a8:b9:20:ec:18:ff:df:13:e1:07:
                    15:71:38:46:33:82:90:87:a9:ab:6f:0a:89:8a:b3:
                    99:66:13:cf:0f:eb:80:bf:47:02:9e:4b:b6:6c:4b:
                    4a:b6:59:aa:39:95:7c:a8:8f:ef:08:21:7c:14:b7:
                    b5:97:ad:c6:cb:9d:13:b5:f6:59:1d:bd:84:1a:3c:
                    98:b0:b1:ae:56:79:2e:0d:47:b7:f7:46:38:24:34:
                    75:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:86:A7:30:20:A7:44:9F:77:D7:E4:E4:D6:1A:16:8A:72:52:07:43
            X509v3 Authority Key Identifier:
                keyid:04:19:F1:97:F1:73:11:7B:75:31:FA:CB:9A:63:89:6A:29:D9:A9:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BBnxl_FzEXt1MfrLmmOJainZqaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/e28021-61d2-4a75-9c2a-b1cb03a3fd5c/1/UIanMCCnRJ931-Tk1hoWinJSB0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/e28021-61d2-4a75-9c2a-b1cb03a3fd5c/1/BBnxl_FzEXt1MfrLmmOJainZqaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.241.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:15:33:10:f5:e5:53:06:5a:51:32:87:b8:70:e9:14:9b:ca:
         cf:30:2b:bc:56:88:81:72:19:46:af:f6:74:b0:d2:5b:3e:db:
         c6:c5:da:c2:7d:a7:65:96:50:64:b8:7b:b4:02:7e:db:d2:80:
         29:60:1c:13:1d:f7:d4:25:46:08:0d:22:ee:a6:5f:aa:ed:50:
         c2:d1:80:49:87:81:b3:ff:b7:a2:e8:90:9b:08:77:9e:8c:52:
         64:9f:dd:b4:72:f9:b6:02:d3:4d:7f:f1:9a:44:f5:19:ec:10:
         b3:d8:23:43:45:ad:eb:5c:2a:81:9b:6d:99:ca:0f:d7:5f:5f:
         60:de:2c:5a:d3:22:79:24:8c:e3:b0:ea:9a:96:87:be:69:98:
         88:5a:04:ae:56:50:d0:e9:4c:a1:e8:14:2a:78:0d:4f:ac:9d:
         32:e5:cc:5a:d3:5b:6a:bd:bd:2a:13:02:c1:03:7f:af:d2:c1:
         05:24:af:28:42:70:cc:34:27:ce:39:67:e9:c7:7c:60:3f:70:
         2e:9d:54:82:f3:54:73:33:43:dd:bd:14:92:ea:70:f2:39:c3:
         83:d8:c6:1f:bb:cc:e7:f3:75:fe:20:e4:e9:2c:6c:db:54:a7:
         9c:b7:0b:40:d5:ce:90:85:e4:22:ed:41:44:ad:2a:41:d3:e9:
         f2:63:64:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkvK1kQylQ6QlEWRbbZdiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0MTlmMTk3ZjE3MzExN2I3NTMxZmFjYjlhNjM4OTZhMjlk
OWE5YTAwHhcNMjQwMTAxMTAzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDg2YTczMDIwYTc0NDlmNzdkN2U0ZTRkNjFhMTY4YTcyNTIwNzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLCEj3h65CBbV7NCttRgH1wRdXHm
kPav/BgnLOfkOpPekB5gDWlFv/9h5Uupm8HQ0/UurTHnPj58lZ9bRlQG56I1U4pL
RcEsAsHZ0y+ATF/pqbWB9x5zHLdfXQ8fsZYh2nnIrLX8g/QghEurziSP/dsRn9q+
yUDAlFKOrr9NBVv+k+MIlwEbe4Uw+61oNQSHcXf/+iFstlit9sfyhtoXc8dYojTT
H1+cs6i5IOwY/98T4QcVcThGM4KQh6mrbwqJirOZZhPPD+uAv0cCnku2bEtKtlmq
OZV8qI/vCCF8FLe1l63Gy50TtfZZHb2EGjyYsLGuVnkuDUe390Y4JDR1kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFCGpzAgp0Sfd9fk5NYaFopyUgdDMB8GA1UdIwQY
MBaAFAQZ8ZfxcxF7dTH6y5pjiWop2amgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkJueGxfRnpFWHQxTWZyTG1tT0phaW5acWFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9lMjgwMjEtNjFkMi00YTc1LTljMmEt
YjFjYjAzYTNmZDVjLzEvVUlhbk1DQ25SSjkzMS1UazFob1dpbkpTQjBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9lMjgwMjEtNjFkMi00YTc1LTljMmEtYjFjYjAzYTNmZDVj
LzEvQkJueGxfRnpFWHQxTWZyTG1tT0phaW5acWFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/E0MA0G
CSqGSIb3DQEBCwUAA4IBAQCUFTMQ9eVTBlpRMoe4cOkUm8rPMCu8VoiBchlGr/Z0
sNJbPtvGxdrCfadlllBkuHu0An7b0oApYBwTHffUJUYIDSLupl+q7VDC0YBJh4Gz
/7ei6JCbCHeejFJkn920cvm2AtNNf/GaRPUZ7BCz2CNDRa3rXCqBm22Zyg/XX19g
3ixa0yJ5JIzjsOqaloe+aZiIWgSuVlDQ6Uyh6BQqeA1PrJ0y5cxa01tqvb0qEwLB
A3+v0sEFJK8oQnDMNCfOOWfpx3xgP3AunVSC81RzM0PdvRSS6nDyOcOD2MYfu8zn
83X+IOTpLGzbVKectwtA1c6QheQi7UFErSpB0+nyY2SC
-----END CERTIFICATE-----