Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b52e02-3af8-4ebb-99d3-851d9c044e70/1/UjWNhRVDS1dQtyrLqu8XE8cVl2c.roa
File:                     UjWNhRVDS1dQtyrLqu8XE8cVl2c.roa (raw, json)
Hash identifier:          VP+asIeQeiE6n/s3d0KCeiS8nBmXkURRsgcwQHE149Q=
Subject key identifier:   52:35:8D:85:15:43:4B:57:50:B7:2A:CB:AA:EF:17:13:C7:15:97:67
Certificate issuer:       /CN=d716209d7def98a2bb34977f65009b3520da256e
Certificate serial:       0198BF8B25E1C77501A2FC87715F5A3B394D
Authority key identifier: D7:16:20:9D:7D:EF:98:A2:BB:34:97:7F:65:00:9B:35:20:DA:25:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1xYgnX3vmKK7NJd_ZQCbNSDaJW4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b52e02-3af8-4ebb-99d3-851d9c044e70/1/UjWNhRVDS1dQtyrLqu8XE8cVl2c.roa
Signing time:             Mon 18 Aug 2025 23:37:04 +0000
ROA not before:           Mon 18 Aug 2025 23:37:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202391
IP address blocks:        91.239.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b52e02-3af8-4ebb-99d3-851d9c044e70/1/1xYgnX3vmKK7NJd_ZQCbNSDaJW4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b52e02-3af8-4ebb-99d3-851d9c044e70/1/1xYgnX3vmKK7NJd_ZQCbNSDaJW4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1xYgnX3vmKK7NJd_ZQCbNSDaJW4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:bf:8b:25:e1:c7:75:01:a2:fc:87:71:5f:5a:3b:39:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d716209d7def98a2bb34977f65009b3520da256e
        Validity
            Not Before: Aug 18 23:37:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52358d8515434b5750b72acbaaef1713c7159767
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:66:8d:f7:0a:d2:4c:be:ea:5b:d6:14:88:16:
                    09:f8:a7:7d:e0:e2:c6:e3:e0:53:aa:c1:9a:c3:07:
                    aa:ce:81:35:da:44:4b:26:f4:5b:06:cb:fe:59:46:
                    08:c4:5f:ff:61:ca:8c:1a:1b:17:7d:c9:8c:7c:d1:
                    dc:da:5d:e8:59:3b:32:1d:5e:5d:bd:fb:74:48:0f:
                    77:d7:c6:3a:e0:1b:5c:de:19:fd:56:dc:1a:55:e0:
                    82:5f:75:b5:c7:eb:b2:8b:2e:77:85:7e:84:a1:15:
                    be:ce:7c:41:c4:ef:3b:5c:0a:03:c8:8f:a4:a4:25:
                    85:11:ef:3c:69:ba:8c:29:01:f6:27:8a:1f:96:20:
                    a3:bc:a9:20:66:e4:93:c6:da:ec:b5:2a:7d:1e:bd:
                    d1:f6:2a:75:c7:02:ff:7d:b1:86:8b:17:23:54:17:
                    0a:6c:19:c7:9c:67:ad:d6:91:69:3c:8f:74:2f:2c:
                    e0:fa:44:dc:ff:89:72:09:10:77:b5:60:9b:6c:a6:
                    c2:dd:c9:7d:77:22:64:23:b7:f0:b1:ad:6e:fd:a7:
                    fb:fc:e2:d8:a4:66:e3:6c:0a:1e:fc:73:e8:6a:41:
                    b2:01:0d:d1:bf:3a:fc:32:9d:99:26:64:22:84:e5:
                    27:a7:65:49:cf:db:24:15:ff:10:69:ca:38:df:78:
                    27:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:35:8D:85:15:43:4B:57:50:B7:2A:CB:AA:EF:17:13:C7:15:97:67
            X509v3 Authority Key Identifier:
                keyid:D7:16:20:9D:7D:EF:98:A2:BB:34:97:7F:65:00:9B:35:20:DA:25:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1xYgnX3vmKK7NJd_ZQCbNSDaJW4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b52e02-3af8-4ebb-99d3-851d9c044e70/1/UjWNhRVDS1dQtyrLqu8XE8cVl2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b52e02-3af8-4ebb-99d3-851d9c044e70/1/1xYgnX3vmKK7NJd_ZQCbNSDaJW4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:c0:f6:ee:74:8c:3d:ed:26:c0:03:65:d4:ba:32:68:32:9a:
         20:d7:4a:5c:a7:55:c1:31:6c:4e:75:99:d6:7a:5a:73:17:d5:
         4d:f9:43:39:17:89:7e:08:04:01:eb:a4:2a:ea:51:c7:f4:26:
         1c:0b:11:dd:57:1e:c7:f6:cd:90:b0:d2:eb:4c:f9:d5:df:c1:
         6d:3c:6d:30:36:72:59:75:11:6d:a8:7c:72:1a:12:26:ef:46:
         67:f7:bd:61:3a:60:8d:91:e4:c7:22:74:1e:fd:90:1d:a7:76:
         2e:53:2c:25:ed:ce:b5:7b:7b:dd:c8:2b:0a:e4:d1:d1:aa:fd:
         a8:ee:9d:87:ce:ee:38:1d:fb:2e:de:d4:72:63:b6:49:31:c2:
         a7:29:3b:bd:b1:06:7b:4c:17:91:22:9f:54:e7:ff:38:79:d7:
         61:a4:76:c2:c0:c7:bc:35:a1:ab:f7:4c:17:7d:46:e1:36:fd:
         77:5e:e4:59:95:b9:88:69:7b:8a:f7:45:71:d7:2a:5a:b3:7d:
         b3:22:70:62:12:85:91:13:73:f7:cf:94:cf:94:8f:db:2f:a7:
         0a:b6:01:37:29:f3:be:57:32:c8:19:d8:66:d7:ff:42:45:7d:
         f5:37:f7:00:67:2b:c9:69:e2:8a:87:bf:ff:cb:83:38:04:58:
         33:93:4c:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZi/iyXhx3UBovyHcV9aOzlNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3MTYyMDlkN2RlZjk4YTJiYjM0OTc3ZjY1MDA5YjM1MjBk
YTI1NmUwHhcNMjUwODE4MjMzNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjM1OGQ4NTE1NDM0YjU3NTBiNzJhY2JhYWVmMTcxM2M3MTU5NzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGaN9wrSTL7qW9YUiBYJ+Kd94OLG
4+BTqsGawweqzoE12kRLJvRbBsv+WUYIxF//YcqMGhsXfcmMfNHc2l3oWTsyHV5d
vft0SA9318Y64Btc3hn9VtwaVeCCX3W1x+uyiy53hX6EoRW+znxBxO87XAoDyI+k
pCWFEe88abqMKQH2J4ofliCjvKkgZuSTxtrstSp9Hr3R9ip1xwL/fbGGixcjVBcK
bBnHnGet1pFpPI90Lyzg+kTc/4lyCRB3tWCbbKbC3cl9dyJkI7fwsa1u/af7/OLY
pGbjbAoe/HPoakGyAQ3Rvzr8Mp2ZJmQihOUnp2VJz9skFf8Qaco433gntQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFI1jYUVQ0tXULcqy6rvFxPHFZdnMB8GA1UdIwQY
MBaAFNcWIJ1975iiuzSXf2UAmzUg2iVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXhZZ25YM3ZtS0s3TkpkX1pRQ2JOU0RhSlc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iNTJlMDItM2FmOC00ZWJiLTk5ZDMt
ODUxZDljMDQ0ZTcwLzEvVWpXTmhSVkRTMWRRdHlyTHF1OFhFOGNWbDJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iNTJlMDItM2FmOC00ZWJiLTk5ZDMtODUxZDljMDQ0ZTcw
LzEvMXhZZ25YM3ZtS0s3TkpkX1pRQ2JOU0RhSlc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+/AMA0G
CSqGSIb3DQEBCwUAA4IBAQA7wPbudIw97SbAA2XUujJoMpog10pcp1XBMWxOdZnW
elpzF9VN+UM5F4l+CAQB66Qq6lHH9CYcCxHdVx7H9s2QsNLrTPnV38FtPG0wNnJZ
dRFtqHxyGhIm70Zn971hOmCNkeTHInQe/ZAdp3YuUywl7c61e3vdyCsK5NHRqv2o
7p2Hzu44Hfsu3tRyY7ZJMcKnKTu9sQZ7TBeRIp9U5/84eddhpHbCwMe8NaGr90wX
fUbhNv13XuRZlbmIaXuK90Vx1ypas32zInBiEoWRE3P3z5TPlI/bL6cKtgE3KfO+
VzLIGdhm1/9CRX31N/cAZyvJaeKKh7//y4M4BFgzk0xb
-----END CERTIFICATE-----