Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/uruDYSjJsQHtgQsmkfxJYvrLAmA.roa
File:                     uruDYSjJsQHtgQsmkfxJYvrLAmA.roa (raw, json)
Hash identifier:          ugK90f7lpLYbl+ftnhcqa/fEdcHq1apLzUka+OcYLBc=
Subject key identifier:   BA:BB:83:61:28:C9:B1:01:ED:81:0B:26:91:FC:49:62:FA:CB:02:60
Certificate issuer:       /CN=d1df4803e54b084a99cb7bb044bf791327594b73
Certificate serial:       01942521FECB6DC8B7A3034AB00C971EFD8D
Authority key identifier: D1:DF:48:03:E5:4B:08:4A:99:CB:7B:B0:44:BF:79:13:27:59:4B:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d9IA-VLCEqZy3uwRL95EydZS3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/uruDYSjJsQHtgQsmkfxJYvrLAmA.roa
Signing time:             Thu 02 Jan 2025 03:49:32 +0000
ROA not before:           Thu 02 Jan 2025 03:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5511
IP address blocks:        91.142.133.0/24 maxlen: 24
                          91.193.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/0d9IA-VLCEqZy3uwRL95EydZS3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/0d9IA-VLCEqZy3uwRL95EydZS3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d9IA-VLCEqZy3uwRL95EydZS3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:fe:cb:6d:c8:b7:a3:03:4a:b0:0c:97:1e:fd:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1df4803e54b084a99cb7bb044bf791327594b73
        Validity
            Not Before: Jan  2 03:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=babb836128c9b101ed810b2691fc4962facb0260
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:f8:9c:67:e0:30:18:16:1f:bb:78:56:a8:dd:
                    06:69:7c:68:15:a5:6e:9b:b4:56:f3:ad:31:38:69:
                    c1:8c:76:05:f5:17:26:7c:fd:80:e4:18:c7:67:cb:
                    11:8d:7b:c9:5e:b6:12:20:74:ae:fd:ca:2b:db:41:
                    bc:b6:ad:14:da:06:d1:cf:f9:6b:b1:32:8b:81:9d:
                    cb:f0:19:de:a6:3d:55:b6:d8:f8:6f:bc:18:78:99:
                    d2:96:c7:1f:aa:72:50:9b:1d:d0:e3:ef:06:09:fd:
                    cd:b4:bf:0b:b0:96:e9:1c:56:0e:4c:24:64:78:7d:
                    e4:a2:e4:5c:45:a1:77:b1:47:1d:7e:d6:11:50:32:
                    6c:3a:bd:f5:71:1e:d8:5b:4c:56:d6:cc:b6:5b:b9:
                    51:75:b7:ed:5e:61:62:b8:09:26:d3:0c:9c:42:c8:
                    7b:d7:0b:f5:31:e3:b4:9c:e1:4b:58:59:fd:6c:23:
                    3a:35:72:d9:c2:2c:ed:68:5a:15:f7:6d:d7:0f:d8:
                    6e:a9:3a:92:9d:be:44:c5:04:93:b8:eb:45:c8:a1:
                    33:7e:8e:85:55:b2:6c:a4:00:b3:56:2f:e4:87:07:
                    25:14:a2:5d:10:33:7e:13:10:89:24:5f:ba:d9:1a:
                    fd:9b:4e:c2:d5:e6:a1:e6:63:7d:e7:d7:74:d0:a3:
                    72:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:BB:83:61:28:C9:B1:01:ED:81:0B:26:91:FC:49:62:FA:CB:02:60
            X509v3 Authority Key Identifier:
                keyid:D1:DF:48:03:E5:4B:08:4A:99:CB:7B:B0:44:BF:79:13:27:59:4B:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d9IA-VLCEqZy3uwRL95EydZS3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/uruDYSjJsQHtgQsmkfxJYvrLAmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/0d9IA-VLCEqZy3uwRL95EydZS3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.142.133.0/24
                  91.193.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:2c:24:8c:92:aa:9e:c1:17:82:37:c9:ce:09:f4:8a:16:d1:
         97:08:d0:d3:00:f2:c0:d9:93:fe:98:2c:e0:2f:d7:f3:68:b6:
         31:ce:8f:22:12:fd:fe:af:be:8f:5c:66:65:a3:46:a6:bc:67:
         d5:e8:a7:79:0b:60:86:0f:cb:28:61:15:32:bf:46:99:4a:12:
         3e:d8:4c:e8:a2:f2:cb:a7:1a:1c:a9:0d:e4:fa:fd:79:ba:5e:
         17:c7:62:98:66:9c:38:af:94:77:c0:1e:11:85:57:ff:32:b2:
         19:fc:79:89:14:b4:0b:22:80:39:1f:1f:79:66:40:64:a2:65:
         3e:82:89:cc:cf:73:04:63:64:35:52:a5:31:f4:cd:08:b8:de:
         dc:d9:26:83:ad:d3:db:a3:e7:db:16:19:d1:48:f9:5f:54:74:
         0e:da:63:b3:1b:00:50:e8:3e:aa:a3:67:e3:b8:5e:0d:c9:b1:
         05:81:04:dc:26:89:f7:02:76:87:da:50:e8:8a:d3:0b:dd:43:
         fe:9b:cb:d8:df:f6:f0:2b:bd:38:e4:6d:5b:c0:d3:3f:44:5d:
         be:e3:69:35:ce:81:34:af:9d:1a:bc:05:d7:4c:11:a4:ba:ea:
         b6:80:ac:75:62:31:cc:b6:24:d0:3d:eb:b9:da:1c:4a:c0:91:
         e3:57:13:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIf7Lbci3owNKsAyXHv2NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGY0ODAzZTU0YjA4NGE5OWNiN2JiMDQ0YmY3OTEzMjc1
OTRiNzMwHhcNMjUwMTAyMDM0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWJiODM2MTI4YzliMTAxZWQ4MTBiMjY5MWZjNDk2MmZhY2IwMjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0vicZ+AwGBYfu3hWqN0GaXxoFaVu
m7RW860xOGnBjHYF9RcmfP2A5BjHZ8sRjXvJXrYSIHSu/cor20G8tq0U2gbRz/lr
sTKLgZ3L8Bnepj1Vttj4b7wYeJnSlscfqnJQmx3Q4+8GCf3NtL8LsJbpHFYOTCRk
eH3kouRcRaF3sUcdftYRUDJsOr31cR7YW0xW1sy2W7lRdbftXmFiuAkm0wycQsh7
1wv1MeO0nOFLWFn9bCM6NXLZwiztaFoV923XD9huqTqSnb5ExQSTuOtFyKEzfo6F
VbJspACzVi/khwclFKJdEDN+ExCJJF+62Rr9m07C1eah5mN959d00KNyeQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLq7g2EoybEB7YELJpH8SWL6ywJgMB8GA1UdIwQY
MBaAFNHfSAPlSwhKmct7sES/eRMnWUtzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ5SUEtVkxDRXFaeTN1d1JMOTVFeWRaUzNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8wZDVmNTMtOTY1My00N2ZiLWE5Nzct
NDhmNWU4NzY3ZDAyLzEvdXJ1RFlTakpzUUh0Z1FzbWtmeEpZdnJMQW1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8wZDVmNTMtOTY1My00N2ZiLWE5NzctNDhmNWU4NzY3ZDAy
LzEvMGQ5SUEtVkxDRXFaeTN1d1JMOTVFeWRaUzNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW46FAwQA
W8FKMA0GCSqGSIb3DQEBCwUAA4IBAQBbLCSMkqqewReCN8nOCfSKFtGXCNDTAPLA
2ZP+mCzgL9fzaLYxzo8iEv3+r76PXGZlo0amvGfV6Kd5C2CGD8soYRUyv0aZShI+
2EzoovLLpxocqQ3k+v15ul4Xx2KYZpw4r5R3wB4RhVf/MrIZ/HmJFLQLIoA5Hx95
ZkBkomU+gonMz3MEY2Q1UqUx9M0IuN7c2SaDrdPbo+fbFhnRSPlfVHQO2mOzGwBQ
6D6qo2fjuF4NybEFgQTcJon3AnaH2lDoitML3UP+m8vY3/bwK7045G1bwNM/RF2+
42k1zoE0r50avAXXTBGkuuq2gKx1YjHMtiTQPeu52hxKwJHjVxNE
-----END CERTIFICATE-----