Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/wtfZZhC3-87-vUS0NY7EF_zoS7o.roa
File:                     wtfZZhC3-87-vUS0NY7EF_zoS7o.roa (raw, json)
Hash identifier:          OUtEVwuR622lnbDrjjPkw8vly75xpFetxyB3E7jt2q4=
Subject key identifier:   C2:D7:D9:66:10:B7:FB:CE:FE:BD:44:B4:35:8E:C4:17:FC:E8:4B:BA
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       01912CBD422D3CC6CBE89195333DC638BB1B
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/wtfZZhC3-87-vUS0NY7EF_zoS7o.roa
Signing time:             Wed 07 Aug 2024 12:08:06 +0000
ROA not before:           Wed 07 Aug 2024 12:08:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203963
IP address blocks:        89.191.112.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2c:bd:42:2d:3c:c6:cb:e8:91:95:33:3d:c6:38:bb:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Aug  7 12:08:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2d7d96610b7fbcefebd44b4358ec417fce84bba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:9a:d6:83:4a:73:97:c8:34:5d:b4:ea:5c:37:
                    b4:16:81:41:42:19:a2:08:57:bf:30:af:a9:51:59:
                    da:4d:59:31:2d:b2:d1:70:c6:4a:da:f3:89:e1:23:
                    4d:6f:6e:66:43:54:c6:fb:5a:74:31:e8:a6:38:e6:
                    32:b2:6a:ed:ba:f4:22:b4:de:98:50:6b:2c:ef:c8:
                    69:99:15:73:4e:8b:e0:52:85:27:1b:f1:cc:44:f6:
                    50:c0:d0:2d:1d:19:8f:e1:8e:a4:c1:d5:e8:fb:71:
                    28:06:41:2f:9b:9f:1d:97:20:9c:0e:95:8b:80:b4:
                    91:57:e6:b0:aa:ba:59:42:71:38:ca:bb:27:c8:80:
                    13:17:46:4b:ed:00:5a:5c:2c:03:81:57:59:b7:1d:
                    23:59:99:a6:78:22:dc:51:06:84:9d:e6:49:d2:2c:
                    27:d1:d5:5b:8d:7c:54:04:db:c9:87:14:9c:8b:40:
                    0b:2b:71:62:bc:e4:b7:11:02:21:fd:ee:22:f6:2c:
                    0b:4a:75:9c:37:54:9a:26:0e:27:17:ee:a1:e0:e4:
                    ff:68:18:87:93:ac:d6:7d:7b:8a:6f:b1:dc:0f:3e:
                    23:23:48:18:ab:9b:70:b3:ca:3f:66:60:df:41:ba:
                    89:e4:d8:ed:0b:7c:51:1d:72:59:26:98:0a:8b:62:
                    6e:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:D7:D9:66:10:B7:FB:CE:FE:BD:44:B4:35:8E:C4:17:FC:E8:4B:BA
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/wtfZZhC3-87-vUS0NY7EF_zoS7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.191.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7f:a7:ee:0f:73:86:6b:c0:81:50:04:ca:20:5f:da:db:92:89:
         28:42:db:fd:5d:49:27:e4:60:f1:f8:a9:f2:17:ca:22:e5:5c:
         22:73:c1:89:91:74:d4:68:de:40:28:45:06:ab:02:67:8f:75:
         b0:c1:2a:fa:29:1f:1e:0e:be:78:52:07:f0:60:db:63:99:33:
         f2:5b:ca:15:ae:3a:fa:f8:19:c7:73:e7:8d:7f:ae:96:49:a3:
         49:71:41:a9:62:76:a7:4b:00:2e:c6:4a:b0:61:3d:dc:3e:be:
         13:d7:71:c7:ed:9f:c6:ba:87:04:7a:b6:e6:c7:c3:7d:b1:28:
         92:2a:16:14:c7:6b:3d:73:bb:39:4b:db:5f:c4:4f:5e:7d:96:
         78:d0:84:be:38:c8:30:47:83:f2:cb:23:78:43:8f:a5:1e:1a:
         cf:97:f5:80:59:8a:5b:d4:b8:d1:cc:e2:0e:21:a3:ad:19:80:
         d4:9b:e9:82:26:ff:69:52:97:c8:ee:70:b5:7a:9c:cb:d0:df:
         ff:c8:b6:a2:13:5b:f7:52:00:61:34:e0:bd:e1:e1:e5:53:cd:
         3e:a6:1f:f3:e0:56:c6:c6:6d:fe:d6:93:d2:26:c4:20:bd:27:
         8a:e6:48:36:22:70:1f:ab:78:a9:be:ae:6d:1f:d0:eb:93:12:
         0b:3e:05:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZEsvUItPMbL6JGVMz3GOLsbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwODA3MTIwODA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmQ3ZDk2NjEwYjdmYmNlZmViZDQ0YjQzNThlYzQxN2ZjZTg0YmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqprWg0pzl8g0XbTqXDe0FoFBQhmi
CFe/MK+pUVnaTVkxLbLRcMZK2vOJ4SNNb25mQ1TG+1p0MeimOOYysmrtuvQitN6Y
UGss78hpmRVzTovgUoUnG/HMRPZQwNAtHRmP4Y6kwdXo+3EoBkEvm58dlyCcDpWL
gLSRV+awqrpZQnE4yrsnyIATF0ZL7QBaXCwDgVdZtx0jWZmmeCLcUQaEneZJ0iwn
0dVbjXxUBNvJhxSci0ALK3FivOS3EQIh/e4i9iwLSnWcN1SaJg4nF+6h4OT/aBiH
k6zWfXuKb7HcDz4jI0gYq5tws8o/ZmDfQbqJ5NjtC3xRHXJZJpgKi2JuZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMLX2WYQt/vO/r1EtDWOxBf86Eu6MB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvd3RmWlpoQzMtODctdlVTME5ZN0VGX3pvUzdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDWb9wMA0G
CSqGSIb3DQEBCwUAA4IBAQB/p+4Pc4ZrwIFQBMogX9rbkokoQtv9XUkn5GDx+Kny
F8oi5Vwic8GJkXTUaN5AKEUGqwJnj3WwwSr6KR8eDr54UgfwYNtjmTPyW8oVrjr6
+BnHc+eNf66WSaNJcUGpYnanSwAuxkqwYT3cPr4T13HH7Z/GuocEerbmx8N9sSiS
KhYUx2s9c7s5S9tfxE9efZZ40IS+OMgwR4PyyyN4Q4+lHhrPl/WAWYpb1LjRzOIO
IaOtGYDUm+mCJv9pUpfI7nC1epzL0N//yLaiE1v3UgBhNOC94eHlU80+ph/z4FbG
xm3+1pPSJsQgvSeK5kg2InAfq3ipvq5tH9DrkxILPgXn
-----END CERTIFICATE-----