Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/aa6565-5d97-4a80-9a5d-424c23f50ff3/1/nuDK-TC5cc4Dv5m-g_HwBrvB2yM.roa
File:                     nuDK-TC5cc4Dv5m-g_HwBrvB2yM.roa (raw, json)
Hash identifier:          HAIc8rXtzi2UFMvUxwUOqrhRhKG5mpUAWpR1IBhhhmQ=
Subject key identifier:   9E:E0:CA:F9:30:B9:71:CE:03:BF:99:BE:83:F1:F0:06:BB:C1:DB:23
Certificate issuer:       /CN=3eb91f36cffe80efe0dff26123f8f97c15d9763c
Certificate serial:       0194236A29136C8E05B4D142F92F80AAAC9E
Authority key identifier: 3E:B9:1F:36:CF:FE:80:EF:E0:DF:F2:61:23:F8:F9:7C:15:D9:76:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PrkfNs_-gO_g3_JhI_j5fBXZdjw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/aa6565-5d97-4a80-9a5d-424c23f50ff3/1/nuDK-TC5cc4Dv5m-g_HwBrvB2yM.roa
Signing time:             Wed 01 Jan 2025 19:49:07 +0000
ROA not before:           Wed 01 Jan 2025 19:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43947
IP address blocks:        91.198.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/aa6565-5d97-4a80-9a5d-424c23f50ff3/1/PrkfNs_-gO_g3_JhI_j5fBXZdjw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/aa6565-5d97-4a80-9a5d-424c23f50ff3/1/PrkfNs_-gO_g3_JhI_j5fBXZdjw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PrkfNs_-gO_g3_JhI_j5fBXZdjw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 19:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:29:13:6c:8e:05:b4:d1:42:f9:2f:80:aa:ac:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eb91f36cffe80efe0dff26123f8f97c15d9763c
        Validity
            Not Before: Jan  1 19:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ee0caf930b971ce03bf99be83f1f006bbc1db23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:fd:2f:18:14:9b:46:e9:8d:c8:de:bc:ed:f7:
                    24:6d:80:f0:a7:a9:9c:5c:95:cb:bd:a5:92:94:dd:
                    bf:5c:90:d8:21:1e:2f:39:f9:49:77:37:90:59:41:
                    de:1e:f0:b4:5a:c2:27:23:f0:22:c9:cd:f3:8b:c6:
                    0f:70:cd:50:f1:56:93:a2:fd:c9:71:60:89:b6:e3:
                    73:ed:bc:10:47:16:7e:34:72:1f:46:68:3f:22:36:
                    e4:d9:d8:e6:ed:74:5f:73:98:20:b7:37:9a:98:14:
                    55:ed:fe:96:58:3b:5b:86:93:a6:52:8f:38:9c:f7:
                    a9:f8:31:4c:68:14:4a:38:d5:58:bc:12:16:8a:3a:
                    27:0c:be:ce:95:35:29:d9:fb:4b:12:85:6a:45:47:
                    cc:2f:8c:39:f4:c5:f1:b4:c3:0e:ec:da:f0:25:12:
                    6c:b7:c8:2f:07:52:1e:ef:da:04:47:fa:51:8d:ef:
                    f8:0f:d2:fa:0e:13:39:46:c8:88:36:8f:52:8e:62:
                    08:5b:e1:77:1a:eb:07:41:aa:00:76:e4:20:b9:19:
                    f1:3a:90:8a:4c:5e:ac:7d:c4:b0:31:38:0d:74:58:
                    3c:30:75:04:e0:86:f0:92:82:5f:c3:2a:aa:2c:35:
                    53:47:3e:4c:1d:31:ed:fe:3b:66:5f:72:aa:c1:04:
                    5e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:E0:CA:F9:30:B9:71:CE:03:BF:99:BE:83:F1:F0:06:BB:C1:DB:23
            X509v3 Authority Key Identifier:
