Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/WNWPj9NmFRIZ1sfG8Zf1UQf_Ww8.roa
File:                     WNWPj9NmFRIZ1sfG8Zf1UQf_Ww8.roa (raw, json)
Hash identifier:          h0F5TxvDDdXlQT/KTBKM1AeoFDfb/HKXCo6QZJraAaU=
Subject key identifier:   58:D5:8F:8F:D3:66:15:12:19:D6:C7:C6:F1:97:F5:51:07:FF:5B:0F
Certificate issuer:       /CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
Certificate serial:       018CC500B8870D4C2C2F0D3501491618021E
Authority key identifier: 9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/WNWPj9NmFRIZ1sfG8Zf1UQf_Ww8.roa
Signing time:             Mon 01 Jan 2024 12:30:07 +0000
ROA not before:           Mon 01 Jan 2024 12:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     400040
IP address blocks:        91.244.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:b8:87:0d:4c:2c:2f:0d:35:01:49:16:18:02:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b0c0d04225566db95e9ad3b2ef605014975aaa2
        Validity
            Not Before: Jan  1 12:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58d58f8fd366151219d6c7c6f197f55107ff5b0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:82:5d:ea:d5:38:a1:72:fa:39:20:07:f2:49:
                    39:d8:fa:a6:94:ac:be:a5:f0:dc:e6:6d:27:50:31:
                    0a:c7:8e:2f:c3:2f:ba:2b:db:82:ea:1c:6c:e6:d7:
                    4d:f7:ae:e7:a4:48:f9:7c:f8:5d:74:92:a9:af:f0:
                    e5:e4:a8:01:96:0e:fb:5b:92:ff:e2:dc:26:f0:56:
                    98:6f:63:47:15:df:31:26:a1:32:7c:8a:26:75:d0:
                    46:ee:41:23:3b:4d:68:d3:82:7b:75:23:5c:75:29:
                    5a:58:5f:8d:b0:8a:ed:bd:c7:84:24:a2:33:1c:aa:
                    fb:bb:ee:87:35:d2:f0:d8:1b:99:08:e2:e2:30:1e:
                    1e:e3:42:8f:6b:90:2b:8c:6b:4c:a3:52:af:08:29:
                    98:6e:1f:e7:31:69:79:00:9f:a2:45:d1:8d:53:0a:
                    14:23:35:70:68:48:e9:cf:8d:98:c9:ba:fd:3c:ac:
                    97:1c:9d:a8:50:30:e2:9d:88:2f:ad:7d:82:54:d8:
                    44:60:2c:29:b3:27:91:08:81:d6:e6:af:0d:dc:a8:
                    e4:2d:c2:81:d5:29:77:a2:fc:b8:18:bb:74:b7:cb:
                    0f:d7:94:70:c2:09:a0:00:23:81:84:f5:e3:40:64:
                    a0:af:64:24:a1:4f:0d:6d:44:74:51:b1:b4:6c:1f:
                    51:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:D5:8F:8F:D3:66:15:12:19:D6:C7:C6:F1:97:F5:51:07:FF:5B:0F
            X509v3 Authority Key Identifier:
