Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/03650c-d7bb-4f13-b200-50d018bb0bf6/1/UTJh4MdSXt43NfiQTTlDvj1k9rY.roa
File:                     UTJh4MdSXt43NfiQTTlDvj1k9rY.roa (raw, json)
Hash identifier:          N+wxIM6737IrF1om020wGAk+mgn7C7h6YeyPjzTJ2mQ=
Subject key identifier:   51:32:61:E0:C7:52:5E:DE:37:35:F8:90:4D:39:43:BE:3D:64:F6:B6
Certificate issuer:       /CN=c50e7237f1459aff4d5ae094bd2c85256e2e2e3d
Certificate serial:       0194A2DCCAF6140D22710EA4F6E6CA381AA5
Authority key identifier: C5:0E:72:37:F1:45:9A:FF:4D:5A:E0:94:BD:2C:85:25:6E:2E:2E:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xQ5yN_FFmv9NWuCUvSyFJW4uLj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/03650c-d7bb-4f13-b200-50d018bb0bf6/1/UTJh4MdSXt43NfiQTTlDvj1k9rY.roa
Signing time:             Sun 26 Jan 2025 13:46:06 +0000
ROA not before:           Sun 26 Jan 2025 13:46:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        91.240.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/03650c-d7bb-4f13-b200-50d018bb0bf6/1/xQ5yN_FFmv9NWuCUvSyFJW4uLj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/03650c-d7bb-4f13-b200-50d018bb0bf6/1/xQ5yN_FFmv9NWuCUvSyFJW4uLj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xQ5yN_FFmv9NWuCUvSyFJW4uLj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a2:dc:ca:f6:14:0d:22:71:0e:a4:f6:e6:ca:38:1a:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c50e7237f1459aff4d5ae094bd2c85256e2e2e3d
        Validity
            Not Before: Jan 26 13:46:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=513261e0c7525ede3735f8904d3943be3d64f6b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c7:64:85:2e:b8:b8:e9:2e:d1:1b:72:d0:ec:
                    21:3a:3c:02:a2:20:ed:6b:3b:a7:b3:71:eb:30:82:
                    00:6f:c3:e6:05:3e:37:a2:51:20:36:85:f3:62:47:
                    8f:35:bd:b0:2d:65:6d:58:4f:20:3b:db:a4:07:ec:
                    27:73:e6:6a:51:4d:a3:8a:6b:bf:6a:2e:4a:30:97:
                    ac:8c:01:04:d4:c6:3a:14:2f:ec:2c:37:b6:0e:ad:
                    1c:0e:fd:48:40:e4:05:24:e5:40:b0:ab:f8:25:0f:
                    2a:5f:c8:53:3a:a1:a8:25:56:d0:b7:78:c7:96:34:
                    6b:50:df:95:df:32:46:c1:4e:0f:08:2e:21:ff:e9:
                    44:12:3e:82:3d:8e:9c:34:1e:8d:da:31:ec:3e:05:
                    8d:f7:e5:45:7b:08:f3:fd:cf:0a:e0:b7:89:1a:fc:
                    6b:b5:68:82:e8:83:21:fa:40:d2:6f:90:62:ea:20:
                    65:51:23:d2:89:33:85:3b:88:1e:72:2c:d5:15:e4:
                    64:89:43:d8:f7:7c:c8:68:75:88:27:7e:41:03:17:
                    9e:6d:e7:cb:e2:2e:81:8d:b3:ae:96:24:e0:5e:02:
                    a8:bd:74:87:6a:23:38:97:ac:4a:9b:d5:de:1d:6b:
                    07:a4:ea:45:ab:17:03:04:f9:71:4c:91:e4:51:85:
                    8d:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:32:61:E0:C7:52:5E:DE:37:35:F8:90:4D:39:43:BE:3D:64:F6:B6
            X509v3 Authority Key Identifier:
