Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/d2dc9b-bcdc-42de-a1ae-42ce2d2be097/1/uDZZBTPRRP5MQogb2OjdT8pUiBA.roa
File:                     uDZZBTPRRP5MQogb2OjdT8pUiBA.roa (raw, json)
Hash identifier:          T9yL9Bw5mv08XIGrA3/0U3W6rC1uZNivZ+GrYQ4KE/k=
Subject key identifier:   B8:36:59:05:33:D1:44:FE:4C:42:88:1B:D8:E8:DD:4F:CA:54:88:10
Certificate issuer:       /CN=fcd6dee0f8ba3c22293d62ec701ef250bcc8d2e7
Certificate serial:       019422FB9FD64EA4D49D48E68BA512E9FC39
Authority key identifier: FC:D6:DE:E0:F8:BA:3C:22:29:3D:62:EC:70:1E:F2:50:BC:C8:D2:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Nbe4Pi6PCIpPWLscB7yULzI0uc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/d2dc9b-bcdc-42de-a1ae-42ce2d2be097/1/uDZZBTPRRP5MQogb2OjdT8pUiBA.roa
Signing time:             Wed 01 Jan 2025 17:48:23 +0000
ROA not before:           Wed 01 Jan 2025 17:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52003
IP address blocks:        91.221.178.0/24 maxlen: 24
                          91.221.179.0/24 maxlen: 24
                          2001:678:374::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/d2dc9b-bcdc-42de-a1ae-42ce2d2be097/1/_Nbe4Pi6PCIpPWLscB7yULzI0uc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/d2dc9b-bcdc-42de-a1ae-42ce2d2be097/1/_Nbe4Pi6PCIpPWLscB7yULzI0uc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Nbe4Pi6PCIpPWLscB7yULzI0uc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:9f:d6:4e:a4:d4:9d:48:e6:8b:a5:12:e9:fc:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fcd6dee0f8ba3c22293d62ec701ef250bcc8d2e7
        Validity
            Not Before: Jan  1 17:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b836590533d144fe4c42881bd8e8dd4fca548810
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:af:8c:14:2f:70:d3:68:86:04:49:df:5c:df:
                    4d:68:ce:c5:d2:0f:2b:f8:34:60:82:30:dc:09:71:
                    a9:56:54:eb:ea:93:16:3f:4b:99:f7:d6:3b:20:f6:
                    57:c2:b4:74:10:90:95:47:6a:7a:f5:af:c3:97:21:
                    fe:04:cb:bc:a1:81:44:45:5e:a8:77:07:ae:b5:14:
                    5f:48:31:32:17:ad:79:55:73:e0:a6:62:ac:1a:a6:
                    55:3f:ef:cb:45:b0:b1:0c:29:4e:78:f9:26:9f:04:
                    9a:52:ab:dd:bc:89:a8:34:7a:37:37:59:43:cc:83:
                    71:9b:4b:be:d2:6c:31:96:c5:35:ee:d1:22:11:a1:
                    08:4d:3e:f6:36:0c:02:b0:38:ed:f1:ea:d6:4c:0b:
                    5f:ed:83:55:ae:d8:3b:e9:db:17:14:e8:54:8a:42:
                    7d:ea:26:b4:32:31:b2:a3:df:8c:9c:26:cf:6b:75:
                    db:1a:06:5b:ea:ba:1f:57:14:a2:61:08:d6:dd:9c:
                    7f:bc:47:d6:fe:2d:8f:f2:9e:67:f1:86:e3:a0:2a:
                    b4:db:bb:e0:11:f4:7d:67:e4:73:fd:4f:f3:a6:7f:
                    9c:fc:e4:73:67:6d:3f:d2:18:69:9d:83:de:ed:78:
                    9e:7a:11:82:3f:62:ce:e2:40:5c:61:63:a9:79:c5:
                    94:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:36:59:05:33:D1:44:FE:4C:42:88:1B:D8:E8:DD:4F:CA:54:88:10
            X509v3 Authority Key Identifier:
