Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/3ee969-98d1-481a-a487-9a895467da85/1/USWBEZQ3dgti15tr7Va0gW5ktpY.roa
File:                     USWBEZQ3dgti15tr7Va0gW5ktpY.roa (raw, json)
Hash identifier:          liyK86OogHLmL8L/lgQdCmMJhuzNmNAG35/4s47SZ/w=
Subject key identifier:   51:25:81:11:94:37:76:0B:62:D7:9B:6B:ED:56:B4:81:6E:64:B6:96
Certificate issuer:       /CN=c2510a8a525dc9b1ec0b1560d090a64268d42ec4
Certificate serial:       018CC348E71963DF8914C9B0774884672403
Authority key identifier: C2:51:0A:8A:52:5D:C9:B1:EC:0B:15:60:D0:90:A6:42:68:D4:2E:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wlEKilJdybHsCxVg0JCmQmjULsQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/3ee969-98d1-481a-a487-9a895467da85/1/USWBEZQ3dgti15tr7Va0gW5ktpY.roa
Signing time:             Mon 01 Jan 2024 04:29:44 +0000
ROA not before:           Mon 01 Jan 2024 04:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43394
IP address blocks:        91.198.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/3ee969-98d1-481a-a487-9a895467da85/1/wlEKilJdybHsCxVg0JCmQmjULsQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/3ee969-98d1-481a-a487-9a895467da85/1/wlEKilJdybHsCxVg0JCmQmjULsQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wlEKilJdybHsCxVg0JCmQmjULsQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:e7:19:63:df:89:14:c9:b0:77:48:84:67:24:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2510a8a525dc9b1ec0b1560d090a64268d42ec4
        Validity
            Not Before: Jan  1 04:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=512581119437760b62d79b6bed56b4816e64b696
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ea:2c:cd:80:00:ec:08:a5:8d:40:2d:b6:08:
                    51:99:79:03:8b:48:ba:97:bb:78:86:5d:e5:3a:18:
                    bc:8c:43:81:20:8a:43:96:2d:45:a5:07:5f:7d:df:
                    2e:69:cc:6f:c4:2c:ec:47:79:59:d9:4a:9f:e4:8f:
                    f8:80:34:69:56:ca:f7:34:00:43:64:15:f8:16:03:
                    57:34:e0:86:bf:b3:e0:61:50:87:08:28:1b:45:17:
                    1e:74:d0:bc:d8:2d:d5:52:89:e4:d7:74:24:2f:fa:
                    10:86:13:69:9b:b0:0e:18:1d:0f:22:6b:14:c6:01:
                    b3:1d:41:8c:1e:8f:2b:fc:5f:1f:db:12:d3:6a:c3:
                    75:2f:48:8a:85:0b:8f:ef:7e:15:7f:02:20:ba:28:
                    92:84:e3:ab:82:b7:75:7d:5c:91:a8:dc:b5:9c:f6:
                    8c:b0:5b:ee:18:ca:ae:39:0f:ca:c0:6c:a4:59:ba:
                    ca:bd:07:34:60:5f:a5:d5:a4:f9:25:95:dd:9b:76:
                    1e:04:d4:e0:4d:06:55:c3:4f:b6:78:fe:d4:29:c2:
                    2b:63:2c:96:bc:fe:14:2b:af:fa:09:a3:81:0a:c9:
                    26:f8:93:9f:57:cf:cf:9d:7c:2a:13:ad:ab:ba:fa:
                    cf:8b:a9:0f:88:07:c4:5e:cf:37:e4:9a:3d:11:44:
                    03:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:25:81:11:94:37:76:0B:62:D7:9B:6B:ED:56:B4:81:6E:64:B6:96
            X509v3 Authority Key Identifier:
                keyid:C2:51:0A:8A:52:5D:C9:B1:EC:0B:15:60:D0:90:A6:42:68:D4:2E:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wlEKilJdybHsCxVg0JCmQmjULsQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/3ee969-98d1-481a-a487-9a895467da85/1/USWBEZQ3dgti15tr7Va0gW5ktpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/3ee969-98d1-481a-a487-9a895467da85/1/wlEKilJdybHsCxVg0JCmQmjULsQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:45:a1:00:38:96:77:33:c6:0f:02:62:ea:8d:47:b9:da:f7:
         2c:fb:06:85:b3:72:92:25:58:bc:3f:9b:2b:0b:23:4b:a1:7d:
         d2:73:6e:ce:04:2d:4d:51:b0:bd:a7:dc:20:b4:28:ec:da:f9:
         a3:17:c8:4e:d1:b8:dc:8a:be:95:83:84:aa:5c:27:95:c9:df:
         7d:8f:d3:e8:d5:9a:d4:b4:16:4d:9c:15:44:3d:7e:36:96:29:
         dd:6f:44:d3:4b:33:05:dd:45:af:a9:73:69:30:c6:9f:01:d4:
         25:b7:a9:19:e6:7b:6a:6e:7b:b2:c8:2f:5d:59:6d:e0:ec:6d:
         87:b1:de:c0:74:61:95:22:0c:75:29:69:87:a4:59:67:8a:7e:
         d1:14:34:8a:4c:f8:0a:0c:f5:35:58:32:2d:c8:2a:0f:fc:8d:
         d9:c2:17:d1:1f:f9:23:ca:21:ff:d1:9c:e2:0f:1d:b2:d2:b7:
         c9:c8:81:f7:3a:37:aa:e4:a1:8a:bf:79:d8:ef:b9:8b:a9:e8:
         ab:4d:b8:b5:08:47:4b:5f:7c:41:00:13:68:3d:a8:0a:76:bc:
         75:37:de:5c:cd:55:1e:23:36:c9:86:a7:d8:a2:f7:98:de:5d:
         db:6b:38:13:68:ab:b7:6c:fd:93:8e:6e:e6:aa:4d:63:ff:f9:
         9f:ce:2d:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSOcZY9+JFMmwd0iEZyQDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNTEwYThhNTI1ZGM5YjFlYzBiMTU2MGQwOTBhNjQyNjhk
NDJlYzQwHhcNMjQwMTAxMDQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTI1ODExMTk0Mzc3NjBiNjJkNzliNmJlZDU2YjQ4MTZlNjRiNjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAweoszYAA7AiljUAttghRmXkDi0i6
l7t4hl3lOhi8jEOBIIpDli1FpQdffd8uacxvxCzsR3lZ2Uqf5I/4gDRpVsr3NABD
ZBX4FgNXNOCGv7PgYVCHCCgbRRcedNC82C3VUonk13QkL/oQhhNpm7AOGB0PImsU
xgGzHUGMHo8r/F8f2xLTasN1L0iKhQuP734VfwIguiiShOOrgrd1fVyRqNy1nPaM
sFvuGMquOQ/KwGykWbrKvQc0YF+l1aT5JZXdm3YeBNTgTQZVw0+2eP7UKcIrYyyW
vP4UK6/6CaOBCskm+JOfV8/PnXwqE62ruvrPi6kPiAfEXs835Jo9EUQDSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFElgRGUN3YLYteba+1WtIFuZLaWMB8GA1UdIwQY
MBaAFMJRCopSXcmx7AsVYNCQpkJo1C7EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2xFS2lsSmR5YkhzQ3hWZzBKQ21RbWpVTHNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8zZWU5NjktOThkMS00ODFhLWE0ODct
OWE4OTU0NjdkYTg1LzEvVVNXQkVaUTNkZ3RpMTV0cjdWYTBnVzVrdHBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8zZWU5NjktOThkMS00ODFhLWE0ODctOWE4OTU0NjdkYTg1
LzEvd2xFS2lsSmR5YkhzQ3hWZzBKQ21RbWpVTHNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8bWMA0G
CSqGSIb3DQEBCwUAA4IBAQBoRaEAOJZ3M8YPAmLqjUe52vcs+waFs3KSJVi8P5sr
CyNLoX3Sc27OBC1NUbC9p9wgtCjs2vmjF8hO0bjcir6Vg4SqXCeVyd99j9Po1ZrU
tBZNnBVEPX42lindb0TTSzMF3UWvqXNpMMafAdQlt6kZ5ntqbnuyyC9dWW3g7G2H
sd7AdGGVIgx1KWmHpFlnin7RFDSKTPgKDPU1WDItyCoP/I3ZwhfRH/kjyiH/0Zzi
Dx2y0rfJyIH3Ojeq5KGKv3nY77mLqeirTbi1CEdLX3xBABNoPagKdrx1N95czVUe
IzbJhqfYoveY3l3bazgTaKu3bP2Tjm7mqk1j//mfzi2W
-----END CERTIFICATE-----