Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/a2bf35-54a3-4f78-b720-4a9e29615c05/1/gUp9W6gdzA4HeeDeBLYOgieiGro.roa
File:                     gUp9W6gdzA4HeeDeBLYOgieiGro.roa (raw, json)
Hash identifier:          lrN/LUw9qbgMyjQd+6zHffB/Q9YQH49/9bc6+74QbTo=
Subject key identifier:   81:4A:7D:5B:A8:1D:CC:0E:07:79:E0:DE:04:B6:0E:82:27:A2:1A:BA
Certificate issuer:       /CN=8d3ad2a1d9ab5c9b4fbb4e5e02521ee052b89d5f
Certificate serial:       0194221FAE5CD7DA4A3F2B2A9A007DF96E9B
Authority key identifier: 8D:3A:D2:A1:D9:AB:5C:9B:4F:BB:4E:5E:02:52:1E:E0:52:B8:9D:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jTrSodmrXJtPu05eAlIe4FK4nV8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/a2bf35-54a3-4f78-b720-4a9e29615c05/1/gUp9W6gdzA4HeeDeBLYOgieiGro.roa
Signing time:             Wed 01 Jan 2025 13:48:09 +0000
ROA not before:           Wed 01 Jan 2025 13:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199718
IP address blocks:        91.221.50.0/23 maxlen: 23
                          91.221.50.0/24 maxlen: 24
                          91.221.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/a2bf35-54a3-4f78-b720-4a9e29615c05/1/jTrSodmrXJtPu05eAlIe4FK4nV8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/a2bf35-54a3-4f78-b720-4a9e29615c05/1/jTrSodmrXJtPu05eAlIe4FK4nV8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jTrSodmrXJtPu05eAlIe4FK4nV8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:ae:5c:d7:da:4a:3f:2b:2a:9a:00:7d:f9:6e:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d3ad2a1d9ab5c9b4fbb4e5e02521ee052b89d5f
        Validity
            Not Before: Jan  1 13:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=814a7d5ba81dcc0e0779e0de04b60e8227a21aba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:38:6f:6a:f8:72:a0:a5:5d:cf:49:59:41:65:
                    8f:d7:3e:7b:3e:2f:da:7b:06:89:18:9d:7f:1a:cd:
                    02:92:5a:c9:69:aa:5a:21:c7:13:5e:b2:84:ff:cc:
                    bd:72:5e:52:79:03:9c:a8:20:9f:ac:60:90:ef:a8:
                    ea:f0:e9:f4:23:dd:33:9f:3f:3d:da:6b:67:b9:e2:
                    35:cb:9e:86:cb:59:ac:90:36:28:ca:d4:02:77:63:
                    b4:cd:e5:99:d4:46:e1:e8:2b:8e:56:ee:f2:ca:29:
                    f0:28:eb:7f:21:c2:c4:0d:20:66:f3:63:48:55:3d:
                    f1:f6:49:d9:dc:6b:d7:63:fe:08:c2:1a:f9:6b:63:
                    fe:a1:f9:47:18:06:17:03:15:88:b2:40:f5:b7:4b:
                    4e:21:ed:40:92:f7:9b:78:43:f6:1d:d8:9a:da:24:
                    cf:61:25:d5:15:17:69:f8:22:49:57:87:57:68:6b:
                    44:d1:b8:c8:21:9f:dd:75:17:c9:b7:89:3f:e1:11:
                    d5:aa:5e:db:27:9f:87:ec:ae:8e:c3:e9:8b:a9:22:
                    ad:c1:e1:ed:51:24:5d:df:2d:6c:1c:63:c8:2c:0b:
                    27:57:4f:f3:fb:8f:ce:67:24:31:76:64:f6:bd:48:
                    b6:8d:5c:49:28:98:31:a9:5a:d6:33:6f:f6:1d:fd:
                    83:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:4A:7D:5B:A8:1D:CC:0E:07:79:E0:DE:04:B6:0E:82:27:A2:1A:BA
