Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/6f9283-b4d4-44cd-a69b-c73201df9995/1/UdkvXpXGLdhITVh5jtCCMBnxb7M.roa
File:                     UdkvXpXGLdhITVh5jtCCMBnxb7M.roa (raw, json)
Hash identifier:          HifSo99m/eGKn8WJh44GwrCR837RJMUrmbV81B/JjSg=
Subject key identifier:   51:D9:2F:5E:95:C6:2D:D8:48:4D:58:79:8E:D0:82:30:19:F1:6F:B3
Certificate issuer:       /CN=761acfd649c8eead8551942781fa16f68dbd10f3
Certificate serial:       019424B25DF17686BA34709D9BE029FFDB42
Authority key identifier: 76:1A:CF:D6:49:C8:EE:AD:85:51:94:27:81:FA:16:F6:8D:BD:10:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dhrP1knI7q2FUZQngfoW9o29EPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/6f9283-b4d4-44cd-a69b-c73201df9995/1/UdkvXpXGLdhITVh5jtCCMBnxb7M.roa
Signing time:             Thu 02 Jan 2025 01:47:36 +0000
ROA not before:           Thu 02 Jan 2025 01:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41836
IP address blocks:        91.224.72.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/6f9283-b4d4-44cd-a69b-c73201df9995/1/dhrP1knI7q2FUZQngfoW9o29EPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/6f9283-b4d4-44cd-a69b-c73201df9995/1/dhrP1knI7q2FUZQngfoW9o29EPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dhrP1knI7q2FUZQngfoW9o29EPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 13:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:5d:f1:76:86:ba:34:70:9d:9b:e0:29:ff:db:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=761acfd649c8eead8551942781fa16f68dbd10f3
        Validity
            Not Before: Jan  2 01:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51d92f5e95c62dd8484d58798ed0823019f16fb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:5b:64:97:a0:20:dc:5d:cc:88:5d:a1:b5:3f:
                    60:49:a2:73:ba:96:1c:82:5f:1a:4b:bd:b2:e8:bb:
                    9e:40:dd:4c:78:d7:50:17:d3:10:00:f5:00:ba:a8:
                    9c:a2:9d:bf:22:7e:2f:1b:0c:9d:0b:bb:fe:88:70:
                    16:0f:3c:5f:c9:8c:37:ba:d9:b8:08:c0:53:6d:f8:
                    33:ac:6d:b1:8b:8d:79:8f:65:af:e9:28:33:45:0f:
                    0f:14:f9:09:9f:fc:08:e8:05:1a:68:1c:cd:04:56:
                    19:ad:54:7b:2e:e3:57:3b:a6:8f:28:cd:89:4b:40:
                    fa:d4:fb:11:f2:a6:46:59:b2:bb:5a:7e:34:81:a2:
                    4b:49:08:57:76:3f:07:0b:24:fe:cd:f8:37:a1:00:
                    44:f0:30:02:df:e1:70:6d:b8:1b:0d:ff:c5:9a:96:
                    43:17:b1:65:05:fe:44:65:0a:5e:6e:c1:6f:1b:d1:
                    b1:a5:2e:f5:c2:4d:3c:9e:6e:c7:36:6e:71:a7:60:
                    94:13:b0:90:66:58:9e:fb:cd:89:28:ed:00:a1:64:
                    bb:17:13:c3:c4:a8:57:30:17:a2:dd:58:0b:06:df:
                    63:cf:d0:de:c7:28:0d:be:d5:cd:39:92:ff:c4:95:
                    ae:cc:da:59:af:f2:a8:43:70:87:a7:28:6d:96:d0:
                    44:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:D9:2F:5E:95:C6:2D:D8:48:4D:58:79:8E:D0:82:30:19:F1:6F:B3
            X509v3 Authority Key Identifier:
