Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/WzL9uMruDMnvQa1QggqOGvSqoiA.roa
File:                     WzL9uMruDMnvQa1QggqOGvSqoiA.roa (raw, json)
Hash identifier:          4a1QAbKwFgIcZp40o8mUFKKg4NdEtS9u4cPq9l8bHYQ=
Subject key identifier:   5B:32:FD:B8:CA:EE:0C:C9:EF:41:AD:50:82:0A:8E:1A:F4:AA:A2:20
Certificate issuer:       /CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
Certificate serial:       018CC72747A7035F7278B020872E6822FB5C
Authority key identifier: E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/WzL9uMruDMnvQa1QggqOGvSqoiA.roa
Signing time:             Mon 01 Jan 2024 22:31:29 +0000
ROA not before:           Mon 01 Jan 2024 22:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62044
IP address blocks:        213.152.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:47:a7:03:5f:72:78:b0:20:87:2e:68:22:fb:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e30cc9429b63382e9b1714d21b3c96d2e5ebe257
        Validity
            Not Before: Jan  1 22:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b32fdb8caee0cc9ef41ad50820a8e1af4aaa220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:09:57:06:04:b5:75:cb:97:b3:dd:84:77:cb:
                    24:ab:df:04:1b:05:7f:62:70:f5:bf:64:4b:c8:39:
                    fc:2f:f9:a1:11:95:bb:54:a2:7a:08:b4:9d:67:d0:
                    97:3f:4b:d5:79:8a:a5:b4:41:64:a5:4a:5d:74:d1:
                    6a:f8:83:f9:ad:13:6a:95:96:ee:5c:70:d3:fd:4e:
                    dc:b0:b7:e4:e0:08:98:5a:80:c4:ec:b7:f7:e5:1e:
                    2c:ed:2a:e2:ed:62:24:51:09:d4:a1:30:71:77:ac:
                    00:24:38:d1:0a:75:dd:e0:b4:e0:b0:aa:23:08:20:
                    82:92:67:73:bb:5f:df:83:cc:ee:fb:7a:5f:81:19:
                    2c:87:69:2d:44:c1:7e:ed:b5:11:e5:7e:37:76:a0:
                    51:7a:f4:6a:38:68:11:3e:de:f5:2f:35:ef:c3:b9:
                    f4:fc:ab:61:6e:7e:5a:71:36:c8:30:66:95:08:77:
                    c4:58:17:18:8b:a6:d5:f0:aa:20:22:01:95:32:a8:
                    7d:67:c8:ab:53:0a:8e:32:22:ff:e3:d8:72:5b:9c:
                    23:6b:95:9b:00:08:5a:b7:ea:a0:82:a7:68:0f:6f:
                    37:73:1f:54:08:80:d2:a2:f1:b5:4c:8d:89:42:14:
                    90:6c:e7:73:64:6e:9f:e7:23:d3:b3:c7:4a:7c:e5:
                    9d:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:32:FD:B8:CA:EE:0C:C9:EF:41:AD:50:82:0A:8E:1A:F4:AA:A2:20
            X509v3 Authority Key Identifier:
                keyid:E3:0C:C9:42:9B:63:38:2E:9B:17:14:D2:1B:3C:96:D2:E5:EB:E2:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4wzJQptjOC6bFxTSGzyW0uXr4lc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/WzL9uMruDMnvQa1QggqOGvSqoiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c73287-b1b1-4aca-bd2e-db4f352e9ad3/1/4wzJQptjOC6bFxTSGzyW0uXr4lc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.152.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:1d:66:5a:23:20:69:25:cf:dd:3a:b6:68:6b:f4:f5:02:b9:
         12:20:0f:28:a8:f0:90:bd:9c:bc:8a:8e:08:52:0c:3b:6d:95:
         92:ce:bf:93:d8:00:b0:b5:ed:fe:70:a0:97:1c:20:12:c2:96:
         dc:e2:e3:8d:79:7b:85:c7:5a:5c:0f:8b:79:5b:a5:cb:02:df:
         8a:59:57:87:3e:78:dd:7c:e8:48:e8:06:94:3f:65:82:f6:55:
         ed:7f:13:b2:ef:33:d1:75:05:68:21:af:1a:f4:21:b8:02:43:
         16:ca:cf:ec:1b:f8:1c:4d:ca:be:bc:66:b3:7b:13:1d:26:82:
         50:2f:d6:c7:2c:f3:fa:31:61:f6:ca:9b:4c:ce:69:81:8a:62:
         20:f3:b9:6b:15:bd:06:63:07:f6:95:07:41:ec:7d:b4:43:7d:
         6c:57:15:27:fc:a6:fe:4a:cb:7d:25:6b:63:b0:87:b6:d2:10:
         3c:0e:69:bf:1d:8a:da:f5:e7:3b:d9:79:43:aa:4f:ab:1d:f1:
         56:c9:7a:79:95:e6:4d:23:c6:ca:37:ea:f1:e2:4b:1f:f2:cf:
         7d:6e:8b:c8:83:a3:01:73:f7:de:eb:80:d7:1d:0b:2f:e3:1b:
         35:a4:f5:a7:d5:f9:c5:76:00:4d:3e:8f:a3:6b:b9:ae:ea:f9:
         bf:87:2b:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ0enA19yeLAghy5oIvtcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMGNjOTQyOWI2MzM4MmU5YjE3MTRkMjFiM2M5NmQyZTVl
YmUyNTcwHhcNMjQwMTAxMjIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjMyZmRiOGNhZWUwY2M5ZWY0MWFkNTA4MjBhOGUxYWY0YWFhMjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwlXBgS1dcuXs92Ed8skq98EGwV/
YnD1v2RLyDn8L/mhEZW7VKJ6CLSdZ9CXP0vVeYqltEFkpUpddNFq+IP5rRNqlZbu
XHDT/U7csLfk4AiYWoDE7Lf35R4s7Sri7WIkUQnUoTBxd6wAJDjRCnXd4LTgsKoj
CCCCkmdzu1/fg8zu+3pfgRksh2ktRMF+7bUR5X43dqBRevRqOGgRPt71LzXvw7n0
/Kthbn5acTbIMGaVCHfEWBcYi6bV8KogIgGVMqh9Z8irUwqOMiL/49hyW5wja5Wb
AAhat+qggqdoD283cx9UCIDSovG1TI2JQhSQbOdzZG6f5yPTs8dKfOWdSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFsy/bjK7gzJ70GtUIIKjhr0qqIgMB8GA1UdIwQY
MBaAFOMMyUKbYzgumxcU0hs8ltLl6+JXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUt
ZGI0ZjM1MmU5YWQzLzEvV3pMOXVNcnVETW52UWExUWdncU9HdlNxb2lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNzMyODctYjFiMS00YWNhLWJkMmUtZGI0ZjM1MmU5YWQz
LzEvNHd6SlFwdGpPQzZiRnhUU0d6eVcwdVhyNGxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZjkMA0G
CSqGSIb3DQEBCwUAA4IBAQApHWZaIyBpJc/dOrZoa/T1ArkSIA8oqPCQvZy8io4I
Ugw7bZWSzr+T2ACwte3+cKCXHCASwpbc4uONeXuFx1pcD4t5W6XLAt+KWVeHPnjd
fOhI6AaUP2WC9lXtfxOy7zPRdQVoIa8a9CG4AkMWys/sG/gcTcq+vGazexMdJoJQ
L9bHLPP6MWH2yptMzmmBimIg87lrFb0GYwf2lQdB7H20Q31sVxUn/Kb+Sst9JWtj
sIe20hA8Dmm/HYra9ec72XlDqk+rHfFWyXp5leZNI8bKN+rx4ksf8s99bovIg6MB
c/fe64DXHQsv4xs1pPWn1fnFdgBNPo+ja7mu6vm/hyuM
-----END CERTIFICATE-----