Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/UbhKTUtkHjo_ZsDZsH9chOAS5Pk.roa
File:                     UbhKTUtkHjo_ZsDZsH9chOAS5Pk.roa (raw, json)
Hash identifier:          t5m+joa43DrACa1COVuvlEQZ8bumjEYK0AXo1j3w3vs=
Subject key identifier:   51:B8:4A:4D:4B:64:1E:3A:3F:66:C0:D9:B0:7F:5C:84:E0:12:E4:F9
Certificate issuer:       /CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
Certificate serial:       01963DE6FD5F1E2311DCD885727E41531C1D
Authority key identifier: 27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/UbhKTUtkHjo_ZsDZsH9chOAS5Pk.roa
Signing time:             Wed 16 Apr 2025 09:21:10 +0000
ROA not before:           Wed 16 Apr 2025 09:21:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56582
IP address blocks:        91.102.160.0/23 maxlen: 23
                          91.102.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 05:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3d:e6:fd:5f:1e:23:11:dc:d8:85:72:7e:41:53:1c:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
        Validity
            Not Before: Apr 16 09:21:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51b84a4d4b641e3a3f66c0d9b07f5c84e012e4f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:8d:9a:31:c6:90:5f:54:ff:12:fd:70:9f:6d:
                    95:c9:25:bd:44:01:39:f0:fa:7f:6c:a8:ed:87:c5:
                    50:b8:1b:54:bd:ce:e6:2d:c2:fc:5d:89:c5:e1:4c:
                    69:8a:24:58:79:72:16:07:78:f0:53:b3:2c:db:b3:
                    e3:ac:19:a0:b0:3d:4f:e9:16:85:91:e0:b7:d3:69:
                    34:47:2b:96:c0:b7:98:40:a3:23:44:95:d6:b4:e8:
                    e1:d0:35:a9:77:79:13:61:85:da:2b:f0:7c:4d:b9:
                    cf:aa:08:5f:dd:19:fb:dd:e0:2a:11:b0:2d:26:03:
                    c1:2a:7c:a2:41:07:69:df:df:69:87:22:4b:ff:ef:
                    d3:3c:21:f4:10:f5:f1:76:c2:e9:e2:d2:ef:d6:6c:
                    72:dd:1b:18:03:13:23:a0:ae:b1:a6:20:b6:95:99:
                    83:ee:6c:e9:fc:2f:e4:de:f6:65:ec:8e:85:30:f4:
                    d9:a5:11:cf:6a:1b:d6:71:d4:45:5c:54:c6:2b:8c:
                    13:48:59:7b:d5:16:47:c7:97:29:d3:52:6b:41:17:
                    ce:a0:99:9d:41:c3:af:12:56:03:4d:13:76:b5:bb:
                    74:46:0f:fb:96:13:76:8e:4d:8a:54:ba:1a:06:a7:
                    a1:bc:70:7c:04:64:b7:5c:3a:cf:89:b4:9a:84:eb:
                    2e:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:B8:4A:4D:4B:64:1E:3A:3F:66:C0:D9:B0:7F:5C:84:E0:12:E4:F9
            X509v3 Authority Key Identifier:
                keyid:27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/UbhKTUtkHjo_ZsDZsH9chOAS5Pk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.160.0/23
                  91.102.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:ee:70:60:b8:de:88:2a:f2:6d:4e:c5:e4:7a:df:bd:d8:ea:
         b8:e1:fa:b8:b5:88:1e:5b:00:62:61:84:23:aa:14:c0:b5:eb:
         3b:45:35:73:d1:92:bf:e6:5f:22:70:8a:bf:44:aa:49:a2:58:
         8f:df:ad:5a:de:45:f7:8a:2f:13:97:f7:b6:4f:07:0d:13:01:
         e5:b4:1f:c7:41:13:50:58:37:e5:2e:8d:2c:56:ef:79:b1:fb:
         c7:b1:00:c0:2d:ff:3d:21:c8:d1:be:ea:c0:3d:9d:53:b6:82:
         6f:95:20:6d:27:2e:97:26:74:d7:99:77:0b:b9:7a:46:e1:97:
         95:62:df:2c:d1:69:9c:35:2f:29:47:c9:ed:d6:75:63:e3:5d:
         b3:ae:57:99:2f:b8:65:ee:62:b8:3f:2b:48:23:56:29:7a:54:
         6d:79:07:0b:1d:a7:82:d7:f5:6c:c0:13:ab:d9:4c:3d:01:23:
         89:ab:ee:18:35:be:d7:c0:5d:85:96:be:76:81:e9:61:60:1d:
         eb:0e:72:4c:a2:f3:25:c3:50:0e:2a:5e:0f:a5:2d:ce:0e:29:
         56:63:05:ea:46:e4:92:05:51:f8:ff:5a:e8:d8:a2:1f:aa:12:
         4f:ab:ea:ee:94:ca:e5:b9:f9:7d:91:64:07:04:95:66:25:13:
         49:04:e1:ce
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZY95v1fHiMR3NiFcn5BUxwdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzhiNDI3YzMxMzU5OGE5MmU4ZDhlYzYwZTI5NTBkYTM5
ZmMyYzkwHhcNMjUwNDE2MDkyMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWI4NGE0ZDRiNjQxZTNhM2Y2NmMwZDliMDdmNWM4NGUwMTJlNGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi42aMcaQX1T/Ev1wn22VySW9RAE5
8Pp/bKjth8VQuBtUvc7mLcL8XYnF4UxpiiRYeXIWB3jwU7Ms27PjrBmgsD1P6RaF
keC302k0RyuWwLeYQKMjRJXWtOjh0DWpd3kTYYXaK/B8TbnPqghf3Rn73eAqEbAt
JgPBKnyiQQdp399phyJL/+/TPCH0EPXxdsLp4tLv1mxy3RsYAxMjoK6xpiC2lZmD
7mzp/C/k3vZl7I6FMPTZpRHPahvWcdRFXFTGK4wTSFl71RZHx5cp01JrQRfOoJmd
QcOvElYDTRN2tbt0Rg/7lhN2jk2KVLoaBqehvHB8BGS3XDrPibSahOsu1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFG4Sk1LZB46P2bA2bB/XITgEuT5MB8GA1UdIwQY
MBaAFCfItCfDE1mKkujY7GDilQ2jn8LJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzct
MWM2ZWU0NGUxMWFkLzEvVWJoS1RVdGtIam9fWnNEWnNIOWNoT0FTNVBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzctMWM2ZWU0NGUxMWFk
LzEvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW2agAwQA
W2anMA0GCSqGSIb3DQEBCwUAA4IBAQCH7nBguN6IKvJtTsXket+92Oq44fq4tYge
WwBiYYQjqhTAtes7RTVz0ZK/5l8icIq/RKpJoliP361a3kX3ii8Tl/e2TwcNEwHl
tB/HQRNQWDflLo0sVu95sfvHsQDALf89IcjRvurAPZ1TtoJvlSBtJy6XJnTXmXcL
uXpG4ZeVYt8s0WmcNS8pR8nt1nVj412zrleZL7hl7mK4PytII1YpelRteQcLHaeC
1/VswBOr2Uw9ASOJq+4YNb7XwF2Flr52gelhYB3rDnJMovMlw1AOKl4PpS3ODilW
YwXqRuSSBVH4/1ro2KIfqhJPq+rulMrlufl9kWQHBJVmJRNJBOHO
-----END CERTIFICATE-----