Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/Wlkf_dgl2CDajO6-z9NvJWePN0k.roa
File:                     Wlkf_dgl2CDajO6-z9NvJWePN0k.roa (raw, json)
Hash identifier:          aDEf0d0RVL94C52mYMG9IE0//IBISHniNBwVMgBwX0A=
Subject key identifier:   5A:59:1F:FD:D8:25:D8:20:DA:8C:EE:BE:CF:D3:6F:25:67:8F:37:49
Certificate issuer:       /CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
Certificate serial:       019024D2841452D65ABA815B98CDF24E8F63
Authority key identifier: 52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/Wlkf_dgl2CDajO6-z9NvJWePN0k.roa
Signing time:             Mon 17 Jun 2024 06:11:34 +0000
ROA not before:           Mon 17 Jun 2024 06:11:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 02:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:24:d2:84:14:52:d6:5a:ba:81:5b:98:cd:f2:4e:8f:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
        Validity
            Not Before: Jun 17 06:11:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a591ffdd825d820da8ceebecfd36f25678f3749
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:cc:6d:a1:27:11:dc:10:34:ee:04:60:9b:c6:
                    b7:b8:c2:70:76:3c:73:a4:3c:76:ec:97:f2:4f:2f:
                    10:62:1c:30:9d:79:37:a5:38:73:d5:f8:90:d6:1e:
                    1a:d2:ad:1c:c8:af:83:2a:9e:8e:33:46:42:28:45:
                    c9:e9:6b:f2:c3:8f:40:8e:73:74:82:2c:28:4f:8f:
                    ae:f5:f5:42:51:ca:43:f3:1b:c9:ba:ac:e8:f4:89:
                    52:da:ee:08:6a:33:35:de:cf:95:5d:f5:71:06:58:
                    0e:cc:28:3c:03:10:38:8c:68:5f:a5:0c:5f:e8:2d:
                    1a:95:3f:8c:02:ed:22:6e:ed:b2:38:ad:57:50:f3:
                    d0:2e:46:6c:61:5c:64:51:7a:89:f6:f2:4c:ae:2e:
                    8d:88:b3:4e:3d:50:44:30:62:5f:ed:2c:12:2f:1c:
                    3b:1a:96:9c:bd:f6:ea:60:33:f5:6c:c3:e2:61:85:
                    ea:d6:15:15:30:6f:e5:5d:81:71:0f:5c:99:fc:72:
                    d2:8b:ff:24:fb:31:11:b6:7f:3c:19:24:5d:81:3b:
                    93:11:39:1e:3d:30:bb:29:ca:06:d1:2b:f3:ac:51:
                    70:2f:b7:99:80:84:1c:1a:b2:b1:2e:ee:44:d5:b7:
                    44:10:49:ce:32:d9:54:d4:36:6f:45:0e:35:72:5b:
                    e1:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:59:1F:FD:D8:25:D8:20:DA:8C:EE:BE:CF:D3:6F:25:67:8F:37:49
            X509v3 Authority Key Identifier:
                keyid:52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/Wlkf_dgl2CDajO6-z9NvJWePN0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:6c:92:7e:89:f4:8b:91:72:aa:b1:e3:56:eb:16:48:4c:3b:
         93:4b:1f:5a:45:ca:6a:36:96:4a:34:5e:e6:79:55:bb:6f:c0:
         65:1e:39:cd:f2:22:89:63:c1:af:20:0d:4e:26:61:86:f1:14:
         37:95:a6:2d:59:01:a9:ff:83:26:01:eb:a6:c4:b1:94:51:c3:
         a9:fa:ce:d9:43:a0:1f:48:b5:b7:a3:e7:f0:eb:e1:92:b9:88:
         bb:93:ca:36:25:d5:7d:53:95:00:11:ba:8f:ab:25:2a:0c:ab:
         c1:4a:95:bb:00:cb:89:32:be:32:ff:5b:06:3f:05:dc:23:48:
         17:21:fa:31:fd:e7:d5:4f:7b:97:52:a4:64:6e:fb:2a:bf:4f:
         c1:ba:bb:02:77:5f:80:61:45:94:bd:4f:8d:a5:e1:51:77:37:
         48:3e:45:8f:3a:43:99:d2:7b:4d:ad:fd:92:85:f0:59:0e:4e:
         9c:71:8e:38:cd:4b:d9:ea:d1:a0:de:1f:31:5c:91:a9:93:0e:
         15:4a:24:ed:a7:dd:71:8e:91:b0:e1:e2:b9:09:89:98:da:26:
         a8:f3:30:40:66:f7:89:23:48:19:74:6f:a6:14:62:85:da:fc:
         79:4a:d8:22:97:cc:95:d9:ce:1b:97:46:8e:bb:d2:a5:3f:e3:
         60:70:b5:91
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZAk0oQUUtZauoFbmM3yTo9jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNjIwNDE1ZDI0OTBhNWVjM2Y2OTI1YjlmNzkwNDBlOGUy
MmRkYmYwHhcNMjQwNjE3MDYxMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTU5MWZmZGQ4MjVkODIwZGE4Y2VlYmVjZmQzNmYyNTY3OGYzNzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8xtoScR3BA07gRgm8a3uMJwdjxz
pDx27JfyTy8QYhwwnXk3pThz1fiQ1h4a0q0cyK+DKp6OM0ZCKEXJ6Wvyw49AjnN0
giwoT4+u9fVCUcpD8xvJuqzo9IlS2u4IajM13s+VXfVxBlgOzCg8AxA4jGhfpQxf
6C0alT+MAu0ibu2yOK1XUPPQLkZsYVxkUXqJ9vJMri6NiLNOPVBEMGJf7SwSLxw7
GpacvfbqYDP1bMPiYYXq1hUVMG/lXYFxD1yZ/HLSi/8k+zERtn88GSRdgTuTETke
PTC7KcoG0SvzrFFwL7eZgIQcGrKxLu5E1bdEEEnOMtlU1DZvRQ41clvhLQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFpZH/3YJdgg2ozuvs/TbyVnjzdJMB8GA1UdIwQY
MBaAFFJiBBXSSQpew/aSW595BA6OIt2/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYt
ODgxNDg4ZmZkYmIwLzEvV2xrZl9kZ2wyQ0Rhak82LXo5TnZKV2VQTjBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYtODgxNDg4ZmZkYmIw
LzEvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHpskn6J9IuRcqqx41br
FkhMO5NLH1pFymo2lko0XuZ5VbtvwGUeOc3yIoljwa8gDU4mYYbxFDeVpi1ZAan/
gyYB66bEsZRRw6n6ztlDoB9Itbej5/Dr4ZK5iLuTyjYl1X1TlQARuo+rJSoMq8FK
lbsAy4kyvjL/WwY/BdwjSBch+jH959VPe5dSpGRu+yq/T8G6uwJ3X4BhRZS9T42l
4VF3N0g+RY86Q5nSe02t/ZKF8FkOTpxxjjjNS9nq0aDeHzFckamTDhVKJO2n3XGO
kbDh4rkJiZjaJqjzMEBm94kjSBl0b6YUYoXa/HlK2CKXzJXZzhuXRo670qU/42Bw
tZE=
-----END CERTIFICATE-----