            X509v3 Authority Key Identifier:
                keyid:8D:3A:D2:A1:D9:AB:5C:9B:4F:BB:4E:5E:02:52:1E:E0:52:B8:9D:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jTrSodmrXJtPu05eAlIe4FK4nV8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/a2bf35-54a3-4f78-b720-4a9e29615c05/1/gUp9W6gdzA4HeeDeBLYOgieiGro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/a2bf35-54a3-4f78-b720-4a9e29615c05/1/jTrSodmrXJtPu05eAlIe4FK4nV8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:06:b4:0f:bc:d4:a9:20:89:64:43:fc:c7:da:fa:3e:e6:59:
         9c:96:ab:64:93:5a:4d:92:24:55:78:bf:1f:59:f8:ea:1f:4e:
         ab:6c:fe:82:a9:2e:24:13:13:49:92:1e:51:97:86:15:64:74:
         c7:ab:a9:ce:cf:3b:ae:56:bf:3e:d7:22:82:6d:ad:9a:95:9f:
         d3:b0:e0:a4:e3:89:84:37:c6:a7:40:90:6a:41:5c:6a:27:14:
         23:f4:06:d3:60:ff:a0:9a:41:ea:b9:ee:3c:1d:de:2b:a5:1e:
         0c:f5:fe:cc:8a:51:69:23:c7:6d:07:e9:52:7e:ac:8f:94:67:
         c6:98:99:27:97:01:fb:0e:ba:18:76:8a:d5:e0:4d:2a:a9:5d:
         3f:ac:4c:27:be:98:1d:30:c9:af:af:e7:25:01:67:2f:35:49:
         87:e5:07:b0:a9:e9:6f:ed:5b:52:c6:14:4f:91:57:7c:71:07:
         0f:b1:0e:eb:5b:01:c4:99:ac:c5:37:0f:c6:50:57:ff:0e:69:
         9b:d3:60:a9:91:e7:ad:55:78:fa:28:e4:e1:c8:21:1b:de:d1:
         39:a3:a8:3d:8e:f4:19:da:3b:c3:51:3b:ca:01:e9:6c:4c:08:
         8c:86:28:c6:a0:bc:5d:37:a3:0b:f2:d4:41:0e:1b:c4:c2:68:
         1a:fb:f3:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH65c19pKPysqmgB9+W6bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkM2FkMmExZDlhYjVjOWI0ZmJiNGU1ZTAyNTIxZWUwNTJi
ODlkNWYwHhcNMjUwMTAxMTM0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTRhN2Q1YmE4MWRjYzBlMDc3OWUwZGUwNGI2MGU4MjI3YTIxYWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ThvavhyoKVdz0lZQWWP1z57Pi/a
ewaJGJ1/Gs0CklrJaapaIccTXrKE/8y9cl5SeQOcqCCfrGCQ76jq8On0I90znz89
2mtnueI1y56Gy1mskDYoytQCd2O0zeWZ1Ebh6CuOVu7yyinwKOt/IcLEDSBm82NI
VT3x9knZ3GvXY/4Iwhr5a2P+oflHGAYXAxWIskD1t0tOIe1AkvebeEP2Hdia2iTP
YSXVFRdp+CJJV4dXaGtE0bjIIZ/ddRfJt4k/4RHVql7bJ5+H7K6Ow+mLqSKtweHt
USRd3y1sHGPILAsnV0/z+4/OZyQxdmT2vUi2jVxJKJgxqVrWM2/2Hf2DJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIFKfVuoHcwOB3ng3gS2DoInohq6MB8GA1UdIwQY
MBaAFI060qHZq1ybT7tOXgJSHuBSuJ1fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalRyU29kbXJYSnRQdTA1ZUFsSWU0Rks0blY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9hMmJmMzUtNTRhMy00Zjc4LWI3MjAt
NGE5ZTI5NjE1YzA1LzEvZ1VwOVc2Z2R6QTRIZWVEZUJMWU9naWVpR3JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9hMmJmMzUtNTRhMy00Zjc4LWI3MjAtNGE5ZTI5NjE1YzA1
LzEvalRyU29kbXJYSnRQdTA1ZUFsSWU0Rks0blY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW90yMA0G
CSqGSIb3DQEBCwUAA4IBAQCFBrQPvNSpIIlkQ/zH2vo+5lmclqtkk1pNkiRVeL8f
WfjqH06rbP6CqS4kExNJkh5Rl4YVZHTHq6nOzzuuVr8+1yKCba2alZ/TsOCk44mE
N8anQJBqQVxqJxQj9AbTYP+gmkHque48Hd4rpR4M9f7MilFpI8dtB+lSfqyPlGfG
mJknlwH7DroYdorV4E0qqV0/rEwnvpgdMMmvr+clAWcvNUmH5Qewqelv7VtSxhRP
kVd8cQcPsQ7rWwHEmazFNw/GUFf/Dmmb02CpkeetVXj6KOThyCEb3tE5o6g9jvQZ
2jvDUTvKAelsTAiMhijGoLxdN6ML8tRBDhvEwmga+/Md
-----END CERTIFICATE-----