                keyid:FC:D6:DE:E0:F8:BA:3C:22:29:3D:62:EC:70:1E:F2:50:BC:C8:D2:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Nbe4Pi6PCIpPWLscB7yULzI0uc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/d2dc9b-bcdc-42de-a1ae-42ce2d2be097/1/uDZZBTPRRP5MQogb2OjdT8pUiBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/d2dc9b-bcdc-42de-a1ae-42ce2d2be097/1/_Nbe4Pi6PCIpPWLscB7yULzI0uc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.178.0/23
                IPv6:
                  2001:678:374::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:e6:3f:00:3f:e2:4c:bf:f0:b0:8b:33:e7:89:fd:da:0e:ff:
         ba:8a:cb:e4:22:ee:da:37:91:d8:29:5c:0d:e5:82:94:84:7b:
         24:8c:44:a0:fb:79:ad:df:0c:46:4a:b0:10:00:d2:da:00:da:
         92:18:f3:1f:05:d2:78:82:38:f9:bb:ac:1f:1c:a3:22:66:9c:
         ca:a0:81:56:e8:8b:25:b2:06:64:65:df:26:59:31:9b:cb:40:
         22:fe:49:c5:34:78:70:34:d9:0a:97:02:8e:ff:ef:f1:d2:47:
         05:66:22:5d:67:3d:19:65:d4:68:a0:e3:a3:62:d6:3e:91:75:
         53:4f:e0:48:38:2c:bd:8d:f8:93:27:02:43:42:87:7f:98:3f:
         d2:70:3b:1b:83:34:b0:3f:a6:33:a2:56:73:f6:de:c1:72:63:
         18:ee:85:a3:08:90:43:f7:15:6e:e3:c0:e5:b3:c5:88:97:1f:
         45:cd:ba:62:35:50:58:04:ba:48:e9:36:e1:e7:88:7f:a0:9a:
         f7:cd:ae:2c:f9:0f:b7:64:ac:39:3f:e0:9f:d4:22:92:dd:0f:
         0c:ac:14:41:27:1c:a6:2b:c5:1a:dd:6e:44:11:84:2f:0f:99:
         b9:14:53:f3:c2:8d:6b:ac:da:a8:a7:0f:bc:50:d0:14:8c:a2:
         19:69:9b:aa
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQi+5/WTqTUnUjmi6US6fw5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjZDZkZWUwZjhiYTNjMjIyOTNkNjJlYzcwMWVmMjUwYmNj
OGQyZTcwHhcNMjUwMTAxMTc0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODM2NTkwNTMzZDE0NGZlNGM0Mjg4MWJkOGU4ZGQ0ZmNhNTQ4ODEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAra+MFC9w02iGBEnfXN9NaM7F0g8r
+DRggjDcCXGpVlTr6pMWP0uZ99Y7IPZXwrR0EJCVR2p69a/DlyH+BMu8oYFERV6o
dweutRRfSDEyF615VXPgpmKsGqZVP+/LRbCxDClOePkmnwSaUqvdvImoNHo3N1lD
zINxm0u+0mwxlsU17tEiEaEITT72NgwCsDjt8erWTAtf7YNVrtg76dsXFOhUikJ9
6ia0MjGyo9+MnCbPa3XbGgZb6rofVxSiYQjW3Zx/vEfW/i2P8p5n8YbjoCq027vg
EfR9Z+Rz/U/zpn+c/ORzZ20/0hhpnYPe7XieehGCP2LO4kBcYWOpecWUvwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLg2WQUz0UT+TEKIG9jo3U/KVIgQMB8GA1UdIwQY
MBaAFPzW3uD4ujwiKT1i7HAe8lC8yNLnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX05iZTRQaTZQQ0lwUFdMc2NCN3lVTHpJMHVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9kMmRjOWItYmNkYy00MmRlLWExYWUt
NDJjZTJkMmJlMDk3LzEvdURaWkJUUFJSUDVNUW9nYjJPamRUOHBVaUJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9kMmRjOWItYmNkYy00MmRlLWExYWUtNDJjZTJkMmJlMDk3
LzEvX05iZTRQaTZQQ0lwUFdMc2NCN3lVTHpJMHVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW92yMA8E
AgACMAkDBwAgAQZ4A3QwDQYJKoZIhvcNAQELBQADggEBAGPmPwA/4ky/8LCLM+eJ
/doO/7qKy+Qi7to3kdgpXA3lgpSEeySMRKD7ea3fDEZKsBAA0toA2pIY8x8F0niC
OPm7rB8coyJmnMqggVboiyWyBmRl3yZZMZvLQCL+ScU0eHA02QqXAo7/7/HSRwVm
Il1nPRll1Gig46Ni1j6RdVNP4Eg4LL2N+JMnAkNCh3+YP9JwOxuDNLA/pjOiVnP2
3sFyYxjuhaMIkEP3FW7jwOWzxYiXH0XNumI1UFgEukjpNuHniH+gmvfNriz5D7dk
rDk/4J/UIpLdDwysFEEnHKYrxRrdbkQRhC8PmbkUU/PCjWus2qinD7xQ0BSMohlp
m6o=
-----END CERTIFICATE-----