Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/137a56-f706-4785-b4cb-985476c55e43/1/U_5c8CxOIHHrRakjJdwAMkWA57k.roa
File:                     U_5c8CxOIHHrRakjJdwAMkWA57k.roa (raw, json)
Hash identifier:          QboBS3SLtO5jQZfeGl+2o8dQ0vIC+Re5+Wn8IQ4OL28=
Subject key identifier:   53:FE:5C:F0:2C:4E:20:71:EB:45:A9:23:25:DC:00:32:45:80:E7:B9
Certificate issuer:       /CN=8e534c0c182c43837f2c2bd4edcb0b8b3abe96e9
Certificate serial:       01958A479E5736C028F32C7CCB6EF92F2D37
Authority key identifier: 8E:53:4C:0C:18:2C:43:83:7F:2C:2B:D4:ED:CB:0B:8B:3A:BE:96:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jlNMDBgsQ4N_LCvU7csLizq-luk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/137a56-f706-4785-b4cb-985476c55e43/1/U_5c8CxOIHHrRakjJdwAMkWA57k.roa
Signing time:             Wed 12 Mar 2025 12:15:04 +0000
ROA not before:           Wed 12 Mar 2025 12:15:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198463
IP address blocks:        91.217.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/137a56-f706-4785-b4cb-985476c55e43/1/jlNMDBgsQ4N_LCvU7csLizq-luk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/137a56-f706-4785-b4cb-985476c55e43/1/jlNMDBgsQ4N_LCvU7csLizq-luk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jlNMDBgsQ4N_LCvU7csLizq-luk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 13:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8a:47:9e:57:36:c0:28:f3:2c:7c:cb:6e:f9:2f:2d:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e534c0c182c43837f2c2bd4edcb0b8b3abe96e9
        Validity
            Not Before: Mar 12 12:15:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53fe5cf02c4e2071eb45a92325dc00324580e7b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:9d:33:ec:4a:12:8c:12:72:28:4d:12:46:f8:
                    79:cb:2f:92:a2:1d:34:c2:35:0f:60:81:d5:2a:bb:
                    2e:4b:a4:1f:ac:63:1c:4b:a6:fa:b5:cf:95:b5:3e:
                    85:4e:fa:6f:6e:14:45:74:c3:23:7b:0d:f1:ee:d9:
                    45:20:28:42:f7:72:79:17:2e:0f:e5:c5:de:3b:70:
                    bd:9e:c3:bf:cd:ac:5a:9c:5f:eb:47:ca:d8:a9:f5:
                    9a:a9:9c:32:ee:7e:db:32:95:11:8a:11:4e:c4:e8:
                    ed:f7:59:16:e2:9d:d6:4a:47:2f:f0:83:36:5e:44:
                    7a:66:aa:97:51:46:8f:1e:85:bb:6c:bf:87:c5:41:
                    57:da:8d:2a:10:a4:17:e6:06:ab:40:88:a1:26:3d:
                    6c:d3:c8:b0:1b:66:b1:92:17:09:ff:07:b7:cb:f3:
                    47:11:f6:2c:0c:0e:97:e7:f6:8a:fa:72:20:d6:10:
                    15:b1:63:4a:49:3c:0b:ad:67:3d:d8:b7:74:67:9a:
                    0a:59:b6:64:10:86:ed:4c:69:9b:d0:2d:ef:cf:38:
                    da:04:b8:65:71:ab:03:1e:e8:77:86:45:9e:ec:36:
                    c1:8b:48:52:90:d3:b8:e5:04:64:cd:86:4e:48:fd:
                    9f:e2:69:eb:28:69:90:74:bd:da:c7:89:ad:4f:f1:
                    a4:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:FE:5C:F0:2C:4E:20:71:EB:45:A9:23:25:DC:00:32:45:80:E7:B9
            X509v3 Authority Key Identifier:
                keyid:8E:53:4C:0C:18:2C:43:83:7F:2C:2B:D4:ED:CB:0B:8B:3A:BE:96:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jlNMDBgsQ4N_LCvU7csLizq-luk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/137a56-f706-4785-b4cb-985476c55e43/1/U_5c8CxOIHHrRakjJdwAMkWA57k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/137a56-f706-4785-b4cb-985476c55e43/1/jlNMDBgsQ4N_LCvU7csLizq-luk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:08:00:c6:23:b9:33:0f:d2:21:51:da:b4:ed:17:5c:8c:32:
         31:6d:89:a9:13:cb:28:79:0e:d9:a0:84:6e:24:d0:92:55:36:
         c1:02:13:2f:a8:0e:82:eb:0f:bd:96:1a:42:ff:da:62:45:01:
         d7:d1:bf:bd:28:39:31:db:ac:ae:6c:d2:58:e2:b7:b2:39:9a:
         49:64:34:da:f8:8c:6f:2d:47:b3:4a:a3:7c:81:df:ae:44:c8:
         98:39:86:e9:d3:00:13:93:85:13:65:f3:1c:a3:75:9a:cc:c0:
         86:c8:de:8b:3f:e7:3e:8d:57:a2:66:b2:d3:bd:86:aa:eb:71:
         c3:ba:ea:86:15:43:60:1c:da:cc:d1:21:15:e0:18:06:e9:6b:
         a7:cf:fc:1b:8a:eb:84:3d:c3:1f:d1:18:41:a3:59:b0:4c:55:
         9c:d2:2f:0e:77:82:33:0d:ea:4e:f7:03:f5:dc:92:c1:cf:3b:
         0e:41:07:f7:7c:e8:be:9d:ba:2f:da:3f:b0:bc:a5:d3:01:d4:
         df:98:4d:f2:54:2d:80:d5:de:de:4c:e2:8b:8d:62:0f:89:9f:
         a7:f0:e4:c6:f7:67:f0:09:86:91:2e:4a:f8:f6:28:0e:5c:1b:
         f1:9f:9f:14:36:9e:ca:16:9b:ef:03:93:c6:d0:19:74:d0:f4:
         c3:55:62:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWKR55XNsAo8yx8y275Ly03MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNTM0YzBjMTgyYzQzODM3ZjJjMmJkNGVkY2IwYjhiM2Fi
ZTk2ZTkwHhcNMjUwMzEyMTIxNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2ZlNWNmMDJjNGUyMDcxZWI0NWE5MjMyNWRjMDAzMjQ1ODBlN2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq50z7EoSjBJyKE0SRvh5yy+Soh00
wjUPYIHVKrsuS6QfrGMcS6b6tc+VtT6FTvpvbhRFdMMjew3x7tlFIChC93J5Fy4P
5cXeO3C9nsO/zaxanF/rR8rYqfWaqZwy7n7bMpURihFOxOjt91kW4p3WSkcv8IM2
XkR6ZqqXUUaPHoW7bL+HxUFX2o0qEKQX5garQIihJj1s08iwG2axkhcJ/we3y/NH
EfYsDA6X5/aK+nIg1hAVsWNKSTwLrWc92Ld0Z5oKWbZkEIbtTGmb0C3vzzjaBLhl
casDHuh3hkWe7DbBi0hSkNO45QRkzYZOSP2f4mnrKGmQdL3ax4mtT/GkjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFP+XPAsTiBx60WpIyXcADJFgOe5MB8GA1UdIwQY
MBaAFI5TTAwYLEODfywr1O3LC4s6vpbpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamxOTURCZ3NRNE5fTEN2VTdjc0xpenEtbHVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC8xMzdhNTYtZjcwNi00Nzg1LWI0Y2It
OTg1NDc2YzU1ZTQzLzEvVV81YzhDeE9JSEhyUmFrakpkd0FNa1dBNTdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC8xMzdhNTYtZjcwNi00Nzg1LWI0Y2ItOTg1NDc2YzU1ZTQz
LzEvamxOTURCZ3NRNE5fTEN2VTdjc0xpenEtbHVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9nRMA0G
CSqGSIb3DQEBCwUAA4IBAQBCCADGI7kzD9IhUdq07RdcjDIxbYmpE8soeQ7ZoIRu
JNCSVTbBAhMvqA6C6w+9lhpC/9piRQHX0b+9KDkx26yubNJY4reyOZpJZDTa+Ixv
LUezSqN8gd+uRMiYOYbp0wATk4UTZfMco3WazMCGyN6LP+c+jVeiZrLTvYaq63HD
uuqGFUNgHNrM0SEV4BgG6Wunz/wbiuuEPcMf0RhBo1mwTFWc0i8Od4IzDepO9wP1
3JLBzzsOQQf3fOi+nbov2j+wvKXTAdTfmE3yVC2A1d7eTOKLjWIPiZ+n8OTG92fw
CYaRLkr49igOXBvxn58UNp7KFpvvA5PG0Bl00PTDVWJy
-----END CERTIFICATE-----