                keyid:3E:B9:1F:36:CF:FE:80:EF:E0:DF:F2:61:23:F8:F9:7C:15:D9:76:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PrkfNs_-gO_g3_JhI_j5fBXZdjw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/aa6565-5d97-4a80-9a5d-424c23f50ff3/1/nuDK-TC5cc4Dv5m-g_HwBrvB2yM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/aa6565-5d97-4a80-9a5d-424c23f50ff3/1/PrkfNs_-gO_g3_JhI_j5fBXZdjw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:60:0b:be:ec:b5:d1:b6:20:2d:01:4c:5e:7a:7a:55:70:c0:
         59:74:5a:b8:2a:0b:bf:8d:5b:f1:a0:ae:e3:13:6f:ff:42:6b:
         7e:4a:8d:2e:05:1a:16:c7:3d:92:7e:11:d7:be:11:07:c5:55:
         ba:18:39:07:b0:5a:07:45:eb:dc:4b:46:a8:35:d6:b0:a5:1a:
         65:1f:4b:1d:f2:0a:63:c8:9e:c3:71:32:58:0a:81:8a:29:82:
         a6:1a:cc:6a:0b:33:6b:ce:54:16:3a:9e:7e:9d:c2:ea:33:7b:
         6d:97:38:83:c8:f2:4b:0a:f8:1f:92:56:9c:5d:30:c6:54:36:
         e1:ff:54:32:9b:e3:50:99:62:ac:61:c7:02:0b:35:e2:d1:fe:
         30:12:9b:88:f2:94:d9:29:92:43:4c:33:1f:26:d2:ba:93:da:
         2a:f3:3b:e3:51:d6:ef:39:8e:ea:77:01:d7:ba:5e:b8:52:54:
         b3:6d:e2:8c:aa:e5:f5:e5:18:f0:e2:cc:90:06:5f:1d:83:b9:
         ac:56:c0:bc:92:dd:4b:e8:fd:3b:48:6b:d8:ad:ee:0a:24:bf:
         48:d9:0b:80:18:6d:32:bc:87:fb:59:ad:b5:1e:84:14:a5:ae:
         2c:3e:53:45:ad:f5:7e:a4:ec:58:af:8e:05:65:33:47:ee:75:
         45:9a:d9:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaikTbI4FtNFC+S+AqqyeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYjkxZjM2Y2ZmZTgwZWZlMGRmZjI2MTIzZjhmOTdjMTVk
OTc2M2MwHhcNMjUwMTAxMTk0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWUwY2FmOTMwYjk3MWNlMDNiZjk5YmU4M2YxZjAwNmJiYzFkYjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlf0vGBSbRumNyN687fckbYDwp6mc
XJXLvaWSlN2/XJDYIR4vOflJdzeQWUHeHvC0WsInI/Aiyc3zi8YPcM1Q8VaTov3J
cWCJtuNz7bwQRxZ+NHIfRmg/Ijbk2djm7XRfc5ggtzeamBRV7f6WWDtbhpOmUo84
nPep+DFMaBRKONVYvBIWijonDL7OlTUp2ftLEoVqRUfML4w59MXxtMMO7NrwJRJs
t8gvB1Ie79oER/pRje/4D9L6DhM5RsiINo9SjmIIW+F3GusHQaoAduQguRnxOpCK
TF6sfcSwMTgNdFg8MHUE4IbwkoJfwyqqLDVTRz5MHTHt/jtmX3KqwQReFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ7gyvkwuXHOA7+ZvoPx8Aa7wdsjMB8GA1UdIwQY
MBaAFD65HzbP/oDv4N/yYSP4+XwV2XY8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHJrZk5zXy1nT19nM19KaElfajVmQlhaZGp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9hYTY1NjUtNWQ5Ny00YTgwLTlhNWQt
NDI0YzIzZjUwZmYzLzEvbnVESy1UQzVjYzREdjVtLWdfSHdCcnZCMnlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9hYTY1NjUtNWQ5Ny00YTgwLTlhNWQtNDI0YzIzZjUwZmYz
LzEvUHJrZk5zXy1nT19nM19KaElfajVmQlhaZGp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8bbMA0G
CSqGSIb3DQEBCwUAA4IBAQBlYAu+7LXRtiAtAUxeenpVcMBZdFq4Kgu/jVvxoK7j
E2//Qmt+So0uBRoWxz2SfhHXvhEHxVW6GDkHsFoHRevcS0aoNdawpRplH0sd8gpj
yJ7DcTJYCoGKKYKmGsxqCzNrzlQWOp5+ncLqM3ttlziDyPJLCvgfklacXTDGVDbh
/1Qym+NQmWKsYccCCzXi0f4wEpuI8pTZKZJDTDMfJtK6k9oq8zvjUdbvOY7qdwHX
ul64UlSzbeKMquX15Rjw4syQBl8dg7msVsC8kt1L6P07SGvYre4KJL9I2QuAGG0y
vIf7Wa21HoQUpa4sPlNFrfV+pOxYr44FZTNH7nVFmtn7
-----END CERTIFICATE-----