Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/c06781-d5d7-4548-9dfa-b28c3c8c9909/1/xW0PVgSwiKLlsNvIKrgooMIBoj0.roa
File:                     xW0PVgSwiKLlsNvIKrgooMIBoj0.roa (raw, json)
Hash identifier:          18fGACxXgDjisij6NyDb4/vRw9k68tVv3TQLMqpb8GQ=
Subject key identifier:   C5:6D:0F:56:04:B0:88:A2:E5:B0:DB:C8:2A:B8:28:A0:C2:01:A2:3D
Certificate issuer:       /CN=592c699f8fecbec847d3390b4658dd3cb21c52b3
Certificate serial:       019137153DE0C7398BF633632CEA85918F33
Authority key identifier: 59:2C:69:9F:8F:EC:BE:C8:47:D3:39:0B:46:58:DD:3C:B2:1C:52:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WSxpn4_svshH0zkLRljdPLIcUrM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/c06781-d5d7-4548-9dfa-b28c3c8c9909/1/xW0PVgSwiKLlsNvIKrgooMIBoj0.roa
Signing time:             Fri 09 Aug 2024 12:20:24 +0000
ROA not before:           Fri 09 Aug 2024 12:20:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62355
IP address blocks:        91.218.182.0/24 maxlen: 24
                          2001:67c:26dc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/c06781-d5d7-4548-9dfa-b28c3c8c9909/1/WSxpn4_svshH0zkLRljdPLIcUrM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/c06781-d5d7-4548-9dfa-b28c3c8c9909/1/WSxpn4_svshH0zkLRljdPLIcUrM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WSxpn4_svshH0zkLRljdPLIcUrM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:37:15:3d:e0:c7:39:8b:f6:33:63:2c:ea:85:91:8f:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=592c699f8fecbec847d3390b4658dd3cb21c52b3
        Validity
            Not Before: Aug  9 12:20:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c56d0f5604b088a2e5b0dbc82ab828a0c201a23d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:65:03:81:53:2b:7e:c1:a0:cc:63:73:5a:95:
                    88:1a:47:f8:5b:5f:95:71:9e:6e:3d:d7:2c:f9:d6:
                    27:c6:40:58:b2:57:74:cd:82:b2:cd:65:09:52:92:
                    1c:33:1b:0a:37:61:99:5b:99:ce:6f:96:72:f2:7f:
                    b9:a4:86:b2:d2:0a:1e:41:ff:aa:16:9f:46:98:61:
                    dd:44:cd:bb:31:51:c2:fe:fe:51:7a:74:6c:21:4f:
                    95:da:13:79:0e:1b:8c:41:6a:81:92:fa:3f:cd:e4:
                    6b:a0:3a:dc:c7:b7:90:a4:71:6c:bb:9c:73:f5:ba:
                    dd:d8:07:1a:02:48:0b:66:85:d8:35:65:4b:46:d0:
                    b7:5c:0c:0d:b5:d2:e7:a0:d5:e4:38:74:2d:6c:af:
                    53:7c:8a:e6:25:20:5f:2a:6d:60:cd:60:45:9a:be:
                    56:80:bf:17:c9:c5:b4:19:0a:19:9d:e2:5a:39:26:
                    fd:6c:9b:fa:76:df:eb:19:67:70:8c:62:bc:ce:17:
                    99:b0:a1:da:d2:ab:b8:13:ec:2f:3e:91:a5:69:9c:
                    b5:c7:ab:c9:05:62:1b:3d:a5:6e:ef:db:92:b1:c1:
                    33:3b:e8:79:f9:2e:fd:3e:91:dc:78:1d:01:24:e2:
                    cf:b7:11:ef:b1:86:45:ce:51:13:7c:a5:51:8b:f6:
                    23:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:6D:0F:56:04:B0:88:A2:E5:B0:DB:C8:2A:B8:28:A0:C2:01:A2:3D
            X509v3 Authority Key Identifier:
                keyid:59:2C:69:9F:8F:EC:BE:C8:47:D3:39:0B:46:58:DD:3C:B2:1C:52:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WSxpn4_svshH0zkLRljdPLIcUrM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/c06781-d5d7-4548-9dfa-b28c3c8c9909/1/xW0PVgSwiKLlsNvIKrgooMIBoj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/c06781-d5d7-4548-9dfa-b28c3c8c9909/1/WSxpn4_svshH0zkLRljdPLIcUrM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.182.0/24
                IPv6:
                  2001:67c:26dc::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:6e:c6:7e:1c:08:c5:ff:53:61:ba:61:80:42:fd:e3:9e:f6:
         bb:91:1e:8e:f5:20:95:95:b5:ec:e8:a2:27:5d:f1:3d:63:bd:
         11:0c:54:67:5c:4f:7c:e6:17:08:e3:c6:84:60:2d:a9:cb:c4:
         21:58:77:c6:a1:67:28:92:58:96:08:c9:9b:22:14:2d:4a:f5:
         b2:7c:6f:c2:cc:0d:14:1f:99:40:36:a1:d2:f7:40:ae:f3:28:
         5c:88:63:cc:5b:d0:ba:69:bd:9c:8b:1d:98:37:03:7c:fa:d5:
         a1:e1:17:40:5d:33:f7:90:e2:5c:d8:63:b6:22:55:7f:0a:3d:
         d6:56:9c:60:79:1f:cb:00:2c:63:3b:5c:c5:c7:40:cf:16:35:
         78:37:e1:43:6d:25:1f:f0:be:1a:eb:e2:11:4b:75:a8:67:4f:
         e2:8d:92:e3:e6:bc:8b:c1:48:4a:c4:21:9a:72:07:54:a5:6a:
         d8:17:eb:09:f7:76:9c:e5:25:31:6e:d0:56:de:ef:b9:c5:34:
         b8:9c:02:7f:97:52:0d:8f:51:c4:4c:39:2d:9f:cc:e0:ef:39:
         c5:1c:e2:42:aa:34:e4:3e:c0:b6:bd:a6:d6:2c:a7:00:20:c5:
         6f:85:43:95:77:d6:4d:0a:17:fc:6b:8e:71:5e:cb:c9:57:f3:
         db:a2:5a:85
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZE3FT3gxzmL9jNjLOqFkY8zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5MmM2OTlmOGZlY2JlYzg0N2QzMzkwYjQ2NThkZDNjYjIx
YzUyYjMwHhcNMjQwODA5MTIyMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTZkMGY1NjA0YjA4OGEyZTViMGRiYzgyYWI4MjhhMGMyMDFhMjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGUDgVMrfsGgzGNzWpWIGkf4W1+V
cZ5uPdcs+dYnxkBYsld0zYKyzWUJUpIcMxsKN2GZW5nOb5Zy8n+5pIay0goeQf+q
Fp9GmGHdRM27MVHC/v5RenRsIU+V2hN5DhuMQWqBkvo/zeRroDrcx7eQpHFsu5xz
9brd2AcaAkgLZoXYNWVLRtC3XAwNtdLnoNXkOHQtbK9TfIrmJSBfKm1gzWBFmr5W
gL8XycW0GQoZneJaOSb9bJv6dt/rGWdwjGK8zheZsKHa0qu4E+wvPpGlaZy1x6vJ
BWIbPaVu79uSscEzO+h5+S79PpHceB0BJOLPtxHvsYZFzlETfKVRi/Yj0QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMVtD1YEsIii5bDbyCq4KKDCAaI9MB8GA1UdIwQY
MBaAFFksaZ+P7L7IR9M5C0ZY3TyyHFKzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1N4cG40X3N2c2hIMHprTFJsamRQTEljVXJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9jMDY3ODEtZDVkNy00NTQ4LTlkZmEt
YjI4YzNjOGM5OTA5LzEveFcwUFZnU3dpS0xsc052SUtyZ29vTUlCb2owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9jMDY3ODEtZDVkNy00NTQ4LTlkZmEtYjI4YzNjOGM5OTA5
LzEvV1N4cG40X3N2c2hIMHprTFJsamRQTEljVXJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9q2MA8E
AgACMAkDBwAgAQZ8JtwwDQYJKoZIhvcNAQELBQADggEBAIFuxn4cCMX/U2G6YYBC
/eOe9ruRHo71IJWVtezooidd8T1jvREMVGdcT3zmFwjjxoRgLanLxCFYd8ahZyiS
WJYIyZsiFC1K9bJ8b8LMDRQfmUA2odL3QK7zKFyIY8xb0LppvZyLHZg3A3z61aHh
F0BdM/eQ4lzYY7YiVX8KPdZWnGB5H8sALGM7XMXHQM8WNXg34UNtJR/wvhrr4hFL
dahnT+KNkuPmvIvBSErEIZpyB1SlatgX6wn3dpzlJTFu0Fbe77nFNLicAn+XUg2P
UcRMOS2fzODvOcUc4kKqNOQ+wLa9ptYspwAgxW+FQ5V31k0KF/xrjnFey8lX89ui
WoU=
-----END CERTIFICATE-----