Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/WGuCa9f-OjB8H_HZWE-pFXYqhUM.roa
File:                     WGuCa9f-OjB8H_HZWE-pFXYqhUM.roa (raw, json)
Hash identifier:          4APQzssQdjq6Aixe35wXExouwvhkjWPtXb/dN+Rq4kE=
Subject key identifier:   58:6B:82:6B:D7:FE:3A:30:7C:1F:F1:D9:58:4F:A9:15:76:2A:85:43
Certificate issuer:       /CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
Certificate serial:       018CC4933D765B6CE7B23CD6CA0683510E3D
Authority key identifier: AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/WGuCa9f-OjB8H_HZWE-pFXYqhUM.roa
Signing time:             Mon 01 Jan 2024 10:30:33 +0000
ROA not before:           Mon 01 Jan 2024 10:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212126
IP address blocks:        91.231.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:3d:76:5b:6c:e7:b2:3c:d6:ca:06:83:51:0e:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
        Validity
            Not Before: Jan  1 10:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=586b826bd7fe3a307c1ff1d9584fa915762a8543
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f2:41:8c:b0:0b:b4:09:60:95:78:4a:73:71:
                    28:75:ff:18:5d:6b:fb:d4:76:23:5c:a8:b7:89:09:
                    4c:40:91:f3:ab:78:35:a9:5c:10:5b:0a:31:73:02:
                    04:d6:86:f3:c9:bb:4d:fa:ee:7b:62:5f:2c:4a:4a:
                    28:76:dd:14:92:c6:f3:95:03:cd:c9:8d:82:30:f7:
                    be:0a:87:71:6d:21:e5:6a:6b:e7:3b:90:ea:2b:b2:
                    b8:43:04:a5:ba:1a:e6:28:65:84:1b:23:76:43:d6:
                    a9:f6:6c:79:6c:0a:97:8b:f2:2d:27:01:1f:d7:cf:
                    17:54:39:2f:06:6e:56:63:63:b2:0b:fc:f9:9e:d5:
                    a5:d2:63:74:4c:0c:75:fe:1e:59:c2:e6:12:e0:ac:
                    69:fc:cb:13:35:2d:fa:71:65:b3:1a:0c:aa:c6:c2:
                    44:aa:61:7b:bc:50:cf:f9:b8:ca:e0:3c:54:2b:bb:
                    a0:42:4e:e0:74:a5:cc:8d:58:27:f2:4b:1d:c5:9f:
                    d5:ea:bf:d1:8b:43:d5:2a:1b:ac:0f:e9:ff:2b:d7:
                    c5:4e:f8:64:6e:0f:9d:0e:13:80:15:9a:d2:06:0e:
                    fb:b1:1c:72:48:a7:87:ef:6c:44:e0:fc:d7:c5:eb:
                    00:ad:39:c3:6f:85:c9:41:90:65:4c:3e:46:c0:ea:
                    3c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:6B:82:6B:D7:FE:3A:30:7C:1F:F1:D9:58:4F:A9:15:76:2A:85:43
            X509v3 Authority Key Identifier:
                keyid:AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/WGuCa9f-OjB8H_HZWE-pFXYqhUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:ff:ec:93:25:8c:6e:63:64:bc:39:21:f7:35:27:c7:c4:56:
         81:db:2c:7a:fc:d8:01:8f:50:d6:87:4e:0b:ca:53:27:74:9e:
         55:20:1d:f4:01:91:b2:06:30:29:c1:09:50:02:bc:1a:55:03:
         be:46:0a:d5:98:89:59:6a:19:45:1f:66:47:88:b5:6a:96:30:
         ac:11:c0:7a:d3:26:91:49:2d:23:20:61:65:aa:5d:e2:98:9b:
         48:86:b2:ca:0c:e2:a4:b1:4a:39:b4:37:49:16:63:c2:df:57:
         7c:f9:32:9e:0c:32:b2:d3:8d:a1:d1:d7:ed:aa:2c:ef:6d:b4:
         45:18:93:58:95:d8:c7:b0:cc:9f:db:8b:97:1c:b7:de:6f:be:
         f3:1c:0b:c7:7d:b1:e8:af:72:d0:fc:45:8d:5f:12:2c:9e:75:
         79:b8:59:bb:7c:a7:06:1c:c1:bb:db:6d:b4:de:e4:65:9a:9e:
         09:55:34:86:83:18:f8:a5:18:8c:7c:ab:a1:d1:0f:35:10:7f:
         44:ad:c4:28:3d:66:15:6d:e6:4b:b4:3b:e3:4a:6f:1e:27:9b:
         48:a3:05:14:00:d3:ed:ae:07:50:6e:53:51:07:0e:85:66:0f:
         b7:af:82:34:27:a2:1e:3e:f5:49:85:d6:64:85:98:e9:85:32:
         58:2c:47:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkz12W2znsjzWygaDUQ49MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNWU5M2Y5MDIzNTRjZTQ4MDRiNGNiMDQ5Y2Y2OGIyMGY3
NmFlYjIwHhcNMjQwMTAxMTAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODZiODI2YmQ3ZmUzYTMwN2MxZmYxZDk1ODRmYTkxNTc2MmE4NTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPJBjLALtAlglXhKc3Eodf8YXWv7
1HYjXKi3iQlMQJHzq3g1qVwQWwoxcwIE1obzybtN+u57Yl8sSkoodt0UksbzlQPN
yY2CMPe+CodxbSHlamvnO5DqK7K4QwSluhrmKGWEGyN2Q9ap9mx5bAqXi/ItJwEf
188XVDkvBm5WY2OyC/z5ntWl0mN0TAx1/h5ZwuYS4Kxp/MsTNS36cWWzGgyqxsJE
qmF7vFDP+bjK4DxUK7ugQk7gdKXMjVgn8ksdxZ/V6r/Ri0PVKhusD+n/K9fFTvhk
bg+dDhOAFZrSBg77sRxySKeH72xE4PzXxesArTnDb4XJQZBlTD5GwOo8MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFhrgmvX/jowfB/x2VhPqRV2KoVDMB8GA1UdIwQY
MBaAFK9ek/kCNUzkgEtMsEnPaLIPdq6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWIt
N2UwNWFkMDE5MGNlLzEvV0d1Q2E5Zi1PakI4SF9IWldFLXBGWFlxaFVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWItN2UwNWFkMDE5MGNl
LzEvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+e9MA0G
CSqGSIb3DQEBCwUAA4IBAQAW/+yTJYxuY2S8OSH3NSfHxFaB2yx6/NgBj1DWh04L
ylMndJ5VIB30AZGyBjApwQlQArwaVQO+RgrVmIlZahlFH2ZHiLVqljCsEcB60yaR
SS0jIGFlql3imJtIhrLKDOKksUo5tDdJFmPC31d8+TKeDDKy042h0dftqizvbbRF
GJNYldjHsMyf24uXHLfeb77zHAvHfbHor3LQ/EWNXxIsnnV5uFm7fKcGHMG72220
3uRlmp4JVTSGgxj4pRiMfKuh0Q81EH9ErcQoPWYVbeZLtDvjSm8eJ5tIowUUANPt
rgdQblNRBw6FZg+3r4I0J6IePvVJhdZkhZjphTJYLEcB
-----END CERTIFICATE-----