Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/w2v3C0RulQMR2Kr-22tJFdc4-d8.roa
File:                     w2v3C0RulQMR2Kr-22tJFdc4-d8.roa (raw, json)
Hash identifier:          UdkyukIXOp39kT2LKuDXQ8LsTI28V3DlbLUN09SC1gk=
Subject key identifier:   C3:6B:F7:0B:44:6E:95:03:11:D8:AA:FE:DB:6B:49:15:D7:38:F9:DF
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0190CB0B61562295426E3D5388179FC57A13
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/w2v3C0RulQMR2Kr-22tJFdc4-d8.roa
Signing time:             Fri 19 Jul 2024 12:50:38 +0000
ROA not before:           Fri 19 Jul 2024 12:50:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215584
IP address blocks:        92.118.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:cb:0b:61:56:22:95:42:6e:3d:53:88:17:9f:c5:7a:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jul 19 12:50:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c36bf70b446e950311d8aafedb6b4915d738f9df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:af:25:83:06:f3:4e:b6:c1:36:32:1e:dd:e0:
                    35:f1:d3:5d:16:d6:39:4f:cf:1a:c4:d7:3f:d4:7c:
                    01:45:37:63:41:15:da:9b:64:ff:27:f1:37:29:ac:
                    b4:24:47:b9:e3:7f:11:e1:ce:c2:62:7f:61:f0:6d:
                    06:a2:b1:fb:36:b2:89:4c:32:91:3b:ec:c4:3b:c3:
                    b2:7b:1d:0d:5a:20:39:2d:23:87:ca:a2:56:7a:31:
                    54:88:97:45:ff:64:88:a6:18:ca:1d:00:a9:aa:fc:
                    7d:3e:4e:dd:c3:60:26:23:bb:aa:c2:b5:31:1d:ee:
                    04:b4:c0:74:78:29:d7:05:b7:e0:0a:df:c2:6a:c7:
                    de:81:c6:a9:58:c2:48:f0:67:5d:a7:4b:20:07:8d:
                    55:bc:79:b0:78:0d:41:0e:f3:70:b1:e9:b6:90:be:
                    f7:97:ea:43:77:9c:ca:c5:a1:7c:05:e1:0f:e7:a6:
                    42:42:8a:53:56:1a:e2:f3:ae:54:61:f0:34:4e:61:
                    2b:36:1e:4c:3c:77:9e:69:2f:02:ea:0f:85:9a:43:
                    0e:10:28:f7:eb:be:38:ab:89:84:23:fe:8a:70:72:
                    8d:81:e8:52:35:ae:2a:b8:5e:ed:00:26:e0:34:a2:
                    d4:ed:8b:74:aa:16:5a:eb:96:57:71:99:10:89:3e:
                    c5:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:6B:F7:0B:44:6E:95:03:11:D8:AA:FE:DB:6B:49:15:D7:38:F9:DF
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/w2v3C0RulQMR2Kr-22tJFdc4-d8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.118.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:a9:14:ff:2a:dd:6d:67:35:51:25:ee:bd:d5:7c:3b:3b:f9:
         02:ef:d4:3e:60:f4:1f:70:3b:66:95:07:87:b4:04:56:06:0b:
         61:a0:7b:f2:30:2e:57:04:1a:55:05:8b:d6:40:40:7f:c0:4d:
         42:5d:ff:6f:4e:b0:22:fb:73:57:09:da:18:78:18:ff:5f:de:
         1a:21:d6:d7:0d:57:e1:ec:4b:3a:09:48:62:34:a7:11:e5:41:
         96:a7:2c:07:f1:6d:d4:38:8e:08:e8:cf:22:b4:20:9d:d9:5d:
         f2:de:6a:73:94:15:a4:62:9c:59:1f:da:c3:05:ed:e1:aa:3d:
         1c:b6:5b:b3:89:02:5c:0e:9b:c6:61:51:8f:8b:31:bc:a0:aa:
         16:96:92:c0:9a:a7:ee:20:7c:6b:48:e3:a0:8d:1a:b8:ed:78:
         75:94:6c:ef:f9:99:8f:1e:1c:2d:c2:82:1d:a8:f3:08:fe:15:
         06:e3:a6:55:0e:2f:2b:d4:3f:ff:ee:0a:56:79:ac:35:ce:9f:
         f1:44:8a:36:d8:16:26:19:ee:8e:de:b0:16:78:13:0b:18:73:
         7d:bb:9f:fe:5d:b5:fe:aa:36:ab:be:da:6e:be:68:49:45:90:
         0f:fd:be:7a:85:fd:f9:75:f5:6c:a4:03:18:bc:08:52:e6:70:
         02:f1:a5:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDLC2FWIpVCbj1TiBefxXoTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwNzE5MTI1MDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzZiZjcwYjQ0NmU5NTAzMTFkOGFhZmVkYjZiNDkxNWQ3MzhmOWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs68lgwbzTrbBNjIe3eA18dNdFtY5
T88axNc/1HwBRTdjQRXam2T/J/E3Kay0JEe5438R4c7CYn9h8G0GorH7NrKJTDKR
O+zEO8Oyex0NWiA5LSOHyqJWejFUiJdF/2SIphjKHQCpqvx9Pk7dw2AmI7uqwrUx
He4EtMB0eCnXBbfgCt/CasfegcapWMJI8Gddp0sgB41VvHmweA1BDvNwsem2kL73
l+pDd5zKxaF8BeEP56ZCQopTVhri865UYfA0TmErNh5MPHeeaS8C6g+FmkMOECj3
6744q4mEI/6KcHKNgehSNa4quF7tACbgNKLU7Yt0qhZa65ZXcZkQiT7F4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMNr9wtEbpUDEdiq/ttrSRXXOPnfMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvdzJ2M0MwUnVsUU1SMktyLTIydEpGZGM0LWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHYLMA0G
CSqGSIb3DQEBCwUAA4IBAQCkqRT/Kt1tZzVRJe691Xw7O/kC79Q+YPQfcDtmlQeH
tARWBgthoHvyMC5XBBpVBYvWQEB/wE1CXf9vTrAi+3NXCdoYeBj/X94aIdbXDVfh
7Es6CUhiNKcR5UGWpywH8W3UOI4I6M8itCCd2V3y3mpzlBWkYpxZH9rDBe3hqj0c
tluziQJcDpvGYVGPizG8oKoWlpLAmqfuIHxrSOOgjRq47Xh1lGzv+ZmPHhwtwoId
qPMI/hUG46ZVDi8r1D//7gpWeaw1zp/xRIo22BYmGe6O3rAWeBMLGHN9u5/+XbX+
qjarvtpuvmhJRZAP/b56hf35dfVspAMYvAhS5nAC8aXm
-----END CERTIFICATE-----