Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/a2bf35-54a3-4f78-b720-4a9e29615c05/1/8Umey-QBL8ZS2FgF05SW82dc4AA.roa
File:                     8Umey-QBL8ZS2FgF05SW82dc4AA.roa (raw, json)
Hash identifier:          x725P2pYv187JpiNI5ahruJ5GiYjoqjH6vsd4A6Hjfk=
Subject key identifier:   F1:49:9E:CB:E4:01:2F:C6:52:D8:58:05:D3:94:96:F3:67:5C:E0:00
Certificate issuer:       /CN=8d3ad2a1d9ab5c9b4fbb4e5e02521ee052b89d5f
Certificate serial:       018CC3B6D491DF67867DD75D60F356CB7854
Authority key identifier: 8D:3A:D2:A1:D9:AB:5C:9B:4F:BB:4E:5E:02:52:1E:E0:52:B8:9D:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jTrSodmrXJtPu05eAlIe4FK4nV8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/a2bf35-54a3-4f78-b720-4a9e29615c05/1/8Umey-QBL8ZS2FgF05SW82dc4AA.roa
Signing time:             Mon 01 Jan 2024 06:29:48 +0000
ROA not before:           Mon 01 Jan 2024 06:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199718
IP address blocks:        91.221.50.0/23 maxlen: 23
                          91.221.50.0/24 maxlen: 24
                          91.221.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/a2bf35-54a3-4f78-b720-4a9e29615c05/1/jTrSodmrXJtPu05eAlIe4FK4nV8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/a2bf35-54a3-4f78-b720-4a9e29615c05/1/jTrSodmrXJtPu05eAlIe4FK4nV8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jTrSodmrXJtPu05eAlIe4FK4nV8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 Nov 2024 17:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d4:91:df:67:86:7d:d7:5d:60:f3:56:cb:78:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d3ad2a1d9ab5c9b4fbb4e5e02521ee052b89d5f
        Validity
            Not Before: Jan  1 06:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1499ecbe4012fc652d85805d39496f3675ce000
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a0:54:28:19:e3:8c:d2:df:1b:f5:64:41:05:
                    7b:f1:65:9b:f5:7d:c3:be:fa:d3:79:f2:a7:aa:09:
                    f7:e5:f0:e1:87:24:18:50:d5:27:f4:7c:95:85:4a:
                    b0:f9:3c:6f:ec:6b:7c:32:34:e6:90:25:c4:99:d1:
                    10:31:de:62:20:a6:60:3a:6b:f6:dc:6d:19:ce:98:
                    56:13:d1:03:60:51:43:bb:01:14:37:d7:6b:7c:3e:
                    7e:f5:0b:8e:f2:b9:de:7f:24:dc:a5:78:5a:97:c0:
                    6a:8c:af:ce:9c:25:ea:b5:3d:de:c5:86:56:e8:aa:
                    b1:a6:01:89:97:c6:af:05:15:98:53:4f:05:bc:f7:
                    c1:40:a4:31:09:6f:62:dd:b8:e0:f3:4f:d5:4b:b9:
                    a5:06:41:a6:88:58:68:89:d1:a6:a5:b5:a9:a2:d4:
                    73:8e:aa:77:0b:12:ce:72:4c:ac:ba:c5:25:12:e7:
                    56:47:1b:a0:af:7a:ec:c5:bd:20:03:fb:64:d7:80:
                    5d:17:85:90:7d:ae:88:c1:ed:33:a2:55:d2:76:20:
                    eb:ac:76:b5:51:f3:d3:eb:19:6f:45:ed:cf:54:4a:
                    cb:c6:6d:4a:dd:dc:e5:4d:c1:24:52:d2:01:a7:5d:
                    da:90:98:cb:de:8f:fe:00:8a:38:c2:56:35:db:64:
                    90:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:49:9E:CB:E4:01:2F:C6:52:D8:58:05:D3:94:96:F3:67:5C:E0:00
