Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/czuam8qAdfeWDr9pgUU4YlZBCdg.roa
File:                     czuam8qAdfeWDr9pgUU4YlZBCdg.roa (raw, json)
Hash identifier:          eq2p9u1Z5h1LeXlSQLXeQA6gpHmOqVSIhbTUdfxbsiw=
Subject key identifier:   73:3B:9A:9B:CA:80:75:F7:96:0E:BF:69:81:45:38:62:56:41:09:D8
Certificate issuer:       /CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
Certificate serial:       018CC26D7DC30EBCF1EBF4CB979F67C24BB9
Authority key identifier: 1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/czuam8qAdfeWDr9pgUU4YlZBCdg.roa
Signing time:             Mon 01 Jan 2024 00:30:04 +0000
ROA not before:           Mon 01 Jan 2024 00:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49581
IP address blocks:        91.149.231.0/24 maxlen: 24
                          91.149.230.0/24 maxlen: 24
                          91.149.229.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7d:c3:0e:bc:f1:eb:f4:cb:97:9f:67:c2:4b:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
        Validity
            Not Before: Jan  1 00:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=733b9a9bca8075f7960ebf6981453862564109d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:fd:79:4e:00:06:37:12:b8:6e:25:9e:d4:7b:
                    2d:d2:28:32:db:2b:84:40:a3:4d:c1:42:ee:c8:62:
                    06:fb:fd:ab:57:74:7b:47:ef:1c:1a:14:55:88:f4:
                    65:f4:18:b9:67:31:7e:95:66:ce:0c:aa:77:94:65:
                    b6:ea:88:37:24:42:6c:c3:93:ad:51:a3:3a:c3:fd:
                    47:bb:74:0c:48:f6:6e:7a:e3:65:ce:6c:7e:27:fe:
                    dd:5f:b7:92:fd:d4:a9:84:35:0f:32:0b:ce:6b:70:
                    17:a7:d2:70:dc:d3:22:5a:29:1d:6b:d9:f5:49:ed:
                    bf:8c:67:c7:85:73:5b:5f:bd:a2:f2:18:7e:17:5a:
                    82:63:ba:7c:74:ad:c2:71:1d:9a:f6:75:35:1b:a5:
                    a3:fe:dc:c0:c7:4c:05:ad:b7:0f:69:b5:40:1b:d2:
                    de:27:9f:91:30:51:bd:fd:a9:33:48:f1:c8:98:33:
                    7f:c0:bc:9a:59:b1:3a:c1:cb:95:72:52:e7:ac:33:
                    c9:59:c4:e7:ab:1c:0d:9f:8c:17:86:91:18:7e:74:
                    1d:09:dc:71:22:46:2c:36:6a:6f:e6:69:70:d8:a4:
                    4c:b9:9e:6a:ad:41:80:2e:b1:e8:d4:d1:08:3d:dc:
                    00:2a:78:bd:fa:bb:1c:39:e0:91:ce:23:eb:7a:3c:
                    a5:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:3B:9A:9B:CA:80:75:F7:96:0E:BF:69:81:45:38:62:56:41:09:D8
            X509v3 Authority Key Identifier:
                keyid:1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/czuam8qAdfeWDr9pgUU4YlZBCdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.149.229.0-91.149.231.255

    Signature Algorithm: sha256WithRSAEncryption
         b8:19:9b:06:f7:04:14:8b:5f:6c:c6:6f:92:da:95:05:b7:ea:
         54:6e:e6:55:fe:c4:ec:17:e8:9d:26:c4:a0:30:92:11:40:cd:
         e6:bf:68:f9:ae:dc:c2:9f:9a:b2:ff:e0:0b:1a:93:36:8e:bb:
         2b:fe:46:07:96:f2:83:1c:a2:0f:04:ef:1f:f7:44:db:05:6f:
         fe:4e:26:84:06:f0:76:f1:01:e3:65:b0:24:a9:98:10:67:b0:
         73:49:01:23:a4:11:1a:b5:ff:b4:9e:d2:c7:f2:74:7c:2e:be:
         e9:58:2b:2f:fc:bb:bd:c8:1c:c2:34:ee:ec:66:fd:dd:31:86:
         88:31:30:4a:69:d6:c9:b9:f9:6a:b2:32:d3:c5:c3:23:94:78:
         86:9d:c7:90:7c:4c:8c:38:f2:33:22:e0:5f:ed:e7:69:d8:03:
         fa:45:d3:49:75:6b:e8:47:2c:5b:71:f8:91:9e:8a:4e:56:81:
         25:43:1e:a8:20:cd:dd:e8:e9:e0:97:81:13:51:70:4e:36:fa:
         97:51:75:d6:ea:b0:b8:11:a6:8a:93:b1:a8:20:92:99:a3:7f:
         8e:91:be:6f:50:9c:b5:82:a4:a2:c6:91:8c:70:1f:bf:b7:a9:
         57:3e:ac:0d:4a:95:e0:51:53:27:bd:63:13:b0:29:d8:6b:3e:
         62:77:3a:28
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzCbX3DDrzx6/TLl59nwku5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2I2Mzc2YTE2NDhkNDlkNTVlNGQ3YjAxMzcxMzY3YjBk
YzJhZjkwHhcNMjQwMTAxMDAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzNiOWE5YmNhODA3NWY3OTYwZWJmNjk4MTQ1Mzg2MjU2NDEwOWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlf15TgAGNxK4biWe1Hst0igy2yuE
QKNNwULuyGIG+/2rV3R7R+8cGhRViPRl9Bi5ZzF+lWbODKp3lGW26og3JEJsw5Ot
UaM6w/1Hu3QMSPZueuNlzmx+J/7dX7eS/dSphDUPMgvOa3AXp9Jw3NMiWikda9n1
Se2/jGfHhXNbX72i8hh+F1qCY7p8dK3CcR2a9nU1G6Wj/tzAx0wFrbcPabVAG9Le
J5+RMFG9/akzSPHImDN/wLyaWbE6wcuVclLnrDPJWcTnqxwNn4wXhpEYfnQdCdxx
IkYsNmpv5mlw2KRMuZ5qrUGALrHo1NEIPdwAKni9+rscOeCRziPrejylNwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHM7mpvKgHX3lg6/aYFFOGJWQQnYMB8GA1UdIwQY
MBaAFBrLY3ahZI1J1V5NewE3E2ew3Cr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAt
N2E5MzY3NTFkYjFiLzEvY3p1YW04cUFkZmVXRHI5cGdVVTRZbFpCQ2RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAtN2E5MzY3NTFkYjFi
LzEvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABbleUD
BANbleAwDQYJKoZIhvcNAQELBQADggEBALgZmwb3BBSLX2zGb5LalQW36lRu5lX+
xOwX6J0mxKAwkhFAzea/aPmu3MKfmrL/4AsakzaOuyv+RgeW8oMcog8E7x/3RNsF
b/5OJoQG8HbxAeNlsCSpmBBnsHNJASOkERq1/7Se0sfydHwuvulYKy/8u73IHMI0
7uxm/d0xhogxMEpp1sm5+WqyMtPFwyOUeIadx5B8TIw48jMi4F/t52nYA/pF00l1
a+hHLFtx+JGeik5WgSVDHqggzd3o6eCXgRNRcE42+pdRddbqsLgRpoqTsaggkpmj
f46Rvm9QnLWCpKLGkYxwH7+3qVc+rA1KleBRUye9YxOwKdhrPmJ3Oig=
-----END CERTIFICATE-----