Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/8aa02d-94c8-4678-92ac-17fb4ffb9fad/1/WCd1Ev1e9Nofz4kLVtDG3PtwYDM.roa
File:                     WCd1Ev1e9Nofz4kLVtDG3PtwYDM.roa (raw, json)
Hash identifier:          DWZ4bxuNeMTbx5mspJAFy1NOqcx0YA3RpGq3Hv69Qd4=
Subject key identifier:   58:27:75:12:FD:5E:F4:DA:1F:CF:89:0B:56:D0:C6:DC:FB:70:60:33
Certificate issuer:       /CN=b1bc850d17ca6d3c7b4d00e501e2d356f08a585e
Certificate serial:       018CC4251A2883D9DD9A24A75CC8F795EC6C
Authority key identifier: B1:BC:85:0D:17:CA:6D:3C:7B:4D:00:E5:01:E2:D3:56:F0:8A:58:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sbyFDRfKbTx7TQDlAeLTVvCKWF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/8aa02d-94c8-4678-92ac-17fb4ffb9fad/1/WCd1Ev1e9Nofz4kLVtDG3PtwYDM.roa
Signing time:             Mon 01 Jan 2024 08:30:14 +0000
ROA not before:           Mon 01 Jan 2024 08:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        91.228.74.0/24 maxlen: 24
                          91.228.72.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/8aa02d-94c8-4678-92ac-17fb4ffb9fad/1/sbyFDRfKbTx7TQDlAeLTVvCKWF4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/8aa02d-94c8-4678-92ac-17fb4ffb9fad/1/sbyFDRfKbTx7TQDlAeLTVvCKWF4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sbyFDRfKbTx7TQDlAeLTVvCKWF4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:1a:28:83:d9:dd:9a:24:a7:5c:c8:f7:95:ec:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1bc850d17ca6d3c7b4d00e501e2d356f08a585e
        Validity
            Not Before: Jan  1 08:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58277512fd5ef4da1fcf890b56d0c6dcfb706033
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:74:13:be:3b:2c:01:db:28:59:0c:b1:e8:0f:
                    2b:21:25:03:0b:26:a6:90:eb:83:0b:54:83:64:d8:
                    6f:a6:ae:7e:64:cc:c6:5e:22:ec:c0:99:16:9a:df:
                    15:40:ad:33:8f:0b:4b:c8:38:ea:e2:32:1e:e1:48:
                    22:e4:d0:c2:bd:14:5c:a2:21:b1:46:1a:7e:1a:89:
                    0c:f5:80:c2:96:48:7f:2d:11:0f:dc:20:e5:a0:62:
                    86:f0:96:fb:e2:0f:1b:99:13:ae:cc:23:b6:8b:18:
                    d3:b2:cd:f3:21:96:6c:23:8b:e4:3e:75:55:5f:46:
                    11:5b:eb:b0:79:2a:ea:ca:5f:d6:5d:96:9c:f5:64:
                    ef:34:68:26:fd:35:61:ab:d7:dd:62:df:d8:69:c0:
                    42:a2:5f:2c:65:d3:d5:0f:73:31:d5:f9:00:33:90:
                    a8:55:83:f7:b3:c4:dd:77:c8:83:2a:9d:40:5c:b6:
                    f7:87:00:23:1a:7f:a1:86:26:60:44:95:34:b3:ab:
                    60:cf:e2:9e:ba:ab:2b:a6:bb:6e:9d:03:eb:65:7b:
                    e1:de:cf:c4:07:4f:e6:fc:3f:16:9b:1d:39:c1:e3:
                    bf:9c:ff:c5:f0:dd:21:7e:9f:de:fb:c7:58:98:13:
                    13:b8:e4:c1:e4:9d:4f:c3:ce:ba:9d:a6:3a:bb:39:
                    a2:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:27:75:12:FD:5E:F4:DA:1F:CF:89:0B:56:D0:C6:DC:FB:70:60:33
            X509v3 Authority Key Identifier:
                keyid:B1:BC:85:0D:17:CA:6D:3C:7B:4D:00:E5:01:E2:D3:56:F0:8A:58:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sbyFDRfKbTx7TQDlAeLTVvCKWF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/8aa02d-94c8-4678-92ac-17fb4ffb9fad/1/WCd1Ev1e9Nofz4kLVtDG3PtwYDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/8aa02d-94c8-4678-92ac-17fb4ffb9fad/1/sbyFDRfKbTx7TQDlAeLTVvCKWF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.72.0/24
                  91.228.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:f5:67:bd:65:fa:f4:1f:46:43:03:94:9d:f7:9c:24:ec:93:
         ad:49:ca:e6:d3:a4:33:ba:b3:eb:10:04:f3:a1:b6:6f:2c:47:
         0f:db:77:3f:81:29:de:62:54:55:0b:c4:bf:83:6d:f9:32:12:
         9c:2d:69:07:b7:fd:90:0d:ca:db:a3:74:78:e0:08:d6:d5:62:
         9a:78:d4:81:c6:75:c0:0a:bd:5a:ee:b5:5f:98:f9:90:f6:d1:
         03:c8:66:5a:20:ca:f4:83:4a:d0:10:0c:cd:bf:9f:8b:18:73:
         de:2d:f8:88:d1:f9:29:7f:69:1d:e8:ad:be:94:25:7e:0e:09:
         d2:50:69:90:5d:bf:f2:d0:a7:42:46:00:4e:af:00:cf:41:16:
         f0:f2:43:9e:63:81:6f:5b:b3:be:a2:27:59:a1:0b:30:af:7e:
         43:53:18:02:24:12:a0:8f:52:c8:eb:fe:40:da:56:a3:a0:68:
         f1:9d:d4:ec:10:a0:22:53:cb:5a:fb:d8:a9:2d:29:0d:6c:ec:
         60:ad:e9:13:d3:12:8e:0e:a4:77:23:b6:be:48:1f:b7:c0:32:
         45:f6:28:34:99:29:25:fe:53:69:ba:49:c1:4f:65:96:8e:5c:
         25:26:08:cc:1b:d8:76:41:89:d2:12:33:fd:81:da:f4:c3:55:
         d5:89:cc:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJRoog9ndmiSnXMj3lexsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYmM4NTBkMTdjYTZkM2M3YjRkMDBlNTAxZTJkMzU2ZjA4
YTU4NWUwHhcNMjQwMTAxMDgzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODI3NzUxMmZkNWVmNGRhMWZjZjg5MGI1NmQwYzZkY2ZiNzA2MDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXQTvjssAdsoWQyx6A8rISUDCyam
kOuDC1SDZNhvpq5+ZMzGXiLswJkWmt8VQK0zjwtLyDjq4jIe4Ugi5NDCvRRcoiGx
Rhp+GokM9YDClkh/LREP3CDloGKG8Jb74g8bmROuzCO2ixjTss3zIZZsI4vkPnVV
X0YRW+uweSrqyl/WXZac9WTvNGgm/TVhq9fdYt/YacBCol8sZdPVD3Mx1fkAM5Co
VYP3s8Tdd8iDKp1AXLb3hwAjGn+hhiZgRJU0s6tgz+KeuqsrprtunQPrZXvh3s/E
B0/m/D8Wmx05weO/nP/F8N0hfp/e+8dYmBMTuOTB5J1Pw866naY6uzmiLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFgndRL9XvTaH8+JC1bQxtz7cGAzMB8GA1UdIwQY
MBaAFLG8hQ0Xym08e00A5QHi01bwilheMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2J5RkRSZktiVHg3VFFEbEFlTFRWdkNLV0Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC84YWEwMmQtOTRjOC00Njc4LTkyYWMt
MTdmYjRmZmI5ZmFkLzEvV0NkMUV2MWU5Tm9mejRrTFZ0REczUHR3WURNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC84YWEwMmQtOTRjOC00Njc4LTkyYWMtMTdmYjRmZmI5ZmFk
LzEvc2J5RkRSZktiVHg3VFFEbEFlTFRWdkNLV0Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+RIAwQA
W+RKMA0GCSqGSIb3DQEBCwUAA4IBAQBr9We9Zfr0H0ZDA5Sd95wk7JOtScrm06Qz
urPrEATzobZvLEcP23c/gSneYlRVC8S/g235MhKcLWkHt/2QDcrbo3R44AjW1WKa
eNSBxnXACr1a7rVfmPmQ9tEDyGZaIMr0g0rQEAzNv5+LGHPeLfiI0fkpf2kd6K2+
lCV+DgnSUGmQXb/y0KdCRgBOrwDPQRbw8kOeY4FvW7O+oidZoQswr35DUxgCJBKg
j1LI6/5A2lajoGjxndTsEKAiU8ta+9ipLSkNbOxgrekT0xKODqR3I7a+SB+3wDJF
9ig0mSkl/lNpuknBT2WWjlwlJgjMG9h2QYnSEjP9gdr0w1XVicy8
-----END CERTIFICATE-----