Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/100c81-56f5-4db6-a66a-b1043b635a1e/1/CzS60ntrl-ifakYiPMHnNys_2hg.roa
File:                     CzS60ntrl-ifakYiPMHnNys_2hg.roa (raw, json)
Hash identifier:          gJEVLSYuR5fsAEatKrGL8Os1DpygWBOtVxsvnHWW9x0=
Subject key identifier:   0B:34:BA:D2:7B:6B:97:E8:9F:6A:46:22:3C:C1:E7:37:2B:3F:DA:18
Certificate issuer:       /CN=d462f9b1c0f6fa9ca531764e26d3aed211bfed81
Certificate serial:       0194266AF1DBA306056BA5D5EF29642217E8
Authority key identifier: D4:62:F9:B1:C0:F6:FA:9C:A5:31:76:4E:26:D3:AE:D2:11:BF:ED:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1GL5scD2-pylMXZOJtOu0hG_7YE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/100c81-56f5-4db6-a66a-b1043b635a1e/1/CzS60ntrl-ifakYiPMHnNys_2hg.roa
Signing time:             Thu 02 Jan 2025 09:48:50 +0000
ROA not before:           Thu 02 Jan 2025 09:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198882
IP address blocks:        91.240.35.0/24 maxlen: 24
                          2001:67c:29d0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/100c81-56f5-4db6-a66a-b1043b635a1e/1/1GL5scD2-pylMXZOJtOu0hG_7YE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/100c81-56f5-4db6-a66a-b1043b635a1e/1/1GL5scD2-pylMXZOJtOu0hG_7YE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1GL5scD2-pylMXZOJtOu0hG_7YE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:f1:db:a3:06:05:6b:a5:d5:ef:29:64:22:17:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d462f9b1c0f6fa9ca531764e26d3aed211bfed81
        Validity
            Not Before: Jan  2 09:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b34bad27b6b97e89f6a46223cc1e7372b3fda18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:4a:9e:cc:bb:94:5c:64:65:cd:41:e5:85:0c:
                    b4:d1:01:69:ad:2b:b2:eb:18:4f:66:1d:f4:b1:b0:
                    c0:28:cf:b7:a0:b7:80:15:bb:09:b8:52:24:55:17:
                    31:57:3c:fc:56:7e:c8:7f:23:8b:e9:5c:2d:a2:04:
                    86:65:4d:0c:cc:fa:38:86:e3:e3:1a:9d:65:86:46:
                    7d:19:bf:e1:8b:fd:18:56:fb:4d:11:02:34:48:65:
                    16:5b:4d:9a:fc:3e:8a:93:61:e2:2c:67:4c:60:e8:
                    ca:5c:03:b3:ae:cb:fb:36:af:08:e0:b1:cc:8c:b1:
                    46:4e:82:99:3a:4c:0a:3e:61:fd:3b:33:5f:ad:5c:
                    52:d8:ab:7e:67:c1:df:42:25:45:18:fa:9c:24:4b:
                    9e:98:74:f4:5a:56:97:72:6f:46:20:52:3e:bd:30:
                    a8:f4:0d:16:09:2f:57:08:cb:e3:ef:fc:ae:a3:e6:
                    d8:61:89:06:4e:37:91:ad:30:03:16:03:ce:03:d4:
                    c2:cb:b4:2d:c8:61:a0:e0:48:5e:bd:ea:c4:8b:11:
                    1b:b7:2a:3d:ec:41:4f:46:ba:ef:77:c0:70:9a:bd:
                    bc:cf:f9:f4:97:ac:73:2a:19:3b:31:12:a6:e8:74:
                    c8:84:15:3c:40:09:1b:4b:78:86:11:3e:39:f7:16:
                    6b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:34:BA:D2:7B:6B:97:E8:9F:6A:46:22:3C:C1:E7:37:2B:3F:DA:18
            X509v3 Authority Key Identifier:
                keyid:D4:62:F9:B1:C0:F6:FA:9C:A5:31:76:4E:26:D3:AE:D2:11:BF:ED:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1GL5scD2-pylMXZOJtOu0hG_7YE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/100c81-56f5-4db6-a66a-b1043b635a1e/1/CzS60ntrl-ifakYiPMHnNys_2hg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/100c81-56f5-4db6-a66a-b1043b635a1e/1/1GL5scD2-pylMXZOJtOu0hG_7YE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.35.0/24
                IPv6:
                  2001:67c:29d0::/48

    Signature Algorithm: sha256WithRSAEncryption
         8f:bb:ee:7d:12:28:2e:b7:f2:db:46:30:17:63:b5:bd:33:b2:
         08:1b:10:9f:fb:4e:05:d7:0e:b9:8b:3b:12:c1:b5:df:ce:f8:
         60:01:98:7c:1c:f5:28:44:e8:10:37:e8:34:b5:60:1b:70:9c:
         95:20:ed:db:c8:9b:4a:00:d8:46:78:5f:12:3e:9d:54:19:ff:
         67:99:bf:03:39:87:fe:a6:b8:ed:25:a8:bb:00:85:ec:4c:11:
         3c:05:1e:cc:63:e8:07:7c:97:44:51:4a:2a:c3:17:e9:44:fe:
         3a:f9:df:39:59:e9:a4:96:51:bd:a8:21:d8:f3:27:0e:03:bc:
         5b:1b:7d:a1:97:11:35:9a:a1:1f:f6:f9:42:eb:b3:79:a2:93:
         44:1e:90:fb:6b:55:1e:9e:b9:38:3d:e5:66:1c:f2:6d:49:04:
         4b:61:15:f1:89:3c:5a:86:24:e6:ff:84:b5:5f:83:17:8c:a9:
         0b:a7:63:a9:c4:77:a1:3f:4b:11:e9:33:ad:e2:90:93:85:39:
         2a:a9:79:dc:67:49:ef:0e:ae:02:b5:69:9d:96:9f:ed:b0:65:
         ca:a7:bf:5e:cb:7b:22:ac:c2:50:2a:87:e6:80:2e:0a:ed:9a:
         b2:8d:28:c6:73:aa:bc:36:00:96:e8:f5:62:4d:3a:38:48:12:
         d7:b9:68:f5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQmavHbowYFa6XV7ylkIhfoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NjJmOWIxYzBmNmZhOWNhNTMxNzY0ZTI2ZDNhZWQyMTFi
ZmVkODEwHhcNMjUwMTAyMDk0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjM0YmFkMjdiNmI5N2U4OWY2YTQ2MjIzY2MxZTczNzJiM2ZkYTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUqezLuUXGRlzUHlhQy00QFprSuy
6xhPZh30sbDAKM+3oLeAFbsJuFIkVRcxVzz8Vn7IfyOL6VwtogSGZU0MzPo4huPj
Gp1lhkZ9Gb/hi/0YVvtNEQI0SGUWW02a/D6Kk2HiLGdMYOjKXAOzrsv7Nq8I4LHM
jLFGToKZOkwKPmH9OzNfrVxS2Kt+Z8HfQiVFGPqcJEuemHT0WlaXcm9GIFI+vTCo
9A0WCS9XCMvj7/yuo+bYYYkGTjeRrTADFgPOA9TCy7QtyGGg4EheverEixEbtyo9
7EFPRrrvd8Bwmr28z/n0l6xzKhk7MRKm6HTIhBU8QAkbS3iGET459xZrIQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAs0utJ7a5fon2pGIjzB5zcrP9oYMB8GA1UdIwQY
MBaAFNRi+bHA9vqcpTF2TibTrtIRv+2BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUdMNXNjRDItcHlsTVhaT0p0T3UwaEdfN1lFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8xMDBjODEtNTZmNS00ZGI2LWE2NmEt
YjEwNDNiNjM1YTFlLzEvQ3pTNjBudHJsLWlmYWtZaVBNSG5OeXNfMmhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8xMDBjODEtNTZmNS00ZGI2LWE2NmEtYjEwNDNiNjM1YTFl
LzEvMUdMNXNjRDItcHlsTVhaT0p0T3UwaEdfN1lFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW/AjMA8E
AgACMAkDBwAgAQZ8KdAwDQYJKoZIhvcNAQELBQADggEBAI+77n0SKC638ttGMBdj
tb0zsggbEJ/7TgXXDrmLOxLBtd/O+GABmHwc9ShE6BA36DS1YBtwnJUg7dvIm0oA
2EZ4XxI+nVQZ/2eZvwM5h/6muO0lqLsAhexMETwFHsxj6Ad8l0RRSirDF+lE/jr5
3zlZ6aSWUb2oIdjzJw4DvFsbfaGXETWaoR/2+ULrs3mik0QekPtrVR6euTg95WYc
8m1JBEthFfGJPFqGJOb/hLVfgxeMqQunY6nEd6E/SxHpM63ikJOFOSqpedxnSe8O
rgK1aZ2Wn+2wZcqnv17LeyKswlAqh+aALgrtmrKNKMZzqrw2AJbo9WJNOjhIEte5
aPU=
-----END CERTIFICATE-----