Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Wsw8vOZH_1iE7wOkTvpJ9ER4_BU.roa
File:                     Wsw8vOZH_1iE7wOkTvpJ9ER4_BU.roa (raw, json)
Hash identifier:          lbErgiEiCt3lJZwi8cOSMps6J6S3kT/iEFqdgSyRmEM=
Subject key identifier:   5A:CC:3C:BC:E6:47:FF:58:84:EF:03:A4:4E:FA:49:F4:44:78:FC:15
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       0192E847A527F18F892963FA039D41013297
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Wsw8vOZH_1iE7wOkTvpJ9ER4_BU.roa
Signing time:             Fri 01 Nov 2024 15:11:02 +0000
ROA not before:           Fri 01 Nov 2024 15:11:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211750
IP address blocks:        89.213.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e8:47:a5:27:f1:8f:89:29:63:fa:03:9d:41:01:32:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Nov  1 15:11:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5acc3cbce647ff5884ef03a44efa49f44478fc15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f6:92:ab:09:3b:2d:c8:2d:fc:7f:46:6f:6b:
                    07:36:f7:0f:06:e1:cf:0b:0f:6e:32:7b:8b:9a:4f:
                    05:f1:8d:db:26:33:25:1a:48:7f:1a:bc:ff:ed:36:
                    84:dd:75:07:30:f9:13:72:16:dc:38:bc:ae:40:fb:
                    45:aa:f8:de:13:7b:0f:40:59:bb:be:6f:a6:f6:94:
                    9a:ea:50:85:ab:b7:7f:aa:16:60:71:50:83:f8:94:
                    50:a8:96:85:e8:f4:ed:9f:fc:b1:fc:8e:0b:df:66:
                    c1:8a:b7:5d:17:9c:40:25:c1:2c:12:f9:af:cd:8b:
                    71:72:b7:ae:13:00:0c:f5:05:e8:13:82:7e:1f:34:
                    48:16:f6:92:08:93:85:3d:d0:bb:10:b3:ae:d0:0f:
                    ef:d2:5d:e8:32:95:78:0d:ef:f6:78:9b:9f:fb:6a:
                    4f:69:13:f7:58:b3:a1:4c:dc:cd:7e:71:46:4d:32:
                    79:19:71:9a:2c:d4:ac:df:29:b3:9d:b9:e5:87:12:
                    7f:c9:2e:11:c0:1b:00:0c:f8:ea:1b:d3:c1:61:7c:
                    d2:00:47:45:92:61:75:1c:8e:ae:1b:27:ba:d7:54:
                    b6:e3:e5:39:d0:de:39:59:0d:c2:e4:e1:85:be:f4:
                    63:4d:05:93:53:26:5d:49:59:53:c2:7d:d8:7d:64:
                    f3:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:CC:3C:BC:E6:47:FF:58:84:EF:03:A4:4E:FA:49:F4:44:78:FC:15
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Wsw8vOZH_1iE7wOkTvpJ9ER4_BU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:7e:a5:25:1d:cd:9d:36:53:02:4f:5c:10:ce:3f:86:41:55:
         6f:e8:7d:f6:e7:48:b2:7e:53:4d:e8:c3:60:5a:80:f4:5c:86:
         78:07:49:cd:53:51:df:6a:93:74:07:ad:ca:02:b2:f4:ae:bf:
         0f:8e:bb:2d:e3:60:18:03:c0:98:6c:c9:c3:b0:e4:98:2c:40:
         70:31:3d:9e:38:52:f9:a8:ae:b1:6a:81:e4:96:a8:8b:29:b4:
         88:db:b8:4d:be:86:0e:74:2d:09:83:c4:ae:a1:6e:d2:47:32:
         1d:25:45:07:79:aa:e5:f9:92:af:ca:29:a5:b2:88:5b:0c:41:
         66:43:60:f7:4c:32:a3:7d:f7:17:b7:ec:44:24:26:b4:b1:af:
         6d:86:f3:6b:e6:ee:bf:22:a3:a4:06:e7:5a:f6:32:f0:79:e5:
         e5:66:00:f1:42:f6:a1:99:da:43:5b:3e:24:b2:6f:c5:d6:1d:
         89:ca:c2:e6:4e:85:ad:cd:a7:5a:22:aa:ed:03:b4:d2:90:5d:
         92:3c:b3:d6:41:02:05:7b:c9:d5:0a:a9:c4:aa:b6:b2:6e:ad:
         11:d9:0d:cb:98:e6:11:5f:bc:01:2a:51:05:b6:3d:99:a7:34:
         52:f4:c3:41:83:1a:1e:18:5c:45:6d:ef:a5:e7:21:3f:ed:d3:
         84:19:7d:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLoR6Un8Y+JKWP6A51BATKXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQxMTAxMTUxMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWNjM2NiY2U2NDdmZjU4ODRlZjAzYTQ0ZWZhNDlmNDQ0NzhmYzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvaSqwk7Lcgt/H9Gb2sHNvcPBuHP
Cw9uMnuLmk8F8Y3bJjMlGkh/Grz/7TaE3XUHMPkTchbcOLyuQPtFqvjeE3sPQFm7
vm+m9pSa6lCFq7d/qhZgcVCD+JRQqJaF6PTtn/yx/I4L32bBirddF5xAJcEsEvmv
zYtxcreuEwAM9QXoE4J+HzRIFvaSCJOFPdC7ELOu0A/v0l3oMpV4De/2eJuf+2pP
aRP3WLOhTNzNfnFGTTJ5GXGaLNSs3ymznbnlhxJ/yS4RwBsADPjqG9PBYXzSAEdF
kmF1HI6uGye611S24+U50N45WQ3C5OGFvvRjTQWTUyZdSVlTwn3YfWTztwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFrMPLzmR/9YhO8DpE76SfREePwVMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvV3N3OHZPWkhfMWlFN3dPa1R2cEo5RVI0X0JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdXSMA0G
CSqGSIb3DQEBCwUAA4IBAQAifqUlHc2dNlMCT1wQzj+GQVVv6H3250iyflNN6MNg
WoD0XIZ4B0nNU1HfapN0B63KArL0rr8Pjrst42AYA8CYbMnDsOSYLEBwMT2eOFL5
qK6xaoHklqiLKbSI27hNvoYOdC0Jg8SuoW7SRzIdJUUHearl+ZKvyimlsohbDEFm
Q2D3TDKjffcXt+xEJCa0sa9thvNr5u6/IqOkBuda9jLweeXlZgDxQvahmdpDWz4k
sm/F1h2JysLmToWtzadaIqrtA7TSkF2SPLPWQQIFe8nVCqnEqraybq0R2Q3LmOYR
X7wBKlEFtj2ZpzRS9MNBgxoeGFxFbe+l5yE/7dOEGX2S
-----END CERTIFICATE-----