Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/sWxGipvXPDrRy7KRGR55TYI1AWo.roa
File:                     sWxGipvXPDrRy7KRGR55TYI1AWo.roa (raw, json)
Hash identifier:          GmgD585dyRUEnjtmh5L0EINuDc9gA9tHc8Md0bec89U=
Subject key identifier:   B1:6C:46:8A:9B:D7:3C:3A:D1:CB:B2:91:19:1E:79:4D:82:35:01:6A
Certificate issuer:       /CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
Certificate serial:       018FF13CD8F448EF4EE2332B74E7B57A1442
Authority key identifier: 1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/sWxGipvXPDrRy7KRGR55TYI1AWo.roa
Signing time:             Fri 07 Jun 2024 05:47:27 +0000
ROA not before:           Fri 07 Jun 2024 05:47:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        91.149.200.0/24 maxlen: 24
                          91.149.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f1:3c:d8:f4:48:ef:4e:e2:33:2b:74:e7:b5:7a:14:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
        Validity
            Not Before: Jun  7 05:47:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b16c468a9bd73c3ad1cbb291191e794d8235016a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:7f:46:39:a3:d9:6c:5a:9b:96:ef:8a:e7:e2:
                    f9:ae:9d:c5:c4:6b:aa:5e:7a:6d:a0:35:88:34:02:
                    77:dc:00:91:77:e7:1e:63:cf:63:ca:ef:f8:c7:a9:
                    8d:b5:59:b1:f9:a3:3e:23:91:ef:ef:c5:ec:ba:ba:
                    7e:7a:4e:da:9e:a8:3c:17:d9:4f:b7:ac:97:54:4c:
                    9f:0f:90:9d:7c:db:08:0f:63:41:82:d7:6e:6f:89:
                    c2:2c:6d:1a:44:c1:4c:e5:22:61:20:82:f2:26:17:
                    6e:22:8a:91:e1:29:48:57:85:f7:f9:1e:c7:e1:d9:
                    32:f1:9e:65:a6:09:db:63:c5:d6:80:f3:41:7a:97:
                    90:94:8a:69:f1:dd:c1:d2:a2:5a:2c:94:c9:5f:1f:
                    43:f5:95:6a:64:6c:dd:e9:39:50:bb:d7:9b:6b:a7:
                    e7:8c:84:95:f9:97:f0:f5:4f:c5:98:cc:2b:6f:75:
                    14:63:ea:26:aa:e5:6e:f7:36:4c:04:6a:f0:7b:a6:
                    d5:88:48:a2:ee:7d:21:2c:23:4b:81:73:ea:fe:75:
                    e7:36:18:30:d6:f1:83:b4:c9:09:96:b7:cc:3a:84:
                    01:ae:a2:0b:be:78:79:60:fe:23:d4:23:cc:35:49:
                    85:12:7b:b0:6c:f9:2f:b8:63:c9:84:c8:a3:5a:c1:
                    06:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:6C:46:8A:9B:D7:3C:3A:D1:CB:B2:91:19:1E:79:4D:82:35:01:6A
            X509v3 Authority Key Identifier:
                keyid:1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/sWxGipvXPDrRy7KRGR55TYI1AWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.149.200.0/24
                  91.149.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:88:2e:be:14:fa:47:f2:1b:b9:08:39:f2:90:53:aa:40:d7:
         92:b5:89:2d:eb:6c:65:a3:09:f0:b4:01:ff:70:fd:7a:ce:bf:
         2b:3f:c8:e6:45:ac:53:1d:58:c1:b0:16:7f:09:1c:09:1e:c7:
         a2:ab:31:8f:cc:10:ee:51:7d:cc:8a:1c:84:73:e9:fc:6b:6f:
         81:54:33:87:69:b8:aa:ee:63:63:a0:21:72:ee:32:21:a4:f4:
         f1:b0:85:d5:0f:ec:c9:8b:5d:e0:86:0b:ff:66:6d:2b:3f:01:
         56:be:73:e3:0f:bb:df:6d:40:3d:94:b9:d3:5d:40:99:dd:2e:
         19:66:3a:37:3e:08:26:ba:12:1f:8f:49:7c:5a:29:be:57:da:
         fa:cd:d5:17:b2:c7:3b:02:79:09:d7:12:fe:5a:af:a0:b4:89:
         23:f8:02:c0:1c:4b:df:49:8f:ac:94:c8:df:1a:93:14:c8:d5:
         d2:e9:4b:27:3a:ea:11:ff:44:29:bb:94:ee:0f:0c:16:ca:63:
         16:58:c3:64:a3:a9:fd:53:1a:fb:ec:02:31:22:4a:cd:61:69:
         18:c7:c4:6f:01:0a:46:b3:07:ab:96:44:fa:da:30:d8:6e:9f:
         ec:a5:bd:4d:f7:30:5e:f3:73:ab:5f:e0:dd:13:5c:d2:b8:c2:
         47:5d:29:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY/xPNj0SO9O4jMrdOe1ehRCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2I2Mzc2YTE2NDhkNDlkNTVlNGQ3YjAxMzcxMzY3YjBk
YzJhZjkwHhcNMjQwNjA3MDU0NzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTZjNDY4YTliZDczYzNhZDFjYmIyOTExOTFlNzk0ZDgyMzUwMTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvH9GOaPZbFqblu+K5+L5rp3FxGuq
XnptoDWINAJ33ACRd+ceY89jyu/4x6mNtVmx+aM+I5Hv78Xsurp+ek7anqg8F9lP
t6yXVEyfD5CdfNsID2NBgtdub4nCLG0aRMFM5SJhIILyJhduIoqR4SlIV4X3+R7H
4dky8Z5lpgnbY8XWgPNBepeQlIpp8d3B0qJaLJTJXx9D9ZVqZGzd6TlQu9eba6fn
jISV+Zfw9U/FmMwrb3UUY+omquVu9zZMBGrwe6bViEii7n0hLCNLgXPq/nXnNhgw
1vGDtMkJlrfMOoQBrqILvnh5YP4j1CPMNUmFEnuwbPkvuGPJhMijWsEGcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLFsRoqb1zw60cuykRkeeU2CNQFqMB8GA1UdIwQY
MBaAFBrLY3ahZI1J1V5NewE3E2ew3Cr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAt
N2E5MzY3NTFkYjFiLzEvc1d4R2lwdlhQRHJSeTdLUkdSNTVUWUkxQVdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAtN2E5MzY3NTFkYjFi
LzEvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW5XIAwQA
W5XhMA0GCSqGSIb3DQEBCwUAA4IBAQApiC6+FPpH8hu5CDnykFOqQNeStYkt62xl
ownwtAH/cP16zr8rP8jmRaxTHVjBsBZ/CRwJHseiqzGPzBDuUX3MihyEc+n8a2+B
VDOHabiq7mNjoCFy7jIhpPTxsIXVD+zJi13ghgv/Zm0rPwFWvnPjD7vfbUA9lLnT
XUCZ3S4ZZjo3PggmuhIfj0l8Wim+V9r6zdUXssc7AnkJ1xL+Wq+gtIkj+ALAHEvf
SY+slMjfGpMUyNXS6UsnOuoR/0Qpu5TuDwwWymMWWMNko6n9Uxr77AIxIkrNYWkY
x8RvAQpGswerlkT62jDYbp/spb1N9zBe83OrX+DdE1zSuMJHXSm2
-----END CERTIFICATE-----