Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/e738c9-c821-434e-a26e-8a84bfd8f099/1/WK5yiD2YlAAjSJJ6wlptVmV6bHQ.roa
File:                     WK5yiD2YlAAjSJJ6wlptVmV6bHQ.roa (raw, json)
Hash identifier:          jrzCgAmbVklL+jStYD3i1DE2ygFik+CsgeEHH5EzsI4=
Subject key identifier:   58:AE:72:88:3D:98:94:00:23:48:92:7A:C2:5A:6D:56:65:7A:6C:74
Certificate issuer:       /CN=328d4d74f2415a357fe74dbe040f0154f1dacf7c
Certificate serial:       018CC793DF65BC58D705404E735792A492C5
Authority key identifier: 32:8D:4D:74:F2:41:5A:35:7F:E7:4D:BE:04:0F:01:54:F1:DA:CF:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mo1NdPJBWjV_502-BA8BVPHaz3w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/e738c9-c821-434e-a26e-8a84bfd8f099/1/WK5yiD2YlAAjSJJ6wlptVmV6bHQ.roa
Signing time:             Tue 02 Jan 2024 00:30:06 +0000
ROA not before:           Tue 02 Jan 2024 00:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56644
IP address blocks:        91.226.24.0/24 maxlen: 24
                          91.226.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/e738c9-c821-434e-a26e-8a84bfd8f099/1/Mo1NdPJBWjV_502-BA8BVPHaz3w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/e738c9-c821-434e-a26e-8a84bfd8f099/1/Mo1NdPJBWjV_502-BA8BVPHaz3w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mo1NdPJBWjV_502-BA8BVPHaz3w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 12:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:df:65:bc:58:d7:05:40:4e:73:57:92:a4:92:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=328d4d74f2415a357fe74dbe040f0154f1dacf7c
        Validity
            Not Before: Jan  2 00:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58ae72883d9894002348927ac25a6d56657a6c74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:51:59:3b:75:a5:35:0e:5d:98:c8:0d:d1:75:
                    f9:9c:e9:d7:48:b3:60:22:2a:f3:9a:e9:8e:2a:b1:
                    94:5b:0f:2d:ae:16:e8:61:0b:3f:f4:22:d0:4c:64:
                    1b:ae:6d:5a:70:e6:63:7a:a7:41:31:7c:7b:ea:96:
                    9e:48:91:a7:bb:bb:49:bb:fa:7a:85:78:33:d7:a4:
                    4b:9e:72:3f:12:bf:30:18:17:27:e3:ad:14:36:ae:
                    f8:1d:9b:a7:1b:e2:02:41:48:5b:d6:90:7c:1e:7b:
                    86:4e:d7:44:07:f9:60:49:ac:eb:ed:28:82:8e:a4:
                    1c:f2:e0:f6:3b:22:0f:08:25:15:71:c3:da:fb:92:
                    5c:22:8e:ea:b2:49:15:87:61:56:bc:71:64:e3:6b:
                    7b:ce:c6:b5:73:db:28:1a:df:de:3a:cb:bb:ec:47:
                    fe:80:c8:15:80:3f:17:d3:4e:39:5a:95:af:8d:c7:
                    8d:34:66:39:02:55:b7:6b:18:26:6d:62:6c:b5:ed:
                    1a:20:04:07:bb:9a:b6:b9:a2:5c:50:12:0d:89:39:
                    f6:39:3d:99:d3:15:0b:2b:b9:20:58:7d:da:5c:fb:
                    28:46:f1:02:4e:69:1c:9c:e5:08:37:1f:b8:88:f8:
                    b9:43:da:36:bf:83:4c:72:5d:c3:cc:5f:30:59:55:
                    1a:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:AE:72:88:3D:98:94:00:23:48:92:7A:C2:5A:6D:56:65:7A:6C:74