            X509v3 Authority Key Identifier:
                keyid:8D:3A:D2:A1:D9:AB:5C:9B:4F:BB:4E:5E:02:52:1E:E0:52:B8:9D:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jTrSodmrXJtPu05eAlIe4FK4nV8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/a2bf35-54a3-4f78-b720-4a9e29615c05/1/8Umey-QBL8ZS2FgF05SW82dc4AA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/a2bf35-54a3-4f78-b720-4a9e29615c05/1/jTrSodmrXJtPu05eAlIe4FK4nV8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:c1:5b:aa:13:62:76:75:8d:61:eb:09:14:19:9c:62:88:c5:
         4b:44:b4:99:73:c4:41:4c:25:49:15:4a:8a:83:08:50:51:97:
         7a:6d:ca:dd:58:9c:03:18:5e:4e:51:d9:a3:42:3b:6b:42:b3:
         9d:fb:c5:a2:5b:96:8f:43:0f:d9:de:5c:d6:25:45:29:95:24:
         3c:2a:27:99:ac:bf:1a:1b:34:56:16:cf:4e:dc:71:ba:94:72:
         ac:70:4d:d8:09:9a:be:26:90:4c:e9:a3:94:d0:fe:73:ca:16:
         c0:f7:4a:85:39:06:00:fc:c6:a5:82:c2:8c:58:56:e4:6f:67:
         6d:ef:6b:7f:51:3c:bf:ba:a5:d8:65:e3:2c:2d:e8:98:cc:c5:
         11:70:bb:a1:91:a2:17:dc:f0:13:8f:1f:cd:51:75:cc:e0:7d:
         f0:97:ab:60:9a:d5:a8:ce:49:8d:88:40:aa:19:6c:94:ef:8f:
         58:c7:8a:e8:a2:a1:97:dc:cf:72:05:57:86:56:d1:80:80:c8:
         ac:09:c1:45:9b:ba:34:01:f9:35:d0:13:26:6f:cc:d4:82:35:
         d2:51:73:75:7d:8c:98:d9:58:c3:07:1e:e0:98:3c:b1:69:8c:
         13:0c:7b:a7:8d:a1:70:05:14:7a:ab:54:6f:fd:ae:27:9a:96:
         68:64:31:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttSR32eGfdddYPNWy3hUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkM2FkMmExZDlhYjVjOWI0ZmJiNGU1ZTAyNTIxZWUwNTJi
ODlkNWYwHhcNMjQwMTAxMDYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTQ5OWVjYmU0MDEyZmM2NTJkODU4MDVkMzk0OTZmMzY3NWNlMDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqBUKBnjjNLfG/VkQQV78WWb9X3D
vvrTefKnqgn35fDhhyQYUNUn9HyVhUqw+Txv7Gt8MjTmkCXEmdEQMd5iIKZgOmv2
3G0ZzphWE9EDYFFDuwEUN9drfD5+9QuO8rnefyTcpXhal8BqjK/OnCXqtT3exYZW
6KqxpgGJl8avBRWYU08FvPfBQKQxCW9i3bjg80/VS7mlBkGmiFhoidGmpbWpotRz
jqp3CxLOckysusUlEudWRxugr3rsxb0gA/tk14BdF4WQfa6Iwe0zolXSdiDrrHa1
UfPT6xlvRe3PVErLxm1K3dzlTcEkUtIBp13akJjL3o/+AIo4wlY122SQ3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPFJnsvkAS/GUthYBdOUlvNnXOAAMB8GA1UdIwQY
MBaAFI060qHZq1ybT7tOXgJSHuBSuJ1fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalRyU29kbXJYSnRQdTA1ZUFsSWU0Rks0blY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9hMmJmMzUtNTRhMy00Zjc4LWI3MjAt
NGE5ZTI5NjE1YzA1LzEvOFVtZXktUUJMOFpTMkZnRjA1U1c4MmRjNEFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9hMmJmMzUtNTRhMy00Zjc4LWI3MjAtNGE5ZTI5NjE1YzA1
LzEvalRyU29kbXJYSnRQdTA1ZUFsSWU0Rks0blY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW90yMA0G
CSqGSIb3DQEBCwUAA4IBAQBxwVuqE2J2dY1h6wkUGZxiiMVLRLSZc8RBTCVJFUqK
gwhQUZd6bcrdWJwDGF5OUdmjQjtrQrOd+8WiW5aPQw/Z3lzWJUUplSQ8KieZrL8a
GzRWFs9O3HG6lHKscE3YCZq+JpBM6aOU0P5zyhbA90qFOQYA/MalgsKMWFbkb2dt
72t/UTy/uqXYZeMsLeiYzMURcLuhkaIX3PATjx/NUXXM4H3wl6tgmtWozkmNiECq
GWyU749Yx4rooqGX3M9yBVeGVtGAgMisCcFFm7o0Afk10BMmb8zUgjXSUXN1fYyY
2VjDBx7gmDyxaYwTDHunjaFwBRR6q1Rv/a4nmpZoZDF7
-----END CERTIFICATE-----