Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/680589-8472-43eb-b034-21769de4a1a8/1/ItUfI_e5TZV8Ja35X57TtR81NmA.roa
File:                     ItUfI_e5TZV8Ja35X57TtR81NmA.roa (raw, json)
Hash identifier:          IR3NcH60QSQHq12hzjVbCSbj+J8hOMovAsbbfhH0qaA=
Subject key identifier:   22:D5:1F:23:F7:B9:4D:95:7C:25:AD:F9:5F:9E:D3:B5:1F:35:36:60
Certificate issuer:       /CN=9f87521f15e0457288a9f196a8c8865c36922150
Certificate serial:       019424B3FA1819B12071DCF5B8397A82294B
Authority key identifier: 9F:87:52:1F:15:E0:45:72:88:A9:F1:96:A8:C8:86:5C:36:92:21:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n4dSHxXgRXKIqfGWqMiGXDaSIVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/680589-8472-43eb-b034-21769de4a1a8/1/ItUfI_e5TZV8Ja35X57TtR81NmA.roa
Signing time:             Thu 02 Jan 2025 01:49:22 +0000
ROA not before:           Thu 02 Jan 2025 01:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50984
IP address blocks:        91.216.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/680589-8472-43eb-b034-21769de4a1a8/1/n4dSHxXgRXKIqfGWqMiGXDaSIVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/680589-8472-43eb-b034-21769de4a1a8/1/n4dSHxXgRXKIqfGWqMiGXDaSIVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n4dSHxXgRXKIqfGWqMiGXDaSIVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:fa:18:19:b1:20:71:dc:f5:b8:39:7a:82:29:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f87521f15e0457288a9f196a8c8865c36922150
        Validity
            Not Before: Jan  2 01:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22d51f23f7b94d957c25adf95f9ed3b51f353660
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:af:43:78:fa:99:b4:50:ec:b5:a4:5e:dd:5d:
                    54:94:be:45:13:d7:8f:10:94:00:d6:de:49:60:4c:
                    6d:23:0c:49:43:c8:98:fe:38:9e:3c:70:6c:16:d5:
                    8e:47:d2:88:c6:08:cb:c8:6f:d2:9e:59:02:a5:a3:
                    ea:75:83:1c:f2:80:2c:61:98:eb:50:54:be:09:4a:
                    5c:db:a8:4d:58:0b:67:7b:56:20:ad:63:25:3c:ce:
                    be:6f:1a:f5:24:58:f5:5a:e2:25:b9:97:9d:6b:3f:
                    d2:66:50:d2:21:c7:b3:f9:aa:ca:0a:22:48:64:3f:
                    c1:d0:18:54:d8:6a:7e:84:2a:44:c5:65:c4:e3:db:
                    d2:b3:09:bf:4f:cf:1e:d8:42:94:c1:ee:a0:a6:ee:
                    1b:78:f5:ed:c2:39:52:da:c3:31:92:fe:f6:9a:e9:
                    7b:e8:cf:16:51:19:98:ab:fd:26:47:6d:1c:29:c0:
                    01:e1:58:30:c8:e8:89:42:c8:ca:b2:1c:6f:5b:5f:
                    cf:94:6a:90:bc:20:1d:2a:28:71:13:de:ef:76:a5:
                    d5:c6:ba:e9:24:36:0c:81:b0:c7:9e:48:fd:f4:dd:
                    83:0f:97:16:62:45:9f:11:7b:09:1c:1d:30:2d:0f:
                    38:62:76:f7:26:e7:06:92:64:b5:fd:fc:10:d5:25:
                    e1:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:D5:1F:23:F7:B9:4D:95:7C:25:AD:F9:5F:9E:D3:B5:1F:35:36:60
            X509v3 Authority Key Identifier:
                keyid:9F:87:52:1F:15:E0:45:72:88:A9:F1:96:A8:C8:86:5C:36:92:21:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n4dSHxXgRXKIqfGWqMiGXDaSIVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/680589-8472-43eb-b034-21769de4a1a8/1/ItUfI_e5TZV8Ja35X57TtR81NmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/680589-8472-43eb-b034-21769de4a1a8/1/n4dSHxXgRXKIqfGWqMiGXDaSIVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:90:92:51:f3:fc:1c:8f:1a:52:d8:08:b8:7b:a5:85:9f:2f:
         89:0f:88:16:02:be:b0:52:25:ed:58:3d:6a:a6:a8:23:6d:b0:
         41:84:f2:62:6b:1c:2b:d1:b0:3a:fc:c9:b1:f4:1a:01:53:94:
         28:5b:c1:70:ab:1c:0b:a2:7e:d3:5e:b2:9a:24:66:2e:ea:e9:
         3c:9d:b1:55:87:74:64:ed:db:8b:21:de:92:9a:c1:29:e7:f3:
         96:e4:81:4d:f3:52:09:67:d2:2a:87:24:95:ff:d0:48:7e:a7:
         cc:00:1e:f7:64:92:c8:23:67:29:33:f8:a7:8c:10:e3:62:83:
         40:ac:69:61:b9:3a:56:91:65:6d:cf:57:12:9c:56:36:90:a1:
         43:a7:ba:bc:f7:23:83:48:47:08:5d:d1:ac:7e:c0:94:4a:8e:
         6d:f0:b2:60:f3:a8:3c:56:56:3e:91:23:91:b3:85:9a:a0:14:
         6a:01:d2:b9:c8:a5:40:3c:14:ca:bb:fc:f7:fc:d0:8e:7f:1b:
         69:fd:a8:b9:14:1a:2d:f5:f3:b5:66:9e:70:dc:c2:63:c0:20:
         ae:71:36:e5:87:4e:5f:d7:1a:43:97:af:ac:89:dd:c5:6d:fc:
         87:cf:15:37:4c:9b:31:c4:82:d2:66:34:4b:d4:d1:75:58:64:
         71:de:7d:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks/oYGbEgcdz1uDl6gilLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmODc1MjFmMTVlMDQ1NzI4OGE5ZjE5NmE4Yzg4NjVjMzY5
MjIxNTAwHhcNMjUwMTAyMDE0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmQ1MWYyM2Y3Yjk0ZDk1N2MyNWFkZjk1ZjllZDNiNTFmMzUzNjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAya9DePqZtFDstaRe3V1UlL5FE9eP
EJQA1t5JYExtIwxJQ8iY/jiePHBsFtWOR9KIxgjLyG/SnlkCpaPqdYMc8oAsYZjr
UFS+CUpc26hNWAtne1YgrWMlPM6+bxr1JFj1WuIluZedaz/SZlDSIcez+arKCiJI
ZD/B0BhU2Gp+hCpExWXE49vSswm/T88e2EKUwe6gpu4bePXtwjlS2sMxkv72mul7
6M8WURmYq/0mR20cKcAB4VgwyOiJQsjKshxvW1/PlGqQvCAdKihxE97vdqXVxrrp
JDYMgbDHnkj99N2DD5cWYkWfEXsJHB0wLQ84Ynb3JucGkmS1/fwQ1SXhuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCLVHyP3uU2VfCWt+V+e07UfNTZgMB8GA1UdIwQY
MBaAFJ+HUh8V4EVyiKnxlqjIhlw2kiFQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjRkU0h4WGdSWEtJcWZHV3FNaUdYRGFTSVZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS82ODA1ODktODQ3Mi00M2ViLWIwMzQt
MjE3NjlkZTRhMWE4LzEvSXRVZklfZTVUWlY4SmEzNVg1N1R0UjgxTm1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS82ODA1ODktODQ3Mi00M2ViLWIwMzQtMjE3NjlkZTRhMWE4
LzEvbjRkU0h4WGdSWEtJcWZHV3FNaUdYRGFTSVZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9hLMA0G
CSqGSIb3DQEBCwUAA4IBAQBXkJJR8/wcjxpS2Ai4e6WFny+JD4gWAr6wUiXtWD1q
pqgjbbBBhPJiaxwr0bA6/Mmx9BoBU5QoW8FwqxwLon7TXrKaJGYu6uk8nbFVh3Rk
7duLId6SmsEp5/OW5IFN81IJZ9IqhySV/9BIfqfMAB73ZJLII2cpM/injBDjYoNA
rGlhuTpWkWVtz1cSnFY2kKFDp7q89yODSEcIXdGsfsCUSo5t8LJg86g8VlY+kSOR
s4WaoBRqAdK5yKVAPBTKu/z3/NCOfxtp/ai5FBot9fO1Zp5w3MJjwCCucTblh05f
1xpDl6+sid3FbfyHzxU3TJsxxILSZjRL1NF1WGRx3n0H
-----END CERTIFICATE-----