Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/wpKIrmZhwtmJN4WfRdx-fgK-kLA.roa
File:                     wpKIrmZhwtmJN4WfRdx-fgK-kLA.roa (raw, json)
Hash identifier:          jajo8L0eUNkEIDiWuOawfhfuoBPGrp4tqljchQhncCc=
Subject key identifier:   C2:92:88:AE:66:61:C2:D9:89:37:85:9F:45:DC:7E:7E:02:BE:90:B0
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019422FBE1B87168ECE0B114004AE73C4C2B
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/wpKIrmZhwtmJN4WfRdx-fgK-kLA.roa
Signing time:             Wed 01 Jan 2025 17:48:40 +0000
ROA not before:           Wed 01 Jan 2025 17:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207414
IP address blocks:        2a0c:9a40:8280::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:e1:b8:71:68:ec:e0:b1:14:00:4a:e7:3c:4c:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 17:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c29288ae6661c2d98937859f45dc7e7e02be90b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:71:71:08:0d:3f:4d:18:6c:06:46:7f:3f:04:
                    30:81:44:3f:fa:e0:ea:2f:ad:81:82:0b:5f:68:05:
                    68:81:58:7f:94:d1:4f:d0:b3:f5:9c:8f:48:ca:0a:
                    ae:5d:e9:90:d5:17:a7:c5:0e:67:70:3c:92:14:cb:
                    53:5f:92:0c:17:9a:ed:8a:fa:41:a2:cd:69:0b:f6:
                    08:01:40:c0:07:e6:31:2c:ed:c4:19:59:c3:f4:52:
                    39:8e:b6:8b:6b:b1:b2:eb:18:47:96:78:b6:e8:78:
                    ac:56:30:84:ce:b2:34:cf:69:fe:06:f6:d3:bf:c1:
                    a1:1e:16:70:53:bf:50:af:95:dd:32:31:63:d3:66:
                    22:ea:93:50:df:82:bb:43:98:b2:03:a3:50:64:a7:
                    6e:68:c8:d9:cc:d8:3f:3e:e6:d5:83:a6:83:06:83:
                    6d:cb:31:52:59:14:7a:fc:7f:cc:ab:02:cc:83:92:
                    6a:1e:4e:c0:16:9c:73:60:1c:b2:e5:f9:e4:7f:3c:
                    a7:c3:9e:06:63:e3:c8:08:56:d0:ec:d8:d9:bf:f4:
                    7c:e2:17:24:90:b8:1c:0a:42:d4:65:c3:9b:24:bd:
                    1a:70:46:c8:a1:a4:2d:e3:30:12:4d:e8:38:d4:8d:
                    30:a8:39:e1:9a:cb:80:82:0c:0b:cd:aa:7b:ff:81:
                    fb:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:92:88:AE:66:61:C2:D9:89:37:85:9F:45:DC:7E:7E:02:BE:90:B0
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/wpKIrmZhwtmJN4WfRdx-fgK-kLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8280::/48

    Signature Algorithm: sha256WithRSAEncryption
         cb:cb:9c:b6:29:03:6b:fb:9a:04:13:7e:33:35:fe:2b:fb:b4:
         a1:25:20:63:c4:e4:9c:a2:e6:ad:47:9d:e5:af:df:f9:77:64:
         48:eb:76:d8:73:89:10:3c:8b:fa:64:02:67:a4:e1:e0:85:3a:
         ff:67:34:4d:3a:f6:b7:b0:24:5f:59:72:d6:f5:99:91:b2:1c:
         34:6f:30:cb:dc:b3:21:4d:e9:b1:f5:8b:07:4b:76:63:45:a6:
         8c:39:34:e5:70:7b:36:bc:7e:04:0c:57:9e:85:95:ce:f0:2b:
         8e:8f:fc:37:5b:82:91:07:78:89:5d:31:24:16:fa:bf:ee:95:
         0a:9c:55:ba:34:ea:71:6b:ab:b6:e8:3b:c0:de:02:60:ff:ef:
         c8:7b:be:f0:5d:f3:96:2d:04:49:53:fa:15:5d:22:d8:2d:8e:
         a3:c5:1b:84:f3:42:eb:3c:ed:62:2d:08:0b:35:8b:bb:cf:c5:
         15:7b:eb:4d:3d:f6:b6:5e:a6:27:fe:13:82:37:c9:0b:6d:64:
         10:dd:70:dc:f5:0b:12:ee:e4:b4:9b:80:39:15:0d:29:d6:fc:
         e3:b7:84:ef:8e:8c:88:9a:9b:17:b9:f1:75:7e:28:8c:56:e3:
         b1:5e:5b:93:67:84:a3:1e:ef:ef:4d:22:dc:ad:8c:87:0d:16:
         5c:9f:a3:f6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi++G4cWjs4LEUAErnPEwrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwMTAxMTc0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjkyODhhZTY2NjFjMmQ5ODkzNzg1OWY0NWRjN2U3ZTAyYmU5MGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnFxCA0/TRhsBkZ/PwQwgUQ/+uDq
L62BggtfaAVogVh/lNFP0LP1nI9IygquXemQ1RenxQ5ncDySFMtTX5IMF5rtivpB
os1pC/YIAUDAB+YxLO3EGVnD9FI5jraLa7Gy6xhHlni26HisVjCEzrI0z2n+BvbT
v8GhHhZwU79Qr5XdMjFj02Yi6pNQ34K7Q5iyA6NQZKduaMjZzNg/PubVg6aDBoNt
yzFSWRR6/H/MqwLMg5JqHk7AFpxzYByy5fnkfzynw54GY+PICFbQ7NjZv/R84hck
kLgcCkLUZcObJL0acEbIoaQt4zASTeg41I0wqDnhmsuAggwLzap7/4H7OwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMKSiK5mYcLZiTeFn0Xcfn4CvpCwMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvd3BLSXJtWmh3dG1KTjRXZlJkeC1mZ0sta0xBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIKA
MA0GCSqGSIb3DQEBCwUAA4IBAQDLy5y2KQNr+5oEE34zNf4r+7ShJSBjxOScouat
R53lr9/5d2RI63bYc4kQPIv6ZAJnpOHghTr/ZzRNOva3sCRfWXLW9ZmRshw0bzDL
3LMhTemx9YsHS3ZjRaaMOTTlcHs2vH4EDFeehZXO8CuOj/w3W4KRB3iJXTEkFvq/
7pUKnFW6NOpxa6u26DvA3gJg/+/Ie77wXfOWLQRJU/oVXSLYLY6jxRuE80LrPO1i
LQgLNYu7z8UVe+tNPfa2XqYn/hOCN8kLbWQQ3XDc9QsS7uS0m4A5FQ0p1vzjt4Tv
joyImpsXufF1fiiMVuOxXluTZ4SjHu/vTSLcrYyHDRZcn6P2
-----END CERTIFICATE-----