Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/WImvYwLdfJvu9q5O0TdgiIN2PIg.roa
File:                     WImvYwLdfJvu9q5O0TdgiIN2PIg.roa (raw, json)
Hash identifier:          EZjzXb6omdrVH75iH1DsYiFyXP1diE9h0yr+QLYvMa8=
Subject key identifier:   58:89:AF:63:02:DD:7C:9B:EE:F6:AE:4E:D1:37:60:88:83:76:3C:88
Certificate issuer:       /CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
Certificate serial:       018CC6B7B1EF9343659D3BBA343F6EA626AE
Authority key identifier: 38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/WImvYwLdfJvu9q5O0TdgiIN2PIg.roa
Signing time:             Mon 01 Jan 2024 20:29:36 +0000
ROA not before:           Mon 01 Jan 2024 20:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212981
IP address blocks:        2a0a:d6c0:186::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b1:ef:93:43:65:9d:3b:ba:34:3f:6e:a6:26:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=387d6df7eb7542e0333aeedd14adff8f51f8cbd8
        Validity
            Not Before: Jan  1 20:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5889af6302dd7c9beef6ae4ed137608883763c88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:fa:c0:6d:df:46:d9:4a:f8:15:4e:1e:8b:1e:
                    cf:48:35:fd:b0:d9:2f:b7:33:44:e5:a9:c6:ec:84:
                    6e:ab:96:43:29:0e:7a:da:fa:c5:70:80:f6:63:49:
                    b2:18:b5:87:67:5f:73:e8:18:24:3b:59:96:eb:5b:
                    fc:5a:8e:db:25:21:e6:24:16:07:ba:a4:34:b5:44:
                    52:ed:a3:25:6c:5e:83:e2:2d:ee:ec:7e:b8:74:df:
                    55:79:03:a3:5d:67:fa:25:75:c3:cd:2a:ff:8b:ba:
                    d1:ec:59:c9:21:d1:72:87:5b:65:26:75:ad:5e:13:
                    2c:d3:89:42:5e:64:92:7f:f9:8d:94:b0:26:89:6f:
                    87:59:08:3e:1d:91:3f:c4:a8:b6:21:88:80:d5:d0:
                    f1:76:c5:cf:69:ce:a2:3d:7f:fa:4f:ac:1b:4e:3a:
                    98:f7:ed:90:ce:96:62:bf:6e:47:bc:f6:97:c8:39:
                    58:eb:af:ed:4e:de:33:d7:db:2d:44:2e:75:b9:5b:
                    66:3d:85:74:e1:ca:03:da:19:d6:b6:ff:14:b0:a8:
                    69:e1:af:f2:ee:c9:79:0e:2c:2b:e9:8c:58:f5:9e:
                    6d:2b:32:f7:1d:be:8a:c9:6d:51:50:b7:99:13:e8:
                    92:af:2e:2a:5a:96:c1:8a:b9:4a:76:8f:61:d0:f5:
                    57:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:89:AF:63:02:DD:7C:9B:EE:F6:AE:4E:D1:37:60:88:83:76:3C:88
            X509v3 Authority Key Identifier:
