Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/WGVFdHdOhrZ6oEGNKaADeEDXEkc.roa
File:                     WGVFdHdOhrZ6oEGNKaADeEDXEkc.roa (raw, json)
Hash identifier:          upyn2YAU1bBK3yksfLZUYvn/2Yyr6nO1tneR3QTm/D0=
Subject key identifier:   58:65:45:74:77:4E:86:B6:7A:A0:41:8D:29:A0:03:78:40:D7:12:47
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       0196821E21F01902BED77D6DAD315C8BAEF0
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/WGVFdHdOhrZ6oEGNKaADeEDXEkc.roa
Signing time:             Tue 29 Apr 2025 15:15:34 +0000
ROA not before:           Tue 29 Apr 2025 15:15:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41111
IP address blocks:        91.231.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:82:1e:21:f0:19:02:be:d7:7d:6d:ad:31:5c:8b:ae:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Apr 29 15:15:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58654574774e86b67aa0418d29a0037840d71247
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c7:1a:cd:50:34:a9:b6:d6:34:fd:5d:23:36:
                    58:66:42:d9:67:f6:cf:49:ad:13:8b:76:af:d5:c5:
                    dc:bc:78:45:f5:24:60:86:6c:2d:e7:3a:a3:5e:eb:
                    50:6b:3b:ae:5d:ea:5d:5d:8e:60:23:81:d4:b6:d4:
                    9c:c5:74:99:e5:7b:d3:2c:30:28:1a:3f:d5:0e:ba:
                    7d:4e:e6:70:93:f5:e6:83:ec:83:ed:3a:f2:76:8e:
                    af:6f:2f:41:56:1d:3c:a6:0a:b6:4e:b5:9d:a3:72:
                    0a:9a:b5:e1:79:53:31:17:4d:be:a2:87:4f:d0:a3:
                    00:8b:3e:da:b3:33:2b:1a:09:af:af:9d:8a:38:69:
                    5d:3b:3f:e8:b8:df:29:3e:54:83:61:56:2d:f7:c9:
                    d0:cf:52:80:35:67:9d:ad:10:cb:44:1a:ed:0e:f2:
                    89:f3:b5:e2:c3:23:8b:cc:d4:35:54:bf:a2:de:a5:
                    3b:23:27:70:9b:8c:be:7d:b6:31:90:30:ba:23:34:
                    52:48:23:48:c5:de:3d:d4:1f:e1:77:18:3a:85:60:
                    5d:12:0c:48:8f:0b:55:44:7b:04:2f:58:7c:87:75:
                    92:15:a4:3a:08:b5:26:8c:38:e9:8a:61:bd:b7:69:
                    c0:b5:3b:14:71:b0:02:3f:1a:36:ae:1f:54:54:93:
                    e1:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:65:45:74:77:4E:86:B6:7A:A0:41:8D:29:A0:03:78:40:D7:12:47
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/WGVFdHdOhrZ6oEGNKaADeEDXEkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:d0:a3:93:fa:74:94:6d:03:0c:6e:5b:e4:00:2e:ad:e1:a7:
         40:b7:c5:46:52:d5:dd:2b:1d:6a:89:b1:11:42:4e:58:dc:72:
         83:89:67:d3:ec:93:ad:3a:90:c6:06:cf:bd:9a:cc:02:87:4a:
         10:35:48:49:56:3c:c5:c2:55:e7:dc:4f:33:51:6e:46:23:d2:
         a3:22:5d:65:8e:73:1b:aa:1d:31:91:4c:e9:17:54:21:0f:30:
         3d:fa:b1:a6:61:f4:da:1f:ee:34:19:6c:2d:f4:c6:56:ef:ea:
         17:83:ad:2c:19:6d:f7:d9:e0:ca:d4:cb:17:04:a4:1c:87:db:
         de:fa:e0:60:7d:90:f5:f6:33:3e:f7:be:05:19:3c:a1:8b:db:
         19:17:30:ae:ee:18:0d:2a:c7:28:96:41:ef:70:41:f9:d4:a7:
         0e:f7:4c:65:69:1e:7d:53:5f:87:f8:db:66:b5:3a:3b:c4:f1:
         5e:7d:62:53:07:88:d2:f0:ca:f2:0c:da:e9:54:fa:b6:6d:ad:
         c6:93:85:37:48:53:af:43:8f:a9:a3:ff:c6:51:11:6e:53:fc:
         0e:15:23:96:8e:e0:6f:c8:ce:fc:a1:a7:d7:0d:8a:b1:68:55:
         a3:d9:53:64:ff:42:e8:0e:bf:b0:3c:79:2a:06:43:49:76:f5:
         fb:35:40:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaCHiHwGQK+131trTFci67wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjUwNDI5MTUxNTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODY1NDU3NDc3NGU4NmI2N2FhMDQxOGQyOWEwMDM3ODQwZDcxMjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArscazVA0qbbWNP1dIzZYZkLZZ/bP
Sa0Ti3av1cXcvHhF9SRghmwt5zqjXutQazuuXepdXY5gI4HUttScxXSZ5XvTLDAo
Gj/VDrp9TuZwk/Xmg+yD7Trydo6vby9BVh08pgq2TrWdo3IKmrXheVMxF02+oodP
0KMAiz7aszMrGgmvr52KOGldOz/ouN8pPlSDYVYt98nQz1KANWedrRDLRBrtDvKJ
87XiwyOLzNQ1VL+i3qU7Iydwm4y+fbYxkDC6IzRSSCNIxd491B/hdxg6hWBdEgxI
jwtVRHsEL1h8h3WSFaQ6CLUmjDjpimG9t2nAtTsUcbACPxo2rh9UVJPhfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFhlRXR3Toa2eqBBjSmgA3hA1xJHMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvV0dWRmRIZE9oclo2b0VHTkthQURlRURYRWtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+e0MA0G
CSqGSIb3DQEBCwUAA4IBAQAU0KOT+nSUbQMMblvkAC6t4adAt8VGUtXdKx1qibER
Qk5Y3HKDiWfT7JOtOpDGBs+9mswCh0oQNUhJVjzFwlXn3E8zUW5GI9KjIl1ljnMb
qh0xkUzpF1QhDzA9+rGmYfTaH+40GWwt9MZW7+oXg60sGW332eDK1MsXBKQch9ve
+uBgfZD19jM+974FGTyhi9sZFzCu7hgNKscolkHvcEH51KcO90xlaR59U1+H+Ntm
tTo7xPFefWJTB4jS8MryDNrpVPq2ba3Gk4U3SFOvQ4+po//GURFuU/wOFSOWjuBv
yM78oafXDYqxaFWj2VNk/0LoDr+wPHkqBkNJdvX7NUCZ
-----END CERTIFICATE-----