Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/WltnPJDTi_b71-u8z4B-0bIux28.roa
File:                     WltnPJDTi_b71-u8z4B-0bIux28.roa (raw, json)
Hash identifier:          MdIiClOQZ8gF98kC5M44YiUJlw1w3xgozAZYj1M4UI8=
Subject key identifier:   5A:5B:67:3C:90:D3:8B:F6:FB:D7:EB:BC:CF:80:7E:D1:B2:2E:C7:6F
Certificate issuer:       /CN=e2b1e2e4c508c6c7a98b6598528745c813fad31d
Certificate serial:       018CC8DF71165F306ECEBFBD6F6D27C43EB5
Authority key identifier: E2:B1:E2:E4:C5:08:C6:C7:A9:8B:65:98:52:87:45:C8:13:FA:D3:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4rHi5MUIxsepi2WYUodFyBP60x0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/WltnPJDTi_b71-u8z4B-0bIux28.roa
Signing time:             Tue 02 Jan 2024 06:32:15 +0000
ROA not before:           Tue 02 Jan 2024 06:32:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31198
IP address blocks:        46.18.152.0/21 maxlen: 21
                          217.173.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/4rHi5MUIxsepi2WYUodFyBP60x0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/4rHi5MUIxsepi2WYUodFyBP60x0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4rHi5MUIxsepi2WYUodFyBP60x0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:71:16:5f:30:6e:ce:bf:bd:6f:6d:27:c4:3e:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2b1e2e4c508c6c7a98b6598528745c813fad31d
        Validity
            Not Before: Jan  2 06:32:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a5b673c90d38bf6fbd7ebbccf807ed1b22ec76f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:55:e5:f3:85:61:71:74:77:a3:c8:30:bd:96:
                    02:f0:15:e4:0c:d7:2a:8e:37:3e:4a:49:2d:49:f1:
                    13:c2:58:cb:ca:6f:90:2f:d7:b7:b6:e0:14:01:05:
                    76:d5:e6:83:79:38:a7:9a:69:c3:45:d9:5b:3f:43:
                    5e:c2:63:30:29:f3:ac:42:f2:bb:90:ac:53:b1:c2:
                    d2:92:bf:79:96:b2:37:fb:80:77:3d:65:53:da:0b:
                    ce:de:5a:66:e4:1c:27:bc:76:81:00:9c:13:be:4c:
                    30:ea:e0:42:ed:25:22:98:b2:f0:be:55:76:89:a2:
                    d2:c2:74:4a:63:1c:35:67:67:8d:ca:26:4a:64:9d:
                    cf:66:49:85:8b:9f:20:fb:ff:3b:28:83:1f:48:8a:
                    7a:4d:20:22:56:93:9f:d7:64:b5:b1:74:3a:4f:2b:
                    45:03:e6:54:4f:15:d2:f2:c8:02:6c:94:45:7e:dd:
                    bb:ed:81:24:67:3f:40:26:35:02:ca:89:1f:01:55:
                    b7:43:98:a6:a6:c7:b9:66:ea:d7:ab:17:e7:1a:4b:
                    72:23:b9:d7:2e:09:05:46:7d:1d:df:e0:11:72:52:
                    2e:9c:a8:48:6b:98:09:7c:88:89:47:fe:cc:3c:75:
                    58:15:b3:ad:20:69:ed:a5:dc:8a:74:b2:2c:05:f1:
                    31:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:5B:67:3C:90:D3:8B:F6:FB:D7:EB:BC:CF:80:7E:D1:B2:2E:C7:6F
            X509v3 Authority Key Identifier:
                keyid:E2:B1:E2:E4:C5:08:C6:C7:A9:8B:65:98:52:87:45:C8:13:FA:D3:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4rHi5MUIxsepi2WYUodFyBP60x0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/WltnPJDTi_b71-u8z4B-0bIux28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/d31e5f-0f52-4623-867a-543d6182e294/1/4rHi5MUIxsepi2WYUodFyBP60x0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.18.152.0/21
                  217.173.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:ea:52:0c:a9:4a:bd:f8:01:5e:93:b8:47:0c:ae:73:21:4a:
         04:97:cc:6b:af:27:d5:64:d0:5d:3d:c4:dd:63:50:b8:06:c4:
         23:55:9c:93:37:fa:4e:16:9a:e6:23:80:ca:4b:82:1f:19:cc:
         f7:dd:ed:07:2e:58:19:c1:a1:9e:ea:e2:46:79:6c:58:f7:6e:
         8f:0a:a4:11:ba:bd:a0:47:ab:98:22:94:d9:98:94:db:b2:4a:
         0d:a6:e8:b4:1e:5d:73:cb:6d:31:ed:91:5f:76:87:4e:66:88:
         9f:aa:fd:8c:60:35:a2:94:e5:8b:e2:4c:b7:fd:06:54:2b:6f:
         b7:e5:d4:7c:61:86:9a:34:df:0b:4f:ae:5c:c3:04:96:4f:e6:
         82:2b:0f:b5:09:2f:ab:f3:ec:75:22:c5:f4:64:09:7e:c1:0c:
         1e:d1:b4:66:a2:4c:ea:ee:ed:e1:d1:3a:6c:b8:b1:c2:22:ef:
         d3:77:bc:5b:dd:11:29:b1:6f:74:af:59:42:b6:dc:72:39:6a:
         d1:2e:d3:d3:46:77:bd:94:ec:e6:49:bf:45:a2:bf:43:f0:fa:
         7e:a3:df:4d:0f:8d:e0:6b:e2:0e:b3:2b:67:9e:77:25:fa:eb:
         85:e7:91:eb:84:b8:cb:0d:8b:d8:24:43:20:9e:72:d2:06:2b:
         40:eb:3d:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI33EWXzBuzr+9b20nxD61MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYjFlMmU0YzUwOGM2YzdhOThiNjU5ODUyODc0NWM4MTNm
YWQzMWQwHhcNMjQwMTAyMDYzMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTViNjczYzkwZDM4YmY2ZmJkN2ViYmNjZjgwN2VkMWIyMmVjNzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFXl84VhcXR3o8gwvZYC8BXkDNcq
jjc+SkktSfETwljLym+QL9e3tuAUAQV21eaDeTinmmnDRdlbP0NewmMwKfOsQvK7
kKxTscLSkr95lrI3+4B3PWVT2gvO3lpm5BwnvHaBAJwTvkww6uBC7SUimLLwvlV2
iaLSwnRKYxw1Z2eNyiZKZJ3PZkmFi58g+/87KIMfSIp6TSAiVpOf12S1sXQ6TytF
A+ZUTxXS8sgCbJRFft277YEkZz9AJjUCyokfAVW3Q5impse5ZurXqxfnGktyI7nX
LgkFRn0d3+ARclIunKhIa5gJfIiJR/7MPHVYFbOtIGntpdyKdLIsBfExPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFpbZzyQ04v2+9frvM+AftGyLsdvMB8GA1UdIwQY
MBaAFOKx4uTFCMbHqYtlmFKHRcgT+tMdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHJIaTVNVUl4c2VwaTJXWVVvZEZ5QlA2MHgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9kMzFlNWYtMGY1Mi00NjIzLTg2N2Et
NTQzZDYxODJlMjk0LzEvV2x0blBKRFRpX2I3MS11OHo0Qi0wYkl1eDI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9kMzFlNWYtMGY1Mi00NjIzLTg2N2EtNTQzZDYxODJlMjk0
LzEvNHJIaTVNVUl4c2VwaTJXWVVvZEZ5QlA2MHgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLhKYAwQA
2a0wMA0GCSqGSIb3DQEBCwUAA4IBAQCL6lIMqUq9+AFek7hHDK5zIUoEl8xrryfV
ZNBdPcTdY1C4BsQjVZyTN/pOFprmI4DKS4IfGcz33e0HLlgZwaGe6uJGeWxY926P
CqQRur2gR6uYIpTZmJTbskoNpui0Hl1zy20x7ZFfdodOZoifqv2MYDWilOWL4ky3
/QZUK2+35dR8YYaaNN8LT65cwwSWT+aCKw+1CS+r8+x1IsX0ZAl+wQwe0bRmokzq
7u3h0TpsuLHCIu/Td7xb3REpsW90r1lCttxyOWrRLtPTRne9lOzmSb9For9D8Pp+
o99ND43ga+IOsytnnncl+uuF55HrhLjLDYvYJEMgnnLSBitA6z39
-----END CERTIFICATE-----