Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d348b5-151c-4aa5-bd09-ef5d5011ca77/1/XmJ8vYGbQYVnd8y-h4wRzi3J_pE.roa
File:                     XmJ8vYGbQYVnd8y-h4wRzi3J_pE.roa (raw, json)
Hash identifier:          exnN1l7i5NuQ19i+bMh7iG0NXDBSnKZN8vpjyWS2vRc=
Subject key identifier:   5E:62:7C:BD:81:9B:41:85:67:77:CC:BE:87:8C:11:CE:2D:C9:FE:91
Certificate issuer:       /CN=50a06a453fcd5f26faf4822c4b459098dcaff039
Certificate serial:       019421B1C2731A1B7D8A2F6630586632798F
Authority key identifier: 50:A0:6A:45:3F:CD:5F:26:FA:F4:82:2C:4B:45:90:98:DC:AF:F0:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UKBqRT_NXyb69IIsS0WQmNyv8Dk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d348b5-151c-4aa5-bd09-ef5d5011ca77/1/XmJ8vYGbQYVnd8y-h4wRzi3J_pE.roa
Signing time:             Wed 01 Jan 2025 11:48:05 +0000
ROA not before:           Wed 01 Jan 2025 11:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1759
IP address blocks:        91.195.246.0/23 maxlen: 24
                          193.143.8.0/21 maxlen: 24
                          193.143.240.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d348b5-151c-4aa5-bd09-ef5d5011ca77/1/UKBqRT_NXyb69IIsS0WQmNyv8Dk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d348b5-151c-4aa5-bd09-ef5d5011ca77/1/UKBqRT_NXyb69IIsS0WQmNyv8Dk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UKBqRT_NXyb69IIsS0WQmNyv8Dk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:c2:73:1a:1b:7d:8a:2f:66:30:58:66:32:79:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50a06a453fcd5f26faf4822c4b459098dcaff039
        Validity
            Not Before: Jan  1 11:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e627cbd819b41856777ccbe878c11ce2dc9fe91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:dc:f9:a0:d0:26:fb:50:af:74:7a:3d:fe:40:
                    2d:46:e9:10:f1:18:e5:3f:70:34:56:48:c1:17:59:
                    0f:5c:f3:ad:60:95:33:30:41:ae:76:f1:04:ee:3f:
                    ec:3e:43:f1:9c:a8:b4:f8:7f:72:2b:85:cf:d3:46:
                    22:5f:c8:84:f3:7f:41:98:c5:ce:27:c9:fd:16:d0:
                    61:c5:c6:94:03:7a:18:e1:52:47:03:51:4d:d7:8f:
                    cb:1a:7f:b6:00:a3:d5:23:62:aa:34:bf:6b:e7:af:
                    c1:f2:48:5f:c8:4e:88:67:51:b4:45:20:3b:8e:ff:
                    7f:23:d6:90:af:6e:ec:0f:a0:15:5c:75:80:6a:bc:
                    61:e4:f5:59:3d:6f:44:f9:1e:05:8a:f9:9b:20:e6:
                    57:95:e7:a9:97:c5:8a:f4:97:12:32:35:b9:9b:85:
                    d4:78:42:84:b4:e4:9e:68:d7:e8:1c:3d:f3:3c:6d:
                    9a:df:90:84:3a:ae:37:54:33:b0:aa:95:98:17:6c:
                    dc:01:5d:c6:89:dc:ef:04:b0:52:a3:a2:55:75:d7:
                    5d:42:28:0f:9d:4e:2f:3d:7f:55:f8:e7:76:97:47:
                    74:6e:2b:0a:e0:c8:f8:59:3f:c4:1c:a5:f8:32:c6:
                    05:d9:a2:57:9c:e0:0c:e0:bf:f5:c6:d1:9f:28:3a:
                    a8:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:62:7C:BD:81:9B:41:85:67:77:CC:BE:87:8C:11:CE:2D:C9:FE:91
            X509v3 Authority Key Identifier:
                keyid:50:A0:6A:45:3F:CD:5F:26:FA:F4:82:2C:4B:45:90:98:DC:AF:F0:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UKBqRT_NXyb69IIsS0WQmNyv8Dk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d348b5-151c-4aa5-bd09-ef5d5011ca77/1/XmJ8vYGbQYVnd8y-h4wRzi3J_pE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d348b5-151c-4aa5-bd09-ef5d5011ca77/1/UKBqRT_NXyb69IIsS0WQmNyv8Dk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.246.0/23
                  193.143.8.0/21
                  193.143.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         82:9a:4c:aa:43:45:3c:62:b9:08:36:47:4b:6c:33:cb:31:ce:
         9a:bb:16:62:b8:7b:69:ac:fe:28:d5:36:03:d3:c1:21:e9:eb:
         6a:75:4c:3b:0f:e7:c5:54:3b:5f:3d:b2:f9:6f:1b:05:6c:58:
         d5:38:b7:21:fc:47:4a:bd:55:50:16:28:da:fb:1d:2f:f2:1d:
         d8:79:e1:f0:80:57:f1:05:14:9c:f4:37:54:6b:c0:ea:98:0e:
         43:34:30:8e:a7:a3:06:79:a9:8e:33:f5:27:ee:e6:68:97:a8:
         ce:8a:4a:8c:70:ea:f0:6f:34:e9:72:87:0e:ba:7f:e4:84:59:
         2f:ca:c1:57:48:89:32:b6:30:7d:6b:24:29:3e:db:05:00:ae:
         cd:20:33:c6:22:fe:76:e7:61:f0:74:e4:a8:a8:58:ec:32:a7:
         d1:7b:5a:92:57:5d:75:38:96:43:78:c6:b8:2e:77:16:60:6b:
         9a:94:18:2f:f0:34:5a:64:c6:74:9d:50:a9:4d:d8:fa:69:02:
         78:30:ba:5b:c7:39:90:7b:5b:b9:ce:9f:d3:8b:36:65:53:a1:
         fc:df:19:1c:49:ef:a0:bf:e2:07:45:c5:6a:b1:ab:90:7b:c6:
         f2:b3:07:56:2d:99:fe:5f:f5:49:5b:d1:fd:09:89:a9:83:32:
         65:e6:0a:b6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhscJzGht9ii9mMFhmMnmPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwYTA2YTQ1M2ZjZDVmMjZmYWY0ODIyYzRiNDU5MDk4ZGNh
ZmYwMzkwHhcNMjUwMTAxMTE0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTYyN2NiZDgxOWI0MTg1Njc3N2NjYmU4NzhjMTFjZTJkYzlmZTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAztz5oNAm+1CvdHo9/kAtRukQ8Rjl
P3A0VkjBF1kPXPOtYJUzMEGudvEE7j/sPkPxnKi0+H9yK4XP00YiX8iE839BmMXO
J8n9FtBhxcaUA3oY4VJHA1FN14/LGn+2AKPVI2KqNL9r56/B8khfyE6IZ1G0RSA7
jv9/I9aQr27sD6AVXHWAarxh5PVZPW9E+R4FivmbIOZXleepl8WK9JcSMjW5m4XU
eEKEtOSeaNfoHD3zPG2a35CEOq43VDOwqpWYF2zcAV3GidzvBLBSo6JVddddQigP
nU4vPX9V+Od2l0d0bisK4Mj4WT/EHKX4MsYF2aJXnOAM4L/1xtGfKDqotwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFF5ifL2Bm0GFZ3fMvoeMEc4tyf6RMB8GA1UdIwQY
MBaAFFCgakU/zV8m+vSCLEtFkJjcr/A5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUtCcVJUX05YeWI2OUlJc1MwV1FtTnl2OERrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kMzQ4YjUtMTUxYy00YWE1LWJkMDkt
ZWY1ZDUwMTFjYTc3LzEvWG1KOHZZR2JRWVZuZDh5LWg0d1J6aTNKX3BFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kMzQ4YjUtMTUxYy00YWE1LWJkMDktZWY1ZDUwMTFjYTc3
LzEvVUtCcVJUX05YeWI2OUlJc1MwV1FtTnl2OERrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBW8P2AwQD
wY8IAwQDwY/wMA0GCSqGSIb3DQEBCwUAA4IBAQCCmkyqQ0U8YrkINkdLbDPLMc6a
uxZiuHtprP4o1TYD08Eh6etqdUw7D+fFVDtfPbL5bxsFbFjVOLch/EdKvVVQFija
+x0v8h3YeeHwgFfxBRSc9DdUa8DqmA5DNDCOp6MGeamOM/Un7uZol6jOikqMcOrw
bzTpcocOun/khFkvysFXSIkytjB9ayQpPtsFAK7NIDPGIv5252HwdOSoqFjsMqfR
e1qSV111OJZDeMa4LncWYGualBgv8DRaZMZ0nVCpTdj6aQJ4MLpbxzmQe1u5zp/T
izZlU6H83xkcSe+gv+IHRcVqsauQe8byswdWLZn+X/VJW9H9CYmpgzJl5gq2
-----END CERTIFICATE-----