                keyid:C5:0E:72:37:F1:45:9A:FF:4D:5A:E0:94:BD:2C:85:25:6E:2E:2E:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xQ5yN_FFmv9NWuCUvSyFJW4uLj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/03650c-d7bb-4f13-b200-50d018bb0bf6/1/UTJh4MdSXt43NfiQTTlDvj1k9rY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/03650c-d7bb-4f13-b200-50d018bb0bf6/1/xQ5yN_FFmv9NWuCUvSyFJW4uLj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:2a:12:bf:6a:fd:bc:43:5b:c4:3b:1f:7f:74:76:02:b1:d4:
         5c:dd:24:d7:3f:8b:fd:e0:2f:47:1e:a9:f2:0b:84:59:65:75:
         6e:11:52:09:7d:8e:c6:14:21:c5:ba:56:7c:68:4b:62:8b:05:
         6f:46:52:d6:70:38:51:10:9b:49:e3:ea:02:a6:ae:b5:bd:fb:
         46:75:90:6e:a5:4f:0a:b4:86:0c:34:1e:12:b4:fb:85:72:b0:
         87:24:ec:1e:15:da:64:64:50:ee:fe:86:f5:a4:8b:99:0a:f4:
         db:c1:8e:d9:83:a2:83:3d:29:c8:3c:df:b7:10:c8:e1:2d:e1:
         42:19:38:87:18:57:bd:8f:29:69:f4:b9:70:52:51:49:00:ed:
         c9:8b:ed:28:bc:b5:11:86:53:d6:58:5d:ad:6f:0f:f3:a7:2f:
         08:3e:6a:75:69:65:e5:01:a1:40:27:82:2c:25:42:f1:63:1b:
         f4:eb:4d:b1:e2:d4:dc:34:98:76:04:ea:94:38:f3:dd:55:22:
         96:b4:1f:b8:74:f6:f1:ba:70:aa:ad:b5:2f:7d:3e:78:3a:20:
         2d:30:8d:a7:b6:44:69:ec:0e:05:3f:9d:a3:43:ee:1e:00:29:
         59:84:be:6f:8f:d5:d7:54:dd:6f:45:d6:62:d5:92:93:6c:dd:
         00:57:e8:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSi3Mr2FA0icQ6k9ubKOBqlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1MGU3MjM3ZjE0NTlhZmY0ZDVhZTA5NGJkMmM4NTI1NmUy
ZTJlM2QwHhcNMjUwMTI2MTM0NjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTMyNjFlMGM3NTI1ZWRlMzczNWY4OTA0ZDM5NDNiZTNkNjRmNmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcdkhS64uOku0Rty0OwhOjwCoiDt
azuns3HrMIIAb8PmBT43olEgNoXzYkePNb2wLWVtWE8gO9ukB+wnc+ZqUU2jimu/
ai5KMJesjAEE1MY6FC/sLDe2Dq0cDv1IQOQFJOVAsKv4JQ8qX8hTOqGoJVbQt3jH
ljRrUN+V3zJGwU4PCC4h/+lEEj6CPY6cNB6N2jHsPgWN9+VFewjz/c8K4LeJGvxr
tWiC6IMh+kDSb5Bi6iBlUSPSiTOFO4gecizVFeRkiUPY93zIaHWIJ35BAxeebefL
4i6BjbOuliTgXgKovXSHaiM4l6xKm9XeHWsHpOpFqxcDBPlxTJHkUYWNYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEyYeDHUl7eNzX4kE05Q749ZPa2MB8GA1UdIwQY
MBaAFMUOcjfxRZr/TVrglL0shSVuLi49MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFE1eU5fRkZtdjlOV3VDVXZTeUZKVzR1TGowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8wMzY1MGMtZDdiYi00ZjEzLWIyMDAt
NTBkMDE4YmIwYmY2LzEvVVRKaDRNZFNYdDQzTmZpUVRUbER2ajFrOXJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8wMzY1MGMtZDdiYi00ZjEzLWIyMDAtNTBkMDE4YmIwYmY2
LzEveFE1eU5fRkZtdjlOV3VDVXZTeUZKVzR1TGowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/BfMA0G
CSqGSIb3DQEBCwUAA4IBAQAZKhK/av28Q1vEOx9/dHYCsdRc3STXP4v94C9HHqny
C4RZZXVuEVIJfY7GFCHFulZ8aEtiiwVvRlLWcDhREJtJ4+oCpq61vftGdZBupU8K
tIYMNB4StPuFcrCHJOweFdpkZFDu/ob1pIuZCvTbwY7Zg6KDPSnIPN+3EMjhLeFC
GTiHGFe9jylp9LlwUlFJAO3Ji+0ovLURhlPWWF2tbw/zpy8IPmp1aWXlAaFAJ4Is
JULxYxv0602x4tTcNJh2BOqUOPPdVSKWtB+4dPbxunCqrbUvfT54OiAtMI2ntkRp
7A4FP52jQ+4eAClZhL5vj9XXVN1vRdZi1ZKTbN0AV+hp
-----END CERTIFICATE-----