                keyid:38:7D:6D:F7:EB:75:42:E0:33:3A:EE:DD:14:AD:FF:8F:51:F8:CB:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OH1t9-t1QuAzOu7dFK3_j1H4y9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/WImvYwLdfJvu9q5O0TdgiIN2PIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/d4a89c-54b2-445b-bb7c-609a48b2b14d/1/OH1t9-t1QuAzOu7dFK3_j1H4y9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:d6c0:186::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:b1:55:b1:88:1a:13:82:e2:22:1f:4c:5b:0f:a1:50:45:b2:
         49:3e:89:84:44:5d:60:07:3a:00:43:2a:90:17:b9:d7:1c:7b:
         7b:0e:d4:7d:fd:a5:d7:29:ff:6c:c1:e5:0e:a2:80:1b:98:d0:
         9f:48:d7:a9:4a:a0:85:c0:5f:84:c8:0d:13:d1:64:ad:b4:2a:
         2c:f9:be:6d:f9:f5:14:de:50:d9:09:ce:b5:fa:d9:07:56:33:
         6e:9b:dd:1b:af:cf:b8:e3:1e:1c:4c:73:a2:0b:16:2a:46:9e:
         6b:d8:de:57:80:d1:a6:f3:32:b1:78:b2:af:b1:a3:ae:52:8d:
         c2:f1:ae:48:64:e4:48:59:50:01:d3:c2:e3:a7:f0:b7:84:a8:
         1b:e4:2d:21:37:3f:ec:9f:9a:66:6a:37:7c:3a:dc:57:4c:48:
         a9:cb:49:a9:35:19:68:53:35:69:83:18:e9:b4:71:4e:30:11:
         2e:0f:b4:33:b7:79:9b:b1:8b:13:92:46:90:f8:a9:d0:47:76:
         e7:44:89:ba:25:c8:d3:c4:17:7f:06:72:bd:83:72:e4:83:c3:
         f1:f1:c8:a5:f1:5d:92:99:81:37:9b:61:a4:3b:55:3f:fe:32:
         ab:26:b2:3f:c9:25:24:ef:a6:f4:ba:a0:ea:0d:fd:0f:4f:35:
         f8:1d:0f:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGt7Hvk0NlnTu6ND9upiauMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4N2Q2ZGY3ZWI3NTQyZTAzMzNhZWVkZDE0YWRmZjhmNTFm
OGNiZDgwHhcNMjQwMTAxMjAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODg5YWY2MzAyZGQ3YzliZWVmNmFlNGVkMTM3NjA4ODgzNzYzYzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPrAbd9G2Ur4FU4eix7PSDX9sNkv
tzNE5anG7IRuq5ZDKQ562vrFcID2Y0myGLWHZ19z6BgkO1mW61v8Wo7bJSHmJBYH
uqQ0tURS7aMlbF6D4i3u7H64dN9VeQOjXWf6JXXDzSr/i7rR7FnJIdFyh1tlJnWt
XhMs04lCXmSSf/mNlLAmiW+HWQg+HZE/xKi2IYiA1dDxdsXPac6iPX/6T6wbTjqY
9+2QzpZiv25HvPaXyDlY66/tTt4z19stRC51uVtmPYV04coD2hnWtv8UsKhp4a/y
7sl5Diwr6YxY9Z5tKzL3Hb6KyW1RULeZE+iSry4qWpbBirlKdo9h0PVXjwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFiJr2MC3Xyb7vauTtE3YIiDdjyIMB8GA1UdIwQY
MBaAFDh9bffrdULgMzru3RSt/49R+MvYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2Mt
NjA5YTQ4YjJiMTRkLzEvV0ltdll3TGRmSnZ1OXE1TzBUZGdpSU4yUElnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9kNGE4OWMtNTRiMi00NDViLWJiN2MtNjA5YTQ4YjJiMTRk
LzEvT0gxdDktdDFRdUF6T3U3ZEZLM19qMUg0eTlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgrWwAGG
MA0GCSqGSIb3DQEBCwUAA4IBAQCFsVWxiBoTguIiH0xbD6FQRbJJPomERF1gBzoA
QyqQF7nXHHt7DtR9/aXXKf9sweUOooAbmNCfSNepSqCFwF+EyA0T0WSttCos+b5t
+fUU3lDZCc61+tkHVjNum90br8+44x4cTHOiCxYqRp5r2N5XgNGm8zKxeLKvsaOu
Uo3C8a5IZORIWVAB08Ljp/C3hKgb5C0hNz/sn5pmajd8OtxXTEipy0mpNRloUzVp
gxjptHFOMBEuD7Qzt3mbsYsTkkaQ+KnQR3bnRIm6JcjTxBd/BnK9g3Lkg8Px8cil
8V2SmYE3m2GkO1U//jKrJrI/ySUk76b0uqDqDf0PTzX4HQ+l
-----END CERTIFICATE-----