                keyid:9B:0C:0D:04:22:55:66:DB:95:E9:AD:3B:2E:F6:05:01:49:75:AA:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwwNBCJVZtuV6a07LvYFAUl1qqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/WNWPj9NmFRIZ1sfG8Zf1UQf_Ww8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0ec6d2-f1d7-4b0a-ad33-e8ef2f09598e/1/mwwNBCJVZtuV6a07LvYFAUl1qqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:80:33:b1:5c:a6:64:61:f5:5d:b9:dd:9f:2a:7d:57:61:db:
         89:e2:d7:1d:49:e2:ed:b3:d7:ec:99:27:53:94:4b:63:8e:a9:
         6b:16:1c:b3:f9:a5:a2:c7:59:43:cb:22:6b:4f:fc:30:05:b5:
         85:94:f8:ca:ef:a7:fe:f4:24:08:53:19:1a:c8:cb:6c:ad:12:
         25:ae:34:ad:b4:ad:e9:c4:18:18:02:75:ed:21:d9:d5:b0:9e:
         bf:91:04:99:23:b9:ad:dd:c9:0b:b5:77:76:e5:58:e6:cb:40:
         fb:7a:f3:ca:81:ea:4f:cd:b5:b9:84:e8:ba:20:a2:2e:b8:43:
         66:d3:f4:53:e6:e3:45:2b:07:01:b4:a4:54:db:11:14:39:ed:
         11:58:61:57:f6:31:8b:83:b5:34:e5:fe:34:4d:5c:a4:6e:97:
         eb:b0:b6:22:0f:9c:7c:08:94:72:1a:9d:59:5d:d5:6e:42:1e:
         19:bb:b3:1e:8b:f6:00:9f:de:6e:0d:38:f0:e7:09:32:ec:37:
         89:2b:2f:fe:c9:f0:1c:aa:2a:fd:3a:c5:ca:8d:e9:f4:b2:48:
         e2:8e:4a:d3:b2:a2:09:3c:46:9f:6a:e7:cb:a7:f4:db:c7:5e:
         0e:0a:e0:b9:f6:06:6a:91:54:c6:91:dc:50:04:40:e8:29:80:
         91:02:7f:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFALiHDUwsLw01AUkWGAIeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMGMwZDA0MjI1NTY2ZGI5NWU5YWQzYjJlZjYwNTAxNDk3
NWFhYTIwHhcNMjQwMTAxMTIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGQ1OGY4ZmQzNjYxNTEyMTlkNmM3YzZmMTk3ZjU1MTA3ZmY1YjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYJd6tU4oXL6OSAH8kk52PqmlKy+
pfDc5m0nUDEKx44vwy+6K9uC6hxs5tdN967npEj5fPhddJKpr/Dl5KgBlg77W5L/
4twm8FaYb2NHFd8xJqEyfIomddBG7kEjO01o04J7dSNcdSlaWF+NsIrtvceEJKIz
HKr7u+6HNdLw2BuZCOLiMB4e40KPa5ArjGtMo1KvCCmYbh/nMWl5AJ+iRdGNUwoU
IzVwaEjpz42Yybr9PKyXHJ2oUDDinYgvrX2CVNhEYCwpsyeRCIHW5q8N3KjkLcKB
1Sl3ovy4GLt0t8sP15RwwgmgACOBhPXjQGSgr2QkoU8NbUR0UbG0bB9RBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFjVj4/TZhUSGdbHxvGX9VEH/1sPMB8GA1UdIwQY
MBaAFJsMDQQiVWbblemtOy72BQFJdaqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMt
ZThlZjJmMDk1OThlLzEvV05XUGo5Tm1GUklaMXNmRzhaZjFVUWZfV3c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8wZWM2ZDItZjFkNy00YjBhLWFkMzMtZThlZjJmMDk1OThl
LzEvbXd3TkJDSlZadHVWNmEwN0x2WUZBVWwxcXFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/TEMA0G
CSqGSIb3DQEBCwUAA4IBAQAhgDOxXKZkYfVdud2fKn1XYduJ4tcdSeLts9fsmSdT
lEtjjqlrFhyz+aWix1lDyyJrT/wwBbWFlPjK76f+9CQIUxkayMtsrRIlrjSttK3p
xBgYAnXtIdnVsJ6/kQSZI7mt3ckLtXd25Vjmy0D7evPKgepPzbW5hOi6IKIuuENm
0/RT5uNFKwcBtKRU2xEUOe0RWGFX9jGLg7U05f40TVykbpfrsLYiD5x8CJRyGp1Z
XdVuQh4Zu7Mei/YAn95uDTjw5wky7DeJKy/+yfAcqir9OsXKjen0skjijkrTsqIJ
PEafaufLp/Tbx14OCuC59gZqkVTGkdxQBEDoKYCRAn9g
-----END CERTIFICATE-----