Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/WhzjJve3xR0Jm0AJ0THDiwY9eAs.roa
File:                     WhzjJve3xR0Jm0AJ0THDiwY9eAs.roa (raw, json)
Hash identifier:          Q/YnYA1joCvPKyGJ0GPOGSbkGXgVJ9dWbCfpObVZQvA=
Subject key identifier:   5A:1C:E3:26:F7:B7:C5:1D:09:9B:40:09:D1:31:C3:8B:06:3D:78:0B
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       01914B0981424FE1ED45512EE783EA42B582
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/WhzjJve3xR0Jm0AJ0THDiwY9eAs.roa
Signing time:             Tue 13 Aug 2024 09:19:59 +0000
ROA not before:           Tue 13 Aug 2024 09:19:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29641
IP address blocks:        193.124.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:4b:09:81:42:4f:e1:ed:45:51:2e:e7:83:ea:42:b5:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Aug 13 09:19:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a1ce326f7b7c51d099b4009d131c38b063d780b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:ce:0d:71:9c:8b:87:1e:6e:f0:4b:2c:7c:f1:
                    9c:fa:44:45:65:67:62:63:1d:2f:89:ee:a3:ad:91:
                    55:1f:a0:35:f7:97:0a:6e:fe:52:fc:67:a5:17:85:
                    d0:66:dd:05:24:88:3f:c2:f9:8d:da:5e:a9:aa:84:
                    7f:ca:35:32:b7:10:ab:74:73:d2:48:43:b5:17:bd:
                    d7:f9:0b:35:c1:3f:af:e8:c1:46:27:c7:61:aa:29:
                    0e:63:a0:a4:35:8c:da:b4:9a:d9:1d:67:b6:be:fa:
                    d9:fb:5c:00:5c:22:29:18:11:30:2f:55:16:5e:26:
                    5f:bc:78:00:43:56:61:1d:ab:1b:4b:99:e2:c3:60:
                    bc:39:a2:c3:68:f6:73:b6:bc:7f:ca:bb:0b:5d:52:
                    56:cc:98:31:15:d5:e1:84:a1:0b:47:f1:ed:35:50:
                    b8:54:5e:bd:11:95:2a:bc:83:47:d6:d5:f2:16:6b:
                    fe:f8:2e:42:a4:5e:27:92:25:69:f9:60:0c:3a:27:
                    5e:a0:6e:a0:c9:e7:09:3f:d1:51:6c:ae:c4:7c:79:
                    2f:42:55:a8:67:b4:4f:ee:41:0d:24:14:4b:03:8d:
                    e1:65:a1:e5:6e:ff:43:67:6a:e3:bc:d2:fa:3a:4f:
                    74:d3:fe:49:07:f0:5d:9b:73:06:4d:a0:ae:a7:83:
                    7d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:1C:E3:26:F7:B7:C5:1D:09:9B:40:09:D1:31:C3:8B:06:3D:78:0B
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/WhzjJve3xR0Jm0AJ0THDiwY9eAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.124.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:5a:36:11:b1:b5:03:b0:f8:f1:a1:c5:23:fe:c7:42:e0:1b:
         68:c4:4b:f6:12:b5:c7:7c:ab:3a:b0:20:1e:b1:b7:c6:94:0c:
         7d:da:99:c6:3c:94:25:b6:34:a8:64:ca:c5:88:4a:04:b3:52:
         7f:99:19:dd:9a:cc:9c:35:7a:5e:db:b8:5d:e6:cb:65:17:60:
         1f:91:53:59:cc:09:17:8a:90:fa:38:2e:fc:4c:cc:1a:b4:dd:
         0d:1d:06:c8:84:5b:67:a5:bd:46:dd:5f:eb:84:4f:85:5a:9c:
         ee:bc:a9:06:fc:63:3c:74:3d:df:8f:ee:da:46:84:3f:50:1b:
         d3:16:5c:56:d0:f8:be:6d:eb:a2:86:da:25:6d:0d:c0:d8:72:
         34:c2:53:71:62:85:d4:f4:48:37:e9:95:1d:e0:e6:59:3b:d8:
         17:85:5e:85:1a:92:7f:97:17:77:86:10:fe:07:9b:3c:a4:74:
         cc:f3:18:88:35:21:2c:33:6d:b0:7a:8e:8b:2a:a5:69:d0:15:
         38:93:ea:97:8e:5c:51:cc:95:9b:08:95:d9:93:98:e4:e1:de:
         f4:76:9c:e9:b5:1d:07:8d:97:b1:9d:10:9d:ab:d2:97:46:d5:
         95:d7:fa:bb:16:bf:09:fe:61:2d:09:c1:07:d7:d1:64:5c:b2:
         14:08:a6:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFLCYFCT+HtRVEu54PqQrWCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwODEzMDkxOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTFjZTMyNmY3YjdjNTFkMDk5YjQwMDlkMTMxYzM4YjA2M2Q3ODBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8M4NcZyLhx5u8EssfPGc+kRFZWdi
Yx0vie6jrZFVH6A195cKbv5S/GelF4XQZt0FJIg/wvmN2l6pqoR/yjUytxCrdHPS
SEO1F73X+Qs1wT+v6MFGJ8dhqikOY6CkNYzatJrZHWe2vvrZ+1wAXCIpGBEwL1UW
XiZfvHgAQ1ZhHasbS5niw2C8OaLDaPZztrx/yrsLXVJWzJgxFdXhhKELR/HtNVC4
VF69EZUqvINH1tXyFmv++C5CpF4nkiVp+WAMOideoG6gyecJP9FRbK7EfHkvQlWo
Z7RP7kENJBRLA43hZaHlbv9DZ2rjvNL6Ok900/5JB/Bdm3MGTaCup4N99wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFoc4yb3t8UdCZtACdExw4sGPXgLMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvV2h6akp2ZTN4UjBKbTBBSjBUSERpd1k5ZUFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwXy9MA0G
CSqGSIb3DQEBCwUAA4IBAQAQWjYRsbUDsPjxocUj/sdC4BtoxEv2ErXHfKs6sCAe
sbfGlAx92pnGPJQltjSoZMrFiEoEs1J/mRndmsycNXpe27hd5stlF2AfkVNZzAkX
ipD6OC78TMwatN0NHQbIhFtnpb1G3V/rhE+FWpzuvKkG/GM8dD3fj+7aRoQ/UBvT
FlxW0Pi+beuihtolbQ3A2HI0wlNxYoXU9Eg36ZUd4OZZO9gXhV6FGpJ/lxd3hhD+
B5s8pHTM8xiINSEsM22weo6LKqVp0BU4k+qXjlxRzJWbCJXZk5jk4d70dpzptR0H
jZexnRCdq9KXRtWV1/q7Fr8J/mEtCcEH19FkXLIUCKY9
-----END CERTIFICATE-----