Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/wtqbZIYyVG1_x4_qhHJQfNzbaD8.roa
File:                     wtqbZIYyVG1_x4_qhHJQfNzbaD8.roa (raw, json)
Hash identifier:          JWu9hhE0ShvqWOgvQABRaaOn4f9O2HgvYu9c2Gx83e8=
Subject key identifier:   C2:DA:9B:64:86:32:54:6D:7F:C7:8F:EA:84:72:50:7C:DC:DB:68:3F
Certificate issuer:       /CN=e4be8efec1fb03d8af979af1cba13a0845a7b0ba
Certificate serial:       018F29D961AA7267BFA2E5C8D0C1CBEECC1E
Authority key identifier: E4:BE:8E:FE:C1:FB:03:D8:AF:97:9A:F1:CB:A1:3A:08:45:A7:B0:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5L6O_sH7A9ivl5rxy6E6CEWnsLo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/wtqbZIYyVG1_x4_qhHJQfNzbaD8.roa
Signing time:             Mon 29 Apr 2024 12:34:23 +0000
ROA not before:           Mon 29 Apr 2024 12:34:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210301
IP address blocks:        91.213.124.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/5L6O_sH7A9ivl5rxy6E6CEWnsLo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/5L6O_sH7A9ivl5rxy6E6CEWnsLo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5L6O_sH7A9ivl5rxy6E6CEWnsLo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:29:d9:61:aa:72:67:bf:a2:e5:c8:d0:c1:cb:ee:cc:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4be8efec1fb03d8af979af1cba13a0845a7b0ba
        Validity
            Not Before: Apr 29 12:34:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2da9b648632546d7fc78fea8472507cdcdb683f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:c2:a2:ff:00:c7:02:eb:dd:e1:71:ad:72:ac:
                    b1:7e:b4:52:20:4d:b6:bc:de:0f:e0:c3:d6:57:9e:
                    b2:5c:3b:ea:25:ab:7f:0c:ac:ed:95:6c:75:51:52:
                    1f:d9:2d:80:55:e8:25:00:7a:1c:46:b3:79:63:f0:
                    e5:49:6d:96:ed:2f:ec:7f:69:e8:ab:df:a5:54:e2:
                    54:bc:7d:4a:d1:35:3f:cc:bc:ef:29:e2:4f:c8:7a:
                    e7:66:06:e2:d8:32:3b:72:d3:cd:20:d3:8c:38:23:
                    b3:e2:dc:78:52:ac:60:c6:b1:95:31:ae:ae:2a:4c:
                    72:ea:1b:42:78:df:6b:89:a8:4e:67:31:f5:0d:08:
                    d6:7c:56:26:17:20:09:0e:53:55:c4:6b:aa:06:62:
                    a9:cb:30:18:4c:22:10:fb:12:cf:e0:5c:21:ee:de:
                    ec:0f:78:d5:9b:84:e3:27:70:48:b4:a5:8c:fa:72:
                    88:bd:ae:62:f7:53:29:4f:45:2a:d0:a3:cd:3a:2c:
                    26:5e:e7:00:b8:8f:19:b4:b2:1d:50:ca:da:3a:f5:
                    3c:34:bd:8a:0f:58:9d:8f:62:2a:9d:be:18:39:53:
                    32:47:6c:2d:da:ed:d7:5d:2f:dd:b1:3f:e5:e9:3e:
                    ac:62:fb:2e:8a:5f:c3:e8:05:68:80:0d:c6:06:8f:
                    1f:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:DA:9B:64:86:32:54:6D:7F:C7:8F:EA:84:72:50:7C:DC:DB:68:3F
            X509v3 Authority Key Identifier:
                keyid:E4:BE:8E:FE:C1:FB:03:D8:AF:97:9A:F1:CB:A1:3A:08:45:A7:B0:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5L6O_sH7A9ivl5rxy6E6CEWnsLo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/wtqbZIYyVG1_x4_qhHJQfNzbaD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/0f9f02-c2ad-4ec8-b4d5-dfbfa3fcf021/1/5L6O_sH7A9ivl5rxy6E6CEWnsLo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:03:2e:a7:0e:e4:a2:25:38:5a:52:c3:a5:2b:a1:6e:44:32:
         20:33:2f:da:ef:ae:12:63:7b:55:35:43:a6:47:51:49:f6:47:
         fb:44:19:2e:dc:be:37:f9:cf:94:5a:36:9e:25:75:74:85:74:
         e9:80:33:cc:da:38:5d:96:31:cd:d3:64:f3:2e:28:82:15:09:
         a9:b4:5e:69:b1:1f:62:59:39:07:70:4b:48:c9:ed:7d:d6:98:
         fc:5d:99:a0:d0:bd:76:cd:92:6c:85:56:6d:6b:97:34:c8:39:
         0c:d5:41:27:17:eb:17:80:55:3b:91:6f:c5:f7:b8:c5:79:c8:
         b1:42:84:2d:4a:4c:f2:e9:5b:6e:51:1d:fa:1b:fe:5c:03:51:
         ef:03:41:b6:6b:bb:fa:d1:23:82:94:fd:ac:2f:4d:57:94:01:
         e9:3d:58:54:8f:cd:1c:68:17:fb:45:00:97:dd:e2:05:7f:80:
         1c:8f:bc:b6:e6:a5:c2:d2:14:25:21:16:89:89:a8:a0:c6:e5:
         04:73:91:e7:28:85:b5:25:dd:7b:e4:8e:17:0c:a2:8d:c6:5d:
         a5:f2:61:30:cb:40:5e:5e:75:0b:15:5a:23:8e:ed:50:93:20:
         10:88:a5:88:73:63:4a:79:98:27:b9:19:f0:c0:20:17:0f:90:
         38:ad:99:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8p2WGqcme/ouXI0MHL7sweMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YmU4ZWZlYzFmYjAzZDhhZjk3OWFmMWNiYTEzYTA4NDVh
N2IwYmEwHhcNMjQwNDI5MTIzNDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmRhOWI2NDg2MzI1NDZkN2ZjNzhmZWE4NDcyNTA3Y2RjZGI2ODNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4MKi/wDHAuvd4XGtcqyxfrRSIE22
vN4P4MPWV56yXDvqJat/DKztlWx1UVIf2S2AVeglAHocRrN5Y/DlSW2W7S/sf2no
q9+lVOJUvH1K0TU/zLzvKeJPyHrnZgbi2DI7ctPNINOMOCOz4tx4UqxgxrGVMa6u
Kkxy6htCeN9riahOZzH1DQjWfFYmFyAJDlNVxGuqBmKpyzAYTCIQ+xLP4Fwh7t7s
D3jVm4TjJ3BItKWM+nKIva5i91MpT0Uq0KPNOiwmXucAuI8ZtLIdUMraOvU8NL2K
D1idj2Iqnb4YOVMyR2wt2u3XXS/dsT/l6T6sYvsuil/D6AVogA3GBo8fMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMLam2SGMlRtf8eP6oRyUHzc22g/MB8GA1UdIwQY
MBaAFOS+jv7B+wPYr5ea8cuhOghFp7C6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUw2T19zSDdBOWl2bDVyeHk2RTZDRVduc0xvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wZjlmMDItYzJhZC00ZWM4LWI0ZDUt
ZGZiZmEzZmNmMDIxLzEvd3RxYlpJWXlWRzFfeDRfcWhISlFmTnpiYUQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wZjlmMDItYzJhZC00ZWM4LWI0ZDUtZGZiZmEzZmNmMDIx
LzEvNUw2T19zSDdBOWl2bDVyeHk2RTZDRVduc0xvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9V8MA0G
CSqGSIb3DQEBCwUAA4IBAQARAy6nDuSiJThaUsOlK6FuRDIgMy/a764SY3tVNUOm
R1FJ9kf7RBku3L43+c+UWjaeJXV0hXTpgDPM2jhdljHN02TzLiiCFQmptF5psR9i
WTkHcEtIye191pj8XZmg0L12zZJshVZta5c0yDkM1UEnF+sXgFU7kW/F97jFecix
QoQtSkzy6VtuUR36G/5cA1HvA0G2a7v60SOClP2sL01XlAHpPVhUj80caBf7RQCX
3eIFf4Acj7y25qXC0hQlIRaJiaigxuUEc5HnKIW1Jd175I4XDKKNxl2l8mEwy0Be
XnULFVojju1QkyAQiKWIc2NKeZgnuRnwwCAXD5A4rZmi
-----END CERTIFICATE-----