Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/WU9La3gtDzbYELLK8QrU8M1LZ0c.roa
File:                     WU9La3gtDzbYELLK8QrU8M1LZ0c.roa (raw, json)
Hash identifier:          5dURrWYkWgU7NAXTK6199K3njWEhcNrOP00m3Sk81eY=
Subject key identifier:   59:4F:4B:6B:78:2D:0F:36:D8:10:B2:CA:F1:0A:D4:F0:CD:4B:67:47
Certificate issuer:       /CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
Certificate serial:       018CC26D7F41E4EAFEE35A4A98326D181EA7
Authority key identifier: 1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/WU9La3gtDzbYELLK8QrU8M1LZ0c.roa
Signing time:             Mon 01 Jan 2024 00:30:04 +0000
ROA not before:           Mon 01 Jan 2024 00:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201744
IP address blocks:        91.149.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7f:41:e4:ea:fe:e3:5a:4a:98:32:6d:18:1e:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
        Validity
            Not Before: Jan  1 00:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=594f4b6b782d0f36d810b2caf10ad4f0cd4b6747
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:40:b6:08:3e:2a:73:5d:eb:5f:65:c2:ad:61:
                    42:58:e3:1f:b6:7d:c9:de:42:81:25:69:ff:e2:cc:
                    d8:74:18:1a:d6:3a:f2:7b:17:50:9b:07:48:2d:7e:
                    62:38:80:c5:cb:b5:3b:34:b0:a5:aa:69:a8:f8:fe:
                    76:ef:ac:27:94:a7:c2:6f:fe:5e:7a:1e:15:00:19:
                    6c:c1:72:11:25:e2:71:9e:89:e8:1c:1a:e3:52:9c:
                    1b:fd:f6:a2:7d:85:db:dd:89:51:7c:48:8d:4d:18:
                    e6:05:dc:b6:24:8c:58:2d:1c:b2:71:08:4f:99:f5:
                    1b:f9:d3:44:71:2b:35:50:43:06:18:ad:8e:45:7d:
                    9e:90:05:a9:41:40:f7:2c:a6:98:87:79:5e:fa:7f:
                    f5:c3:2c:0b:0d:22:8b:5d:a1:e9:a8:05:69:0f:e0:
                    61:e9:33:01:8b:43:41:77:f5:3b:8c:60:ec:de:20:
                    f8:72:82:72:ee:e9:f3:22:05:98:48:3a:e7:a3:32:
                    fe:13:4a:d3:bc:e1:8b:c0:63:4d:ad:1a:0a:45:8f:
                    68:d7:43:95:ee:91:94:17:41:c3:b2:dc:8c:75:0f:
                    2f:a3:07:07:e1:50:ca:9a:ce:2c:57:8a:3f:b4:5a:
                    79:16:95:b7:1f:65:b0:98:d4:3b:82:e8:75:b9:cc:
                    cf:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:4F:4B:6B:78:2D:0F:36:D8:10:B2:CA:F1:0A:D4:F0:CD:4B:67:47
            X509v3 Authority Key Identifier:
                keyid:1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/WU9La3gtDzbYELLK8QrU8M1LZ0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.149.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:d4:e4:7c:7f:85:a3:32:fe:cd:ac:2c:05:a9:05:4d:59:30:
         6a:dc:8d:b5:65:16:40:96:f5:16:3c:52:60:24:93:78:25:03:
         38:a2:26:c0:57:35:a0:a6:e2:5f:57:04:ec:ab:93:77:2e:42:
         9f:f3:4d:2d:e9:46:48:93:67:2f:19:d1:06:c3:05:69:d1:8d:
         0a:5f:65:5c:f5:9a:67:aa:a4:95:d8:f7:fe:99:2e:55:e2:0d:
         73:aa:4b:6d:73:b5:e9:7c:c5:cc:70:7d:37:78:6c:10:0b:56:
         59:81:01:cc:50:e7:b2:bf:21:45:12:4b:77:65:f2:af:d8:3c:
         a5:ba:3c:4a:2a:fa:46:f1:cd:36:7f:5b:d8:dd:b0:c5:37:10:
         8f:cf:35:00:57:6f:7a:02:d0:f1:00:ee:9e:70:75:94:b6:b6:
         de:52:b2:0b:ce:a3:97:66:c3:9b:58:80:a8:fd:99:f1:ef:0a:
         a9:8e:95:21:97:d3:2f:23:23:5f:ee:00:6a:9c:90:8f:7d:30:
         cf:44:ca:65:fb:3f:45:89:86:f4:25:e0:55:38:28:e3:f0:a5:
         50:9c:b0:a5:29:61:13:36:b5:e2:60:3d:39:13:00:85:b8:01:
         f7:0f:86:ea:b5:66:69:90:cf:bf:9b:2d:ec:5f:8c:8a:35:85:
         41:e8:08:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbX9B5Or+41pKmDJtGB6nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2I2Mzc2YTE2NDhkNDlkNTVlNGQ3YjAxMzcxMzY3YjBk
YzJhZjkwHhcNMjQwMTAxMDAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTRmNGI2Yjc4MmQwZjM2ZDgxMGIyY2FmMTBhZDRmMGNkNGI2NzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00C2CD4qc13rX2XCrWFCWOMftn3J
3kKBJWn/4szYdBga1jryexdQmwdILX5iOIDFy7U7NLClqmmo+P5276wnlKfCb/5e
eh4VABlswXIRJeJxnonoHBrjUpwb/faifYXb3YlRfEiNTRjmBdy2JIxYLRyycQhP
mfUb+dNEcSs1UEMGGK2ORX2ekAWpQUD3LKaYh3le+n/1wywLDSKLXaHpqAVpD+Bh
6TMBi0NBd/U7jGDs3iD4coJy7unzIgWYSDrnozL+E0rTvOGLwGNNrRoKRY9o10OV
7pGUF0HDstyMdQ8vowcH4VDKms4sV4o/tFp5FpW3H2WwmNQ7guh1uczP4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFlPS2t4LQ822BCyyvEK1PDNS2dHMB8GA1UdIwQY
MBaAFBrLY3ahZI1J1V5NewE3E2ew3Cr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAt
N2E5MzY3NTFkYjFiLzEvV1U5TGEzZ3REemJZRUxMSzhRclU4TTFMWjBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAtN2E5MzY3NTFkYjFi
LzEvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5XrMA0G
CSqGSIb3DQEBCwUAA4IBAQBT1OR8f4WjMv7NrCwFqQVNWTBq3I21ZRZAlvUWPFJg
JJN4JQM4oibAVzWgpuJfVwTsq5N3LkKf800t6UZIk2cvGdEGwwVp0Y0KX2Vc9Zpn
qqSV2Pf+mS5V4g1zqkttc7XpfMXMcH03eGwQC1ZZgQHMUOeyvyFFEkt3ZfKv2Dyl
ujxKKvpG8c02f1vY3bDFNxCPzzUAV296AtDxAO6ecHWUtrbeUrILzqOXZsObWICo
/Znx7wqpjpUhl9MvIyNf7gBqnJCPfTDPRMpl+z9FiYb0JeBVOCjj8KVQnLClKWET
NrXiYD05EwCFuAH3D4bqtWZpkM+/my3sX4yKNYVB6Aif
-----END CERTIFICATE-----