Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/WDZdRqjdO2o_bmK0QhdkKVvtuUQ.roa
File:                     WDZdRqjdO2o_bmK0QhdkKVvtuUQ.roa (raw, json)
Hash identifier:          v83Qoio34xrtZ3voSPHEtABZwMLsmzwc1MdlxsVS10Y=
Subject key identifier:   58:36:5D:46:A8:DD:3B:6A:3F:6E:62:B4:42:17:64:29:5B:ED:B9:44
Certificate issuer:       /CN=4d0ade54c27e6fcddace262c4fdf790f320fed9c
Certificate serial:       018CC348BE13E955E6A8B4194E539D2E1FBC
Authority key identifier: 4D:0A:DE:54:C2:7E:6F:CD:DA:CE:26:2C:4F:DF:79:0F:32:0F:ED:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TQreVMJ-b83aziYsT995DzIP7Zw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/WDZdRqjdO2o_bmK0QhdkKVvtuUQ.roa
Signing time:             Mon 01 Jan 2024 04:29:33 +0000
ROA not before:           Mon 01 Jan 2024 04:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35120
IP address blocks:        91.223.100.0/24 maxlen: 24
                          91.209.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/TQreVMJ-b83aziYsT995DzIP7Zw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/TQreVMJ-b83aziYsT995DzIP7Zw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TQreVMJ-b83aziYsT995DzIP7Zw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:be:13:e9:55:e6:a8:b4:19:4e:53:9d:2e:1f:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d0ade54c27e6fcddace262c4fdf790f320fed9c
        Validity
            Not Before: Jan  1 04:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58365d46a8dd3b6a3f6e62b4421764295bedb944
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:e4:3f:e2:52:52:6d:56:13:8d:4a:aa:c6:46:
                    fc:76:89:7a:9d:9f:60:0a:93:2e:6b:bb:ba:b3:8f:
                    38:08:c0:70:d1:92:34:59:fe:2f:5b:84:72:78:f8:
                    2e:0c:c3:cb:ba:f2:56:ff:7a:9a:03:29:70:4a:3c:
                    1a:82:01:c3:cf:29:f5:01:6a:d4:06:3b:24:e6:c1:
                    66:b4:04:48:51:5b:74:36:60:9b:0a:34:f4:97:20:
                    bc:4c:da:70:66:17:79:eb:25:df:df:47:19:b4:47:
                    9b:ed:81:97:41:84:67:26:0f:32:50:16:74:b5:99:
                    76:53:5a:f9:d1:11:f9:61:27:28:a0:66:81:0c:bb:
                    cc:88:68:64:ed:32:ee:db:43:fa:11:17:89:3d:67:
                    31:dd:88:37:41:3f:90:9e:88:60:77:a7:b2:a4:6b:
                    b3:1e:e4:68:bb:3a:1d:9e:59:7c:26:bf:91:99:7a:
                    74:70:3d:74:5d:37:41:ee:5b:2a:8e:d6:71:ef:42:
                    0b:ae:f5:2c:5b:3c:e4:7f:f6:6a:e3:f2:f1:77:3d:
                    19:22:74:f2:03:40:d9:99:24:a4:34:53:ec:68:21:
                    85:7b:24:f8:fc:1e:d5:25:85:6f:21:b9:f0:12:86:
                    75:54:67:7b:5e:7c:0a:8d:56:eb:32:5c:58:5c:80:
                    1f:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:36:5D:46:A8:DD:3B:6A:3F:6E:62:B4:42:17:64:29:5B:ED:B9:44
            X509v3 Authority Key Identifier:
                keyid:4D:0A:DE:54:C2:7E:6F:CD:DA:CE:26:2C:4F:DF:79:0F:32:0F:ED:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TQreVMJ-b83aziYsT995DzIP7Zw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/WDZdRqjdO2o_bmK0QhdkKVvtuUQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/8efd8b-e516-4c49-92cb-89296ccb35f5/1/TQreVMJ-b83aziYsT995DzIP7Zw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.212.0/24
                  91.223.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:0d:2a:8a:5e:9c:8b:40:f7:26:32:10:aa:8e:7a:42:51:6a:
         06:9a:72:a5:47:6d:6d:4f:0b:f6:7b:52:6f:56:19:f0:e1:a2:
         29:8f:72:ff:b4:3e:e9:76:06:1a:6c:a3:82:c6:7c:fe:c8:0f:
         a1:b6:40:0f:4c:1d:75:d1:dd:31:6f:8e:7f:75:e8:ef:88:3c:
         28:fe:a3:d2:cf:83:02:0d:ba:5b:21:ad:cc:9e:d6:e1:87:a8:
         bd:d7:be:74:48:61:9d:ec:c6:69:1f:f1:91:ce:26:31:2c:18:
         ec:31:10:25:12:d4:db:48:cd:5b:dc:0f:46:65:65:a2:9d:60:
         e0:7d:96:7e:19:ef:64:ff:2c:1f:75:e1:77:77:15:22:2a:29:
         a5:38:c9:25:3a:cd:b9:61:62:e5:02:ea:f2:9a:dc:de:4b:d2:
         6c:d9:5f:fa:d9:b3:0d:bf:3f:43:ef:20:0c:89:85:1a:df:57:
         27:af:64:fe:c9:fe:be:1f:6b:24:c5:f6:00:27:dc:fe:73:fe:
         5a:0b:87:41:38:0e:9b:65:73:9e:cd:f2:0a:4f:4b:9e:de:d6:
         dd:a2:0e:44:db:4a:56:56:f9:24:7f:a9:47:67:50:84:69:2e:
         27:84:84:76:df:50:ad:73:f7:fd:3f:8f:8b:07:0f:1e:2d:f2:
         52:74:c8:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSL4T6VXmqLQZTlOdLh+8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkMGFkZTU0YzI3ZTZmY2RkYWNlMjYyYzRmZGY3OTBmMzIw
ZmVkOWMwHhcNMjQwMTAxMDQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODM2NWQ0NmE4ZGQzYjZhM2Y2ZTYyYjQ0MjE3NjQyOTViZWRiOTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAheQ/4lJSbVYTjUqqxkb8dol6nZ9g
CpMua7u6s484CMBw0ZI0Wf4vW4RyePguDMPLuvJW/3qaAylwSjwaggHDzyn1AWrU
Bjsk5sFmtARIUVt0NmCbCjT0lyC8TNpwZhd56yXf30cZtEeb7YGXQYRnJg8yUBZ0
tZl2U1r50RH5YScooGaBDLvMiGhk7TLu20P6EReJPWcx3Yg3QT+Qnohgd6eypGuz
HuRouzodnll8Jr+RmXp0cD10XTdB7lsqjtZx70ILrvUsWzzkf/Zq4/Lxdz0ZInTy
A0DZmSSkNFPsaCGFeyT4/B7VJYVvIbnwEoZ1VGd7XnwKjVbrMlxYXIAfAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFg2XUao3TtqP25itEIXZClb7blEMB8GA1UdIwQY
MBaAFE0K3lTCfm/N2s4mLE/feQ8yD+2cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFFyZVZNSi1iODNhemlZc1Q5OTVEeklQN1p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC84ZWZkOGItZTUxNi00YzQ5LTkyY2It
ODkyOTZjY2IzNWY1LzEvV0RaZFJxamRPMm9fYm1LMFFoZGtLVnZ0dVVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC84ZWZkOGItZTUxNi00YzQ5LTkyY2ItODkyOTZjY2IzNWY1
LzEvVFFyZVZNSi1iODNhemlZc1Q5OTVEeklQN1p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9HUAwQA
W99kMA0GCSqGSIb3DQEBCwUAA4IBAQBVDSqKXpyLQPcmMhCqjnpCUWoGmnKlR21t
Twv2e1JvVhnw4aIpj3L/tD7pdgYabKOCxnz+yA+htkAPTB110d0xb45/dejviDwo
/qPSz4MCDbpbIa3Mntbhh6i91750SGGd7MZpH/GRziYxLBjsMRAlEtTbSM1b3A9G
ZWWinWDgfZZ+Ge9k/ywfdeF3dxUiKimlOMklOs25YWLlAurymtzeS9Js2V/62bMN
vz9D7yAMiYUa31cnr2T+yf6+H2skxfYAJ9z+c/5aC4dBOA6bZXOezfIKT0ue3tbd
og5E20pWVvkkf6lHZ1CEaS4nhIR231Ctc/f9P4+LBw8eLfJSdMhs
-----END CERTIFICATE-----