Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Uwyhf77GnBwjk-7ZJliqUSlLyoY.roa
File:                     Uwyhf77GnBwjk-7ZJliqUSlLyoY.roa (raw, json)
Hash identifier:          W2LUThwaqwD3/Akh5V53x5o3rSawjwzqYG3uJzA1AVY=
Subject key identifier:   53:0C:A1:7F:BE:C6:9C:1C:23:93:EE:D9:26:58:AA:51:29:4B:CA:86
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0194222029C8C8B54116BCA9EB78C1FFB306
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Uwyhf77GnBwjk-7ZJliqUSlLyoY.roa
Signing time:             Wed 01 Jan 2025 13:48:40 +0000
ROA not before:           Wed 01 Jan 2025 13:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     149782
IP address blocks:        45.91.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:29:c8:c8:b5:41:16:bc:a9:eb:78:c1:ff:b3:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=530ca17fbec69c1c2393eed92658aa51294bca86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:1a:7f:0b:a3:26:41:44:ba:30:23:90:aa:c5:
                    ae:64:ed:05:7f:ad:a3:38:47:7c:cb:15:75:e0:36:
                    d0:23:d9:3a:46:d6:59:2c:49:e1:73:14:8c:19:c6:
                    87:22:55:6a:a5:f6:aa:4d:0b:20:5e:ef:81:f7:d1:
                    dc:33:3c:a2:d2:f8:fc:25:75:9a:25:02:11:1f:30:
                    ff:84:8e:d4:ee:8f:46:ba:30:9e:ed:65:b9:a7:5a:
                    ed:5d:9c:ed:30:43:30:da:0c:17:55:ec:ec:b9:26:
                    0d:8b:d1:ee:39:49:eb:d5:f5:cf:29:0c:45:ed:cb:
                    53:f6:d9:d1:60:fd:92:4d:f7:75:93:06:bb:a4:98:
                    cd:85:98:32:39:d6:52:a8:f8:42:d5:67:c9:7e:39:
                    71:46:5e:f6:27:c3:a1:c6:e2:f4:77:3b:9f:51:6c:
                    33:81:c4:04:57:54:e6:b0:57:6a:b9:a0:d2:5a:03:
                    5c:51:6e:e2:9a:ed:65:3a:ba:96:ce:bd:93:c5:40:
                    d1:e3:6d:9e:5b:00:f5:18:21:30:9e:81:5b:c7:2b:
                    4d:4e:e8:b2:41:6f:0f:71:0c:f2:67:d4:7a:ff:2c:
                    93:38:17:7d:6c:9a:38:61:ec:c8:c3:04:01:fe:62:
                    d6:0e:0a:3c:dd:92:2a:60:4c:c6:a7:4a:62:16:d0:
                    22:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:0C:A1:7F:BE:C6:9C:1C:23:93:EE:D9:26:58:AA:51:29:4B:CA:86
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Uwyhf77GnBwjk-7ZJliqUSlLyoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:14:b5:7e:5f:fb:7f:88:83:df:aa:04:4a:29:89:0e:8c:d2:
         7c:83:27:b7:3d:1b:46:89:77:75:89:5a:ff:f0:2c:aa:56:77:
         94:6d:89:cc:5e:a2:b4:18:60:69:7d:4c:98:68:7d:68:91:11:
         a4:de:ad:80:60:2e:e2:b4:23:ef:e9:f2:55:f1:bb:ad:a4:0d:
         86:85:7b:be:c4:2c:55:2f:86:3b:d8:60:d7:a3:d5:57:84:a1:
         96:c0:31:ca:c7:f7:18:36:88:58:39:7d:85:68:33:b4:71:ca:
         d5:92:28:d5:6a:a1:12:8c:86:1d:9a:f9:03:32:8c:5a:17:5f:
         a9:e7:77:ad:e8:6a:e4:c6:0f:f6:59:dc:83:3a:62:9b:96:03:
         b5:25:3a:b2:4b:2b:b6:c3:55:f2:4b:15:1a:4b:72:73:37:51:
         a8:1a:d1:3a:f1:9f:b8:2c:94:07:84:c1:fe:d6:d0:8c:77:9f:
         95:81:6c:c2:d8:5c:d4:02:df:0d:9f:57:09:d1:67:b5:d4:a4:
         0b:2c:82:f1:e2:0a:35:01:93:c7:13:1a:17:1e:9b:a2:a4:3e:
         8f:e8:10:b2:d1:cb:59:de:cd:53:bf:9b:e0:5c:e4:e3:e1:8b:
         c3:e3:68:b0:2c:b1:28:8e:70:04:17:ac:ac:e2:4e:b9:e5:3d:
         44:7c:41:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiICnIyLVBFryp63jB/7MGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzBjYTE3ZmJlYzY5YzFjMjM5M2VlZDkyNjU4YWE1MTI5NGJjYTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxp/C6MmQUS6MCOQqsWuZO0Ff62j
OEd8yxV14DbQI9k6RtZZLEnhcxSMGcaHIlVqpfaqTQsgXu+B99HcMzyi0vj8JXWa
JQIRHzD/hI7U7o9GujCe7WW5p1rtXZztMEMw2gwXVezsuSYNi9HuOUnr1fXPKQxF
7ctT9tnRYP2STfd1kwa7pJjNhZgyOdZSqPhC1WfJfjlxRl72J8OhxuL0dzufUWwz
gcQEV1TmsFdquaDSWgNcUW7imu1lOrqWzr2TxUDR422eWwD1GCEwnoFbxytNTuiy
QW8PcQzyZ9R6/yyTOBd9bJo4YezIwwQB/mLWDgo83ZIqYEzGp0piFtAipwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFMMoX++xpwcI5Pu2SZYqlEpS8qGMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvVXd5aGY3N0duQndqay03WkpsaXFVU2xMeW9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVszMA0G
CSqGSIb3DQEBCwUAA4IBAQBTFLV+X/t/iIPfqgRKKYkOjNJ8gye3PRtGiXd1iVr/
8CyqVneUbYnMXqK0GGBpfUyYaH1okRGk3q2AYC7itCPv6fJV8butpA2GhXu+xCxV
L4Y72GDXo9VXhKGWwDHKx/cYNohYOX2FaDO0ccrVkijVaqESjIYdmvkDMoxaF1+p
53et6Grkxg/2WdyDOmKblgO1JTqySyu2w1XySxUaS3JzN1GoGtE68Z+4LJQHhMH+
1tCMd5+VgWzC2FzUAt8Nn1cJ0We11KQLLILx4go1AZPHExoXHpuipD6P6BCy0ctZ
3s1Tv5vgXOTj4YvD42iwLLEojnAEF6ys4k655T1EfEFW
-----END CERTIFICATE-----