Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/WpuJpBFtaeX3yDcz_jlyUxw8MjQ.roa
File:                     WpuJpBFtaeX3yDcz_jlyUxw8MjQ.roa (raw, json)
Hash identifier:          LLLD2k0j5mJqiofAiKJ8JutoThR3HO+m/y5wzGuZ2XE=
Subject key identifier:   5A:9B:89:A4:11:6D:69:E5:F7:C8:37:33:FE:39:72:53:1C:3C:32:34
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D4F843168054A32BAB8BA60A00FFC
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/WpuJpBFtaeX3yDcz_jlyUxw8MjQ.roa
Signing time:             Mon 01 Jan 2024 00:29:52 +0000
ROA not before:           Mon 01 Jan 2024 00:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21337
IP address blocks:        213.91.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:4f:84:31:68:05:4a:32:ba:b8:ba:60:a0:0f:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a9b89a4116d69e5f7c83733fe3972531c3c3234
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:ea:aa:e4:fd:c4:38:55:bf:16:01:24:33:37:
                    dc:ed:55:1c:8a:21:3e:06:cb:40:45:b4:c6:64:61:
                    6a:06:94:83:89:a9:fd:16:3e:66:3e:21:7d:b5:6f:
                    7f:1c:f0:d3:10:45:51:b0:c2:74:48:ea:f9:52:80:
                    b2:a8:03:85:70:f4:32:31:76:c7:30:37:5e:ea:05:
                    8e:ef:b3:4a:0e:8b:7f:a1:da:2c:0b:a6:3d:2b:41:
                    4e:ec:e4:ec:52:95:1a:bd:98:c0:d4:60:cb:ec:cd:
                    d1:cb:7c:ce:28:64:08:6f:31:e7:62:0c:32:64:4a:
                    e2:83:3b:e9:a4:1e:0f:6f:8a:5d:b1:a2:4d:b7:96:
                    e1:a1:13:10:e1:1d:b2:20:a4:19:34:ec:11:9a:85:
                    ed:2a:8a:ff:2e:80:8c:e1:a0:26:d8:a8:01:7d:a0:
                    82:29:50:55:ea:ae:ac:44:17:1d:4c:97:db:b6:38:
                    bb:f0:6c:f3:13:bf:d0:c8:09:85:9e:ce:e7:15:f7:
                    4e:78:8d:05:a2:0b:7f:99:15:e7:7b:c3:55:43:d6:
                    15:62:58:a6:45:b5:a4:80:96:38:91:7a:7a:62:3e:
                    0e:bd:a2:f5:4e:94:f5:9a:e9:f4:20:2f:93:14:74:
                    ea:60:f4:41:0a:0a:98:33:12:6f:1c:f8:49:16:b8:
                    df:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:9B:89:A4:11:6D:69:E5:F7:C8:37:33:FE:39:72:53:1C:3C:32:34
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/WpuJpBFtaeX3yDcz_jlyUxw8MjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.91.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:eb:46:bb:6e:6d:21:6d:4c:71:59:44:d8:96:be:aa:48:da:
         4f:ce:69:a9:08:23:c6:bc:fb:28:65:d0:1c:05:3f:fa:1b:f8:
         22:3c:d5:7b:20:fc:32:a6:75:74:69:a3:06:15:08:0e:8b:e0:
         a6:a3:9e:27:12:a9:4b:60:14:b2:10:17:51:be:cb:d3:d9:a1:
         59:aa:06:ce:13:94:40:c7:60:4f:e5:59:60:dd:42:eb:66:35:
         94:6c:93:4c:bb:7d:df:c0:18:6e:6b:02:14:64:a1:5d:b6:57:
         45:f2:df:62:84:12:d5:75:08:4e:11:f6:b1:8b:d3:60:57:4b:
         3a:d3:be:d4:e0:22:ff:28:a3:3c:e7:48:72:ae:4e:19:8d:2d:
         f8:83:bb:a9:3f:cf:23:81:6c:7b:ea:e8:12:07:ee:0a:be:d9:
         60:1a:1c:b9:07:c7:e0:c0:39:19:0c:48:4e:58:0c:ba:a5:ac:
         60:cd:85:12:1a:10:a7:55:15:9e:d3:58:36:bc:f1:0d:98:d3:
         8a:b8:3e:ff:55:d8:f4:39:30:9d:20:1c:e7:5a:0f:07:18:44:
         31:c6:df:d4:4c:d4:02:54:e7:e5:7f:9c:27:b7:fa:e9:36:bc:
         6f:c8:e7:ad:5a:a2:be:71:49:5b:3d:e0:bd:17:8d:b4:98:96:
         e6:eb:39:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbU+EMWgFSjK6uLpgoA/8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTliODlhNDExNmQ2OWU1ZjdjODM3MzNmZTM5NzI1MzFjM2MzMjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+qq5P3EOFW/FgEkMzfc7VUciiE+
BstARbTGZGFqBpSDian9Fj5mPiF9tW9/HPDTEEVRsMJ0SOr5UoCyqAOFcPQyMXbH
MDde6gWO77NKDot/odosC6Y9K0FO7OTsUpUavZjA1GDL7M3Ry3zOKGQIbzHnYgwy
ZErigzvppB4Pb4pdsaJNt5bhoRMQ4R2yIKQZNOwRmoXtKor/LoCM4aAm2KgBfaCC
KVBV6q6sRBcdTJfbtji78GzzE7/QyAmFns7nFfdOeI0Fogt/mRXne8NVQ9YVYlim
RbWkgJY4kXp6Yj4OvaL1TpT1mun0IC+TFHTqYPRBCgqYMxJvHPhJFrjflQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFqbiaQRbWnl98g3M/45clMcPDI0MB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvV3B1SnBCRnRhZVgzeURjel9qbHlVeHc4TWpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1VvEMA0G
CSqGSIb3DQEBCwUAA4IBAQAs60a7bm0hbUxxWUTYlr6qSNpPzmmpCCPGvPsoZdAc
BT/6G/giPNV7IPwypnV0aaMGFQgOi+Cmo54nEqlLYBSyEBdRvsvT2aFZqgbOE5RA
x2BP5Vlg3ULrZjWUbJNMu33fwBhuawIUZKFdtldF8t9ihBLVdQhOEfaxi9NgV0s6
077U4CL/KKM850hyrk4ZjS34g7upP88jgWx76ugSB+4KvtlgGhy5B8fgwDkZDEhO
WAy6paxgzYUSGhCnVRWe01g2vPENmNOKuD7/Vdj0OTCdIBznWg8HGEQxxt/UTNQC
VOflf5wnt/rpNrxvyOetWqK+cUlbPeC9F420mJbm6zkG
-----END CERTIFICATE-----