Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/6ba6a3-25e0-499a-a7a9-98398fdbc9fb/1/WlM2GBFcZbxoDsjdrwmIEriU9ec.roa
File:                     WlM2GBFcZbxoDsjdrwmIEriU9ec.roa (raw, json)
Hash identifier:          vlnaqyKtmbOyHPuLuepV1xDg4WYhfwvi3hja4Ta8mvA=
Subject key identifier:   5A:53:36:18:11:5C:65:BC:68:0E:C8:DD:AF:09:88:12:B8:94:F5:E7
Certificate issuer:       /CN=1a946f4a826d622a338ed83e0afcdf78c87604f8
Certificate serial:       018CC64B131D88458452FDEF70AF6FC0887C
Authority key identifier: 1A:94:6F:4A:82:6D:62:2A:33:8E:D8:3E:0A:FC:DF:78:C8:76:04:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GpRvSoJtYiozjtg-CvzfeMh2BPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/6ba6a3-25e0-499a-a7a9-98398fdbc9fb/1/WlM2GBFcZbxoDsjdrwmIEriU9ec.roa
Signing time:             Mon 01 Jan 2024 18:30:58 +0000
ROA not before:           Mon 01 Jan 2024 18:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208116
IP address blocks:        91.204.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/6ba6a3-25e0-499a-a7a9-98398fdbc9fb/1/GpRvSoJtYiozjtg-CvzfeMh2BPg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/6ba6a3-25e0-499a-a7a9-98398fdbc9fb/1/GpRvSoJtYiozjtg-CvzfeMh2BPg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GpRvSoJtYiozjtg-CvzfeMh2BPg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:13:1d:88:45:84:52:fd:ef:70:af:6f:c0:88:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a946f4a826d622a338ed83e0afcdf78c87604f8
        Validity
            Not Before: Jan  1 18:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a533618115c65bc680ec8ddaf098812b894f5e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b9:17:9d:28:94:13:88:0c:97:e2:31:13:41:
                    06:61:77:de:01:5c:66:3d:39:85:43:42:f0:5b:7b:
                    16:2f:bf:5b:c5:17:9e:6f:5d:c6:da:98:5a:c9:44:
                    85:dc:9e:9d:ba:9f:4c:31:76:3c:d9:17:9b:4c:a6:
                    be:b4:5c:62:c7:55:ee:7e:83:77:7d:42:05:4f:2a:
                    b4:0b:33:5f:5f:1e:75:39:3c:f6:ca:ca:ab:1d:67:
                    22:49:1d:26:8c:6d:94:64:e7:3a:4e:ea:e6:ff:20:
                    aa:b2:6c:8e:09:68:51:a0:c4:94:5f:ce:dd:e0:c9:
                    eb:a9:15:02:1c:f1:d7:7c:b3:33:ed:50:bd:37:8c:
                    fd:d9:a5:49:0e:1e:bc:c5:9a:3b:73:09:66:a2:71:
                    82:3d:0b:14:5e:3d:b7:65:7b:11:66:db:b0:cf:bc:
                    95:70:e1:a2:b2:c7:16:3d:54:79:10:f3:a1:c0:3f:
                    16:9a:d0:52:73:6a:92:0f:46:0d:ef:53:4e:15:a2:
                    e5:ce:c6:a3:a0:0b:66:38:5d:12:d5:97:aa:a6:33:
                    c4:15:77:78:06:8c:6a:3e:aa:29:a9:8b:7d:a5:1e:
                    18:3a:37:22:ca:86:16:61:ce:01:d8:7c:11:46:51:
                    c9:53:80:a8:21:0d:f7:d1:4d:42:0a:6c:6e:bf:23:
                    db:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:53:36:18:11:5C:65:BC:68:0E:C8:DD:AF:09:88:12:B8:94:F5:E7
            X509v3 Authority Key Identifier:
                keyid:1A:94:6F:4A:82:6D:62:2A:33:8E:D8:3E:0A:FC:DF:78:C8:76:04:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GpRvSoJtYiozjtg-CvzfeMh2BPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/6ba6a3-25e0-499a-a7a9-98398fdbc9fb/1/WlM2GBFcZbxoDsjdrwmIEriU9ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/6ba6a3-25e0-499a-a7a9-98398fdbc9fb/1/GpRvSoJtYiozjtg-CvzfeMh2BPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.204.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:19:c9:df:5f:7a:10:6e:02:31:86:8a:71:24:02:9a:8c:5a:
         8b:d0:8d:c0:12:52:41:ae:39:1f:f0:b0:ea:65:55:d6:0b:97:
         4e:98:11:e7:99:e6:a2:8e:d5:87:f9:63:ac:27:5c:f6:8c:bc:
         27:e4:00:63:6f:1b:0e:26:cf:0a:18:f2:49:2b:15:8b:6a:e5:
         39:b3:12:93:4d:79:7e:9c:9d:6b:df:b9:ad:e0:a8:ec:55:39:
         12:1c:e0:61:ff:e8:8a:b2:bb:ae:f6:af:27:b9:08:fd:de:c3:
         e4:5c:2c:88:8b:d7:0b:17:ee:10:3c:c6:80:c3:c7:33:7d:5b:
         0b:a8:93:49:41:6e:b0:4a:67:97:05:8f:a7:4d:85:ba:89:3a:
         93:ba:62:5c:e3:5d:04:d2:b9:f1:75:82:cf:dd:15:82:f8:fa:
         a3:ac:e9:f8:21:3d:b8:0b:65:8a:66:09:1f:c8:1a:c9:56:2a:
         92:70:28:b6:6f:a4:f8:a0:bf:8d:ff:ed:60:38:8c:f8:d8:fe:
         d7:bc:7c:85:80:de:a6:73:24:0a:54:e7:3e:b0:e0:03:21:b4:
         03:fb:23:44:a1:de:da:4e:4f:3b:a2:fe:d1:a0:65:32:fd:25:
         a7:6d:44:a8:6b:30:5f:10:4b:14:1a:9f:b2:b6:25:ad:da:7f:
         89:3e:c1:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSxMdiEWEUv3vcK9vwIh8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhOTQ2ZjRhODI2ZDYyMmEzMzhlZDgzZTBhZmNkZjc4Yzg3
NjA0ZjgwHhcNMjQwMTAxMTgzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTUzMzYxODExNWM2NWJjNjgwZWM4ZGRhZjA5ODgxMmI4OTRmNWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbkXnSiUE4gMl+IxE0EGYXfeAVxm
PTmFQ0LwW3sWL79bxReeb13G2phayUSF3J6dup9MMXY82RebTKa+tFxix1XufoN3
fUIFTyq0CzNfXx51OTz2ysqrHWciSR0mjG2UZOc6Turm/yCqsmyOCWhRoMSUX87d
4MnrqRUCHPHXfLMz7VC9N4z92aVJDh68xZo7cwlmonGCPQsUXj23ZXsRZtuwz7yV
cOGisscWPVR5EPOhwD8WmtBSc2qSD0YN71NOFaLlzsajoAtmOF0S1ZeqpjPEFXd4
BoxqPqopqYt9pR4YOjciyoYWYc4B2HwRRlHJU4CoIQ330U1CCmxuvyPbtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFpTNhgRXGW8aA7I3a8JiBK4lPXnMB8GA1UdIwQY
MBaAFBqUb0qCbWIqM47YPgr833jIdgT4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3BSdlNvSnRZaW96anRnLUN2emZlTWgyQlBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi82YmE2YTMtMjVlMC00OTlhLWE3YTkt
OTgzOThmZGJjOWZiLzEvV2xNMkdCRmNaYnhvRHNqZHJ3bUlFcmlVOWVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi82YmE2YTMtMjVlMC00OTlhLWE3YTktOTgzOThmZGJjOWZi
LzEvR3BSdlNvSnRZaW96anRnLUN2emZlTWgyQlBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8xSMA0G
CSqGSIb3DQEBCwUAA4IBAQCJGcnfX3oQbgIxhopxJAKajFqL0I3AElJBrjkf8LDq
ZVXWC5dOmBHnmeaijtWH+WOsJ1z2jLwn5ABjbxsOJs8KGPJJKxWLauU5sxKTTXl+
nJ1r37mt4KjsVTkSHOBh/+iKsruu9q8nuQj93sPkXCyIi9cLF+4QPMaAw8czfVsL
qJNJQW6wSmeXBY+nTYW6iTqTumJc410E0rnxdYLP3RWC+PqjrOn4IT24C2WKZgkf
yBrJViqScCi2b6T4oL+N/+1gOIz42P7XvHyFgN6mcyQKVOc+sOADIbQD+yNEod7a
Tk87ov7RoGUy/SWnbUSoazBfEEsUGp+ytiWt2n+JPsFb
-----END CERTIFICATE-----