Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/3f1f2e-5c52-4fb0-b538-17366ff96379/1/UmfPpfDRv_ApZ3ughChQeyWQHoE.roa
File:                     UmfPpfDRv_ApZ3ughChQeyWQHoE.roa (raw, json)
Hash identifier:          W6KfdErZrgCUI2jJZwbPGZdbFisBblXrHevg9OR73L8=
Subject key identifier:   52:67:CF:A5:F0:D1:BF:F0:29:67:7B:A0:84:28:50:7B:25:90:1E:81
Certificate issuer:       /CN=69f1a6b4804bb6a3854a44e1069f257267417805
Certificate serial:       0190E3D6348ABFD859006DEA19DC796742C4
Authority key identifier: 69:F1:A6:B4:80:4B:B6:A3:85:4A:44:E1:06:9F:25:72:67:41:78:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/afGmtIBLtqOFSkThBp8lcmdBeAU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/3f1f2e-5c52-4fb0-b538-17366ff96379/1/UmfPpfDRv_ApZ3ughChQeyWQHoE.roa
Signing time:             Wed 24 Jul 2024 08:23:04 +0000
ROA not before:           Wed 24 Jul 2024 08:23:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51580
IP address blocks:        91.220.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/3f1f2e-5c52-4fb0-b538-17366ff96379/1/afGmtIBLtqOFSkThBp8lcmdBeAU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/3f1f2e-5c52-4fb0-b538-17366ff96379/1/afGmtIBLtqOFSkThBp8lcmdBeAU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/afGmtIBLtqOFSkThBp8lcmdBeAU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e3:d6:34:8a:bf:d8:59:00:6d:ea:19:dc:79:67:42:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69f1a6b4804bb6a3854a44e1069f257267417805
        Validity
            Not Before: Jul 24 08:23:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5267cfa5f0d1bff029677ba08428507b25901e81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:e6:49:f9:d7:15:32:87:63:a3:43:00:bf:cb:
                    6e:ed:da:ce:77:d6:bf:c9:50:ec:33:44:45:10:69:
                    43:1e:aa:67:19:e1:ec:56:75:a2:26:7b:58:43:e6:
                    43:ea:bb:6c:64:ef:16:10:e0:3d:25:c0:4c:b1:e6:
                    65:bd:c5:4f:b2:a4:79:a3:2d:97:f5:d9:bb:b7:ea:
                    8f:b8:a9:f5:a0:76:67:9a:c6:87:90:87:cd:01:fd:
                    6c:cf:0a:66:fe:01:70:d3:97:ad:09:2b:46:c1:f4:
                    dd:ac:c0:98:8b:88:59:5f:1a:61:7b:bc:3e:8a:8a:
                    cc:12:12:23:dc:50:a4:78:bd:f6:6a:f1:85:5a:b5:
                    24:f5:8b:91:b3:97:12:3e:8e:a0:97:b0:8e:dd:d0:
                    31:b9:4b:b2:24:f2:14:3a:ee:8a:42:05:dd:6f:e5:
                    15:83:c3:20:15:f7:d9:cf:4e:15:92:06:19:8c:7a:
                    0d:b6:c6:6e:d3:25:20:0c:9c:69:59:1a:20:fb:85:
                    b9:c2:c2:9d:a5:20:ae:05:1b:76:a7:3e:db:56:c1:
                    6f:af:a5:aa:dc:72:2e:d9:9d:5b:96:21:28:31:ce:
                    64:e0:c4:85:7a:e5:73:0a:fa:52:9b:b4:d9:8c:33:
                    38:1f:45:38:1d:eb:6e:87:ce:8b:c7:c4:31:5c:7a:
                    0f:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:67:CF:A5:F0:D1:BF:F0:29:67:7B:A0:84:28:50:7B:25:90:1E:81
            X509v3 Authority Key Identifier:
                keyid:69:F1:A6:B4:80:4B:B6:A3:85:4A:44:E1:06:9F:25:72:67:41:78:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/afGmtIBLtqOFSkThBp8lcmdBeAU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/3f1f2e-5c52-4fb0-b538-17366ff96379/1/UmfPpfDRv_ApZ3ughChQeyWQHoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/3f1f2e-5c52-4fb0-b538-17366ff96379/1/afGmtIBLtqOFSkThBp8lcmdBeAU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:70:6c:90:a1:f0:16:45:d8:6f:2f:55:30:44:ce:81:f9:1f:
         7d:c4:9b:a1:a7:89:d1:40:18:81:5e:1c:c1:d6:ac:af:dd:00:
         8c:ba:1e:26:e1:45:84:26:e8:82:b4:be:9d:11:95:8a:2b:42:
         52:ec:41:09:46:1b:bc:b7:bd:e4:26:c9:ba:3d:57:46:ad:3e:
         59:31:70:e8:b4:59:f1:cc:07:30:25:10:f4:04:33:72:46:2d:
         8c:cd:06:c6:bd:ae:05:3f:e0:d0:8c:c9:51:84:ed:51:2e:78:
         77:98:4c:5e:55:51:b9:72:df:89:39:3d:9a:43:f6:e3:4f:84:
         a9:4b:29:fd:24:e7:96:7f:42:e6:44:df:bb:df:fb:c7:3b:b8:
         b1:cc:0e:cb:b7:08:0a:56:bd:19:99:ad:20:c6:27:a6:4d:4b:
         88:5c:5e:7e:54:6b:8f:c9:a5:a8:0e:8a:12:c1:c1:d6:da:47:
         39:54:d4:4e:44:ca:f3:1d:79:43:1e:6a:92:d2:76:ed:09:1f:
         da:61:e1:4c:12:e2:2d:77:dd:eb:0e:49:76:af:36:91:e0:2b:
         34:d7:11:9e:77:c1:a1:46:a4:7d:19:ff:a4:08:a7:b9:f3:ab:
         14:bd:da:e0:92:d4:3c:e6:7d:51:74:4a:d4:96:7c:f7:07:5c:
         16:88:26:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDj1jSKv9hZAG3qGdx5Z0LEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZjFhNmI0ODA0YmI2YTM4NTRhNDRlMTA2OWYyNTcyNjc0
MTc4MDUwHhcNMjQwNzI0MDgyMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjY3Y2ZhNWYwZDFiZmYwMjk2NzdiYTA4NDI4NTA3YjI1OTAxZTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAneZJ+dcVModjo0MAv8tu7drOd9a/
yVDsM0RFEGlDHqpnGeHsVnWiJntYQ+ZD6rtsZO8WEOA9JcBMseZlvcVPsqR5oy2X
9dm7t+qPuKn1oHZnmsaHkIfNAf1szwpm/gFw05etCStGwfTdrMCYi4hZXxphe7w+
iorMEhIj3FCkeL32avGFWrUk9YuRs5cSPo6gl7CO3dAxuUuyJPIUOu6KQgXdb+UV
g8MgFffZz04VkgYZjHoNtsZu0yUgDJxpWRog+4W5wsKdpSCuBRt2pz7bVsFvr6Wq
3HIu2Z1bliEoMc5k4MSFeuVzCvpSm7TZjDM4H0U4Hetuh86Lx8QxXHoPgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFJnz6Xw0b/wKWd7oIQoUHslkB6BMB8GA1UdIwQY
MBaAFGnxprSAS7ajhUpE4QafJXJnQXgFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWZHbXRJQkx0cU9GU2tUaEJwOGxjbWRCZUFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8zZjFmMmUtNWM1Mi00ZmIwLWI1Mzgt
MTczNjZmZjk2Mzc5LzEvVW1mUHBmRFJ2X0FwWjN1Z2hDaFFleVdRSG9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8zZjFmMmUtNWM1Mi00ZmIwLWI1MzgtMTczNjZmZjk2Mzc5
LzEvYWZHbXRJQkx0cU9GU2tUaEJwOGxjbWRCZUFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9xTMA0G
CSqGSIb3DQEBCwUAA4IBAQBYcGyQofAWRdhvL1UwRM6B+R99xJuhp4nRQBiBXhzB
1qyv3QCMuh4m4UWEJuiCtL6dEZWKK0JS7EEJRhu8t73kJsm6PVdGrT5ZMXDotFnx
zAcwJRD0BDNyRi2MzQbGva4FP+DQjMlRhO1RLnh3mExeVVG5ct+JOT2aQ/bjT4Sp
Syn9JOeWf0LmRN+73/vHO7ixzA7LtwgKVr0Zma0gxiemTUuIXF5+VGuPyaWoDooS
wcHW2kc5VNRORMrzHXlDHmqS0nbtCR/aYeFMEuItd93rDkl2rzaR4Cs01xGed8Gh
RqR9Gf+kCKe586sUvdrgktQ85n1RdErUlnz3B1wWiCZC
-----END CERTIFICATE-----