Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/ZwSeBQ2tXYDmOqW8V32VwrT1Ao8.roa
File:                     ZwSeBQ2tXYDmOqW8V32VwrT1Ao8.roa (raw, json)
Hash identifier:          LCa2TdcPowYt2GZ2WKMCDJ7M+FWCyUnqKDWuhSEDIxU=
Subject key identifier:   67:04:9E:05:0D:AD:5D:80:E6:3A:A5:BC:57:7D:95:C2:B4:F5:02:8F
Certificate issuer:       /CN=bb9b56d8d96ebcb5fcf87de2ec2b52c194ccf9f9
Certificate serial:       018CC801C362702C15270754117E16B36090
Authority key identifier: BB:9B:56:D8:D9:6E:BC:B5:FC:F8:7D:E2:EC:2B:52:C1:94:CC:F9:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u5tW2NluvLX8-H3i7CtSwZTM-fk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/ZwSeBQ2tXYDmOqW8V32VwrT1Ao8.roa
Signing time:             Tue 02 Jan 2024 02:30:07 +0000
ROA not before:           Tue 02 Jan 2024 02:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57461
IP address blocks:        91.232.73.0/24 maxlen: 24
                          91.232.72.0/22 maxlen: 22
                          91.232.72.0/24 maxlen: 24
                          91.232.75.0/24 maxlen: 24
                          91.232.74.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/u5tW2NluvLX8-H3i7CtSwZTM-fk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/u5tW2NluvLX8-H3i7CtSwZTM-fk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u5tW2NluvLX8-H3i7CtSwZTM-fk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:c3:62:70:2c:15:27:07:54:11:7e:16:b3:60:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb9b56d8d96ebcb5fcf87de2ec2b52c194ccf9f9
        Validity
            Not Before: Jan  2 02:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67049e050dad5d80e63aa5bc577d95c2b4f5028f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:89:b6:26:0c:64:1f:ef:6b:bd:1b:16:0c:d7:
                    1e:d0:c5:6e:3e:61:17:aa:de:13:fd:f2:70:a4:4d:
                    4f:09:50:63:c8:1a:35:d7:11:59:80:31:f8:b3:f0:
                    66:05:e2:1e:cc:7a:04:cf:fe:e1:66:99:19:12:a9:
                    21:1f:f7:6d:1a:85:ca:d0:e7:80:3f:b2:2e:51:6e:
                    e9:98:30:98:68:d9:8a:8d:d1:88:5a:b0:d8:62:19:
                    94:15:2d:80:16:3b:c1:d3:a1:2f:04:ce:56:e4:d9:
                    b7:9a:6e:2e:e6:8a:15:61:5e:c0:15:33:17:86:33:
                    10:e0:78:9a:b0:d2:41:e6:4b:32:71:87:6c:e3:1f:
                    3f:ca:5f:bf:e5:ba:58:99:9b:fe:49:33:cb:11:0f:
                    c4:18:9c:e9:86:b4:97:6a:24:54:08:fb:e5:05:54:
                    8e:34:fc:81:35:c6:d0:88:e9:24:33:f6:93:cc:f7:
                    1c:20:78:4c:b2:23:97:18:23:d5:3e:53:91:83:f0:
                    67:86:f8:76:ba:d1:13:fe:16:a2:cc:67:d0:e3:b5:
                    d2:c7:f3:e5:c5:f0:24:f2:d4:c1:47:e4:fc:14:f2:
                    f9:8d:22:5c:fa:3d:7a:e1:83:b0:38:18:29:d7:5a:
                    60:3f:54:ed:02:e5:c0:7f:85:8d:90:21:bd:b0:38:
                    7a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:04:9E:05:0D:AD:5D:80:E6:3A:A5:BC:57:7D:95:C2:B4:F5:02:8F