            X509v3 Authority Key Identifier:
                keyid:32:8D:4D:74:F2:41:5A:35:7F:E7:4D:BE:04:0F:01:54:F1:DA:CF:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mo1NdPJBWjV_502-BA8BVPHaz3w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/e738c9-c821-434e-a26e-8a84bfd8f099/1/WK5yiD2YlAAjSJJ6wlptVmV6bHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/e738c9-c821-434e-a26e-8a84bfd8f099/1/Mo1NdPJBWjV_502-BA8BVPHaz3w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0d:60:12:79:dd:b9:c0:d4:07:04:72:af:88:bb:67:b9:0e:e4:
         bc:a9:22:c1:f8:e8:c5:3c:a8:12:52:3c:05:b2:a1:06:2b:d8:
         bf:56:85:96:e3:55:74:cb:db:64:ad:a4:5b:0d:93:84:e2:bf:
         89:83:50:57:2f:93:2d:64:e2:f2:13:eb:ff:ee:2e:bc:f5:40:
         0d:2b:01:b9:54:a9:de:b3:cc:8e:7b:f1:f3:3e:2c:44:21:fd:
         7f:6d:97:e2:6d:fe:83:46:2e:a1:34:4d:3c:04:ad:6e:c5:c2:
         76:71:df:fe:8a:85:10:1f:e4:36:ae:28:92:e6:a3:ba:e8:cf:
         6a:fa:fa:bb:77:55:10:27:7b:e4:e9:8c:d4:9f:f0:3c:74:a3:
         6b:9f:74:ae:0d:e4:8f:ac:e8:67:3c:ec:2d:1d:d8:9b:3b:7f:
         ec:61:ad:25:ae:dd:31:69:a8:c5:3a:a3:a3:f2:1d:25:db:ca:
         ef:73:f1:df:5c:33:52:47:da:3d:03:90:39:ac:1f:6a:2e:55:
         2f:97:31:9d:b7:a2:13:94:cf:52:f0:40:2b:0e:94:8b:d4:5b:
         94:4d:d0:85:10:66:62:33:7e:84:51:88:6d:4e:d7:6a:8f:53:
         60:42:71:af:aa:74:22:2f:b9:8d:ee:3b:8b:f9:38:a4:04:d7:
         94:0b:91:9e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk99lvFjXBUBOc1eSpJLFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyOGQ0ZDc0ZjI0MTVhMzU3ZmU3NGRiZTA0MGYwMTU0ZjFk
YWNmN2MwHhcNMjQwMTAyMDAzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGFlNzI4ODNkOTg5NDAwMjM0ODkyN2FjMjVhNmQ1NjY1N2E2Yzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVFZO3WlNQ5dmMgN0XX5nOnXSLNg
IirzmumOKrGUWw8trhboYQs/9CLQTGQbrm1acOZjeqdBMXx76paeSJGnu7tJu/p6
hXgz16RLnnI/Er8wGBcn460UNq74HZunG+ICQUhb1pB8HnuGTtdEB/lgSazr7SiC
jqQc8uD2OyIPCCUVccPa+5JcIo7qskkVh2FWvHFk42t7zsa1c9soGt/eOsu77Ef+
gMgVgD8X0045WpWvjceNNGY5AlW3axgmbWJste0aIAQHu5q2uaJcUBINiTn2OT2Z
0xULK7kgWH3aXPsoRvECTmkcnOUINx+4iPi5Q9o2v4NMcl3DzF8wWVUaTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFiucog9mJQAI0iSesJabVZlemx0MB8GA1UdIwQY
MBaAFDKNTXTyQVo1f+dNvgQPAVTx2s98MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW8xTmRQSkJXalZfNTAyLUJBOEJWUEhhejN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9lNzM4YzktYzgyMS00MzRlLWEyNmUt
OGE4NGJmZDhmMDk5LzEvV0s1eWlEMllsQUFqU0pKNndscHRWbVY2YkhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9lNzM4YzktYzgyMS00MzRlLWEyNmUtOGE4NGJmZDhmMDk5
LzEvTW8xTmRQSkJXalZfNTAyLUJBOEJWUEhhejN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+IYMA0G
CSqGSIb3DQEBCwUAA4IBAQANYBJ53bnA1AcEcq+Iu2e5DuS8qSLB+OjFPKgSUjwF
sqEGK9i/VoWW41V0y9tkraRbDZOE4r+Jg1BXL5MtZOLyE+v/7i689UANKwG5VKne
s8yOe/HzPixEIf1/bZfibf6DRi6hNE08BK1uxcJ2cd/+ioUQH+Q2riiS5qO66M9q
+vq7d1UQJ3vk6YzUn/A8dKNrn3SuDeSPrOhnPOwtHdibO3/sYa0lrt0xaajFOqOj
8h0l28rvc/HfXDNSR9o9A5A5rB9qLlUvlzGdt6ITlM9S8EArDpSL1FuUTdCFEGZi
M36EUYhtTtdqj1NgQnGvqnQiL7mN7juL+TikBNeUC5Ge
-----END CERTIFICATE-----