                keyid:76:1A:CF:D6:49:C8:EE:AD:85:51:94:27:81:FA:16:F6:8D:BD:10:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dhrP1knI7q2FUZQngfoW9o29EPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/6f9283-b4d4-44cd-a69b-c73201df9995/1/UdkvXpXGLdhITVh5jtCCMBnxb7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/6f9283-b4d4-44cd-a69b-c73201df9995/1/dhrP1knI7q2FUZQngfoW9o29EPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:57:78:cd:86:f6:83:61:cf:91:74:c3:ad:90:91:cd:22:a4:
         f0:61:5f:0c:5c:8c:6a:1b:58:61:41:bc:cd:6e:39:92:62:1a:
         ad:bd:43:bb:4f:84:f5:57:a0:ac:6d:a6:8a:ef:e3:06:35:eb:
         39:28:29:76:e2:74:c9:d9:eb:b0:5c:75:f3:29:e5:87:fd:0f:
         1e:f1:38:ef:9b:ab:97:03:4f:52:9f:54:69:c9:47:89:f2:bd:
         54:62:17:c4:a1:62:c1:05:35:a1:ef:44:b1:d4:52:7a:e8:93:
         bd:7e:56:78:f7:9d:b7:8e:f7:a1:2a:ae:9d:e0:1c:f0:20:a0:
         57:62:87:5f:bd:73:81:27:d7:09:96:24:07:12:4c:bc:c0:bb:
         31:8e:fa:b4:3d:5b:3b:b7:75:ab:3f:c1:40:b6:57:5f:7a:28:
         98:2a:c8:ca:f1:72:a8:63:36:1b:67:67:d1:68:d7:34:59:66:
         b7:4a:e3:ce:59:c5:44:73:fe:e8:dc:0a:7b:ec:69:a0:44:21:
         3e:d8:c6:67:bf:98:ae:c6:14:5c:fc:25:d4:d2:c1:1c:58:b5:
         06:12:f6:5e:6d:ef:58:0a:ae:c5:5a:06:80:39:43:c0:b2:d7:
         09:28:7f:6f:f6:0f:5d:6e:7c:fc:3a:f5:27:a4:ed:53:ea:d6:
         4f:50:d3:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksl3xdoa6NHCdm+Ap/9tCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2MWFjZmQ2NDljOGVlYWQ4NTUxOTQyNzgxZmExNmY2OGRi
ZDEwZjMwHhcNMjUwMTAyMDE0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWQ5MmY1ZTk1YzYyZGQ4NDg0ZDU4Nzk4ZWQwODIzMDE5ZjE2ZmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1tkl6Ag3F3MiF2htT9gSaJzupYc
gl8aS72y6LueQN1MeNdQF9MQAPUAuqicop2/In4vGwydC7v+iHAWDzxfyYw3utm4
CMBTbfgzrG2xi415j2Wv6SgzRQ8PFPkJn/wI6AUaaBzNBFYZrVR7LuNXO6aPKM2J
S0D61PsR8qZGWbK7Wn40gaJLSQhXdj8HCyT+zfg3oQBE8DAC3+FwbbgbDf/FmpZD
F7FlBf5EZQpebsFvG9GxpS71wk08nm7HNm5xp2CUE7CQZlie+82JKO0AoWS7FxPD
xKhXMBei3VgLBt9jz9DexygNvtXNOZL/xJWuzNpZr/KoQ3CHpyhtltBEZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFHZL16Vxi3YSE1YeY7QgjAZ8W+zMB8GA1UdIwQY
MBaAFHYaz9ZJyO6thVGUJ4H6FvaNvRDzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGhyUDFrbkk3cTJGVVpRbmdmb1c5bzI5RVBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC82ZjkyODMtYjRkNC00NGNkLWE2OWIt
YzczMjAxZGY5OTk1LzEvVWRrdlhwWEdMZGhJVFZoNWp0Q0NNQm54YjdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC82ZjkyODMtYjRkNC00NGNkLWE2OWItYzczMjAxZGY5OTk1
LzEvZGhyUDFrbkk3cTJGVVpRbmdmb1c5bzI5RVBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+BIMA0G
CSqGSIb3DQEBCwUAA4IBAQAtV3jNhvaDYc+RdMOtkJHNIqTwYV8MXIxqG1hhQbzN
bjmSYhqtvUO7T4T1V6CsbaaK7+MGNes5KCl24nTJ2euwXHXzKeWH/Q8e8Tjvm6uX
A09Sn1RpyUeJ8r1UYhfEoWLBBTWh70Sx1FJ66JO9flZ49523jvehKq6d4BzwIKBX
YodfvXOBJ9cJliQHEky8wLsxjvq0PVs7t3WrP8FAtldfeiiYKsjK8XKoYzYbZ2fR
aNc0WWa3SuPOWcVEc/7o3Ap77GmgRCE+2MZnv5iuxhRc/CXU0sEcWLUGEvZebe9Y
Cq7FWgaAOUPAstcJKH9v9g9dbnz8OvUnpO1T6tZPUNNk
-----END CERTIFICATE-----