            X509v3 Authority Key Identifier:
                keyid:BB:9B:56:D8:D9:6E:BC:B5:FC:F8:7D:E2:EC:2B:52:C1:94:CC:F9:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u5tW2NluvLX8-H3i7CtSwZTM-fk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/ZwSeBQ2tXYDmOqW8V32VwrT1Ao8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/u5tW2NluvLX8-H3i7CtSwZTM-fk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d9:08:66:17:60:64:39:3d:70:e5:61:94:70:df:52:fc:d8:fa:
         21:08:31:30:11:1c:98:3e:8e:19:74:2a:3a:b6:f8:0f:0b:9f:
         84:4f:c3:18:4f:52:19:76:29:cf:6e:1f:87:b4:fa:e7:ea:31:
         ee:b0:e4:12:b0:02:32:1e:a2:54:38:2a:5b:2f:87:74:5e:5e:
         55:d9:50:86:1a:6d:5a:91:50:6a:3c:81:a3:62:82:66:93:50:
         2e:ab:6a:7c:65:8a:18:63:99:b3:ea:7c:11:3f:80:5a:1e:5a:
         f6:61:69:d7:ff:7c:88:7f:0f:d4:1b:05:c6:e3:1c:d4:df:58:
         1e:46:0c:07:f9:b5:c5:6a:e2:8a:c5:95:d3:13:ab:11:54:95:
         d3:8f:14:42:d1:01:ce:40:60:17:16:9c:32:13:f8:45:77:27:
         94:66:4f:b8:5c:64:32:b2:42:4d:30:c5:99:2e:4d:b9:48:0c:
         d0:52:4b:68:79:30:08:e5:af:58:75:0f:d3:aa:48:ea:67:f0:
         4c:e9:47:a3:4c:d3:23:2f:34:36:4d:d8:33:57:11:0d:d6:ba:
         f2:b0:74:45:ce:8d:36:dc:d2:8b:cb:fe:9e:bb:e3:29:69:d6:
         3a:35:76:4f:81:c9:bb:94:5a:be:94:2e:91:c2:7c:75:ad:ce:
         62:34:34:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAcNicCwVJwdUEX4Ws2CQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiOWI1NmQ4ZDk2ZWJjYjVmY2Y4N2RlMmVjMmI1MmMxOTRj
Y2Y5ZjkwHhcNMjQwMTAyMDIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzA0OWUwNTBkYWQ1ZDgwZTYzYWE1YmM1NzdkOTVjMmI0ZjUwMjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyom2JgxkH+9rvRsWDNce0MVuPmEX
qt4T/fJwpE1PCVBjyBo11xFZgDH4s/BmBeIezHoEz/7hZpkZEqkhH/dtGoXK0OeA
P7IuUW7pmDCYaNmKjdGIWrDYYhmUFS2AFjvB06EvBM5W5Nm3mm4u5ooVYV7AFTMX
hjMQ4HiasNJB5ksycYds4x8/yl+/5bpYmZv+STPLEQ/EGJzphrSXaiRUCPvlBVSO
NPyBNcbQiOkkM/aTzPccIHhMsiOXGCPVPlORg/Bnhvh2utET/haizGfQ47XSx/Pl
xfAk8tTBR+T8FPL5jSJc+j164YOwOBgp11pgP1TtAuXAf4WNkCG9sDh6/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGcEngUNrV2A5jqlvFd9lcK09QKPMB8GA1UdIwQY
MBaAFLubVtjZbry1/Ph94uwrUsGUzPn5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTV0VzJObHV2TFg4LUgzaTdDdFN3WlRNLWZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84ZjM5NDItMTdmNy00OTNjLWJjNmIt
NGY0ZmU4MDNiMDE1LzEvWndTZUJRMnRYWURtT3FXOFYzMlZ3clQxQW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84ZjM5NDItMTdmNy00OTNjLWJjNmItNGY0ZmU4MDNiMDE1
LzEvdTV0VzJObHV2TFg4LUgzaTdDdFN3WlRNLWZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+hIMA0G
CSqGSIb3DQEBCwUAA4IBAQDZCGYXYGQ5PXDlYZRw31L82PohCDEwERyYPo4ZdCo6
tvgPC5+ET8MYT1IZdinPbh+HtPrn6jHusOQSsAIyHqJUOCpbL4d0Xl5V2VCGGm1a
kVBqPIGjYoJmk1Auq2p8ZYoYY5mz6nwRP4BaHlr2YWnX/3yIfw/UGwXG4xzU31ge
RgwH+bXFauKKxZXTE6sRVJXTjxRC0QHOQGAXFpwyE/hFdyeUZk+4XGQyskJNMMWZ
Lk25SAzQUktoeTAI5a9YdQ/TqkjqZ/BM6UejTNMjLzQ2TdgzVxEN1rrysHRFzo02
3NKLy/6eu+MpadY6NXZPgcm7lFq+lC6Rwnx1rc5iNDTs
-----END CERTIFICATE-----