Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/wackxg843szAJDW3YTcC-GuxdM0.roa
File:                     wackxg843szAJDW3YTcC-GuxdM0.roa (raw, json)
Hash identifier:          +v9nhCSaoE2Niqmv8s/yOSkoRvQZ5BpadKRFSImJdxg=
Subject key identifier:   C1:A7:24:C6:0F:38:DE:CC:C0:24:35:B7:61:37:02:F8:6B:B1:74:CD
Certificate issuer:       /CN=855be74d09d9b05251dad2c9696793c04b40f241
Certificate serial:       0194206826D66675B21272814F5EE483C213
Authority key identifier: 85:5B:E7:4D:09:D9:B0:52:51:DA:D2:C9:69:67:93:C0:4B:40:F2:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hVvnTQnZsFJR2tLJaWeTwEtA8kE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/wackxg843szAJDW3YTcC-GuxdM0.roa
Signing time:             Wed 01 Jan 2025 05:48:03 +0000
ROA not before:           Wed 01 Jan 2025 05:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     945
IP address blocks:        2a12:7c7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/hVvnTQnZsFJR2tLJaWeTwEtA8kE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/hVvnTQnZsFJR2tLJaWeTwEtA8kE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hVvnTQnZsFJR2tLJaWeTwEtA8kE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:26:d6:66:75:b2:12:72:81:4f:5e:e4:83:c2:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=855be74d09d9b05251dad2c9696793c04b40f241
        Validity
            Not Before: Jan  1 05:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1a724c60f38deccc02435b7613702f86bb174cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:49:02:a7:3d:da:ca:f0:1b:0b:a5:f5:7f:42:
                    67:93:0c:28:4f:88:97:41:26:2a:3f:15:6f:8c:1d:
                    a9:84:ed:15:91:b1:a1:28:68:0b:da:d2:b8:f1:75:
                    01:ff:2e:89:76:1b:85:ac:ee:61:6a:68:a0:ac:26:
                    d7:42:f6:52:60:a7:37:17:c8:a9:48:5d:ac:46:a2:
                    05:82:65:d2:b2:29:0d:3e:f1:b6:c6:9c:f8:23:8e:
                    e3:88:59:73:ad:f5:fc:de:5b:1b:6f:ee:20:e4:02:
                    d7:e5:c9:c3:d0:dd:1b:40:ba:af:4e:ba:cf:8d:75:
                    b8:08:6b:2c:b5:4d:14:1d:69:3b:83:db:0c:01:bd:
                    4a:54:88:9a:11:3d:94:47:0f:36:45:fe:23:fd:05:
                    67:26:c5:f1:95:c1:5c:ab:a1:e7:a8:6e:5a:26:7d:
                    7c:6b:1d:e4:8d:d6:be:26:26:3a:76:bc:f3:2a:5d:
                    ba:1f:36:92:71:ca:10:11:a1:1c:df:6a:2a:0c:c6:
                    88:89:ee:8b:d2:38:09:48:ac:7a:09:86:76:09:72:
                    d1:6f:d5:b2:57:19:c1:f8:90:ce:56:7e:0a:17:27:
                    0e:53:b5:f8:9d:a8:33:ef:44:39:15:12:41:0b:cf:
                    51:cf:b8:75:a6:dc:39:77:b2:8f:d8:c1:e5:5f:0d:
                    3a:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:A7:24:C6:0F:38:DE:CC:C0:24:35:B7:61:37:02:F8:6B:B1:74:CD
            X509v3 Authority Key Identifier:
                keyid:85:5B:E7:4D:09:D9:B0:52:51:DA:D2:C9:69:67:93:C0:4B:40:F2:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hVvnTQnZsFJR2tLJaWeTwEtA8kE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/wackxg843szAJDW3YTcC-GuxdM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/48d092-a76c-4c28-b84b-39ad80f542a0/1/hVvnTQnZsFJR2tLJaWeTwEtA8kE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:7c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:d3:f9:0b:1b:dd:23:e0:9b:17:ed:2c:fd:5c:47:a7:70:40:
         27:0d:f8:24:39:71:2b:e3:34:4f:db:66:ce:d1:38:fb:b0:82:
         7e:10:2d:c0:f1:1a:1f:2b:98:14:c4:f1:70:98:03:be:7d:c2:
         09:d9:dd:74:cb:21:32:00:fc:53:d2:c9:f6:30:2c:48:33:92:
         20:3e:b7:36:9f:b8:ff:62:65:ce:9f:cb:a1:82:f3:0b:61:9f:
         fa:42:1a:4d:15:6b:7d:0e:0f:86:2b:03:84:47:af:54:32:60:
         4d:9f:34:5f:8c:ff:e6:19:35:24:d4:d3:45:af:4e:c5:8b:ec:
         60:4e:b9:a8:1b:c0:43:bf:b5:b7:ed:35:40:17:75:f8:47:41:
         5e:4b:bf:d7:c5:3b:d6:f2:86:8f:c9:33:ba:47:ca:8c:2c:c1:
         0c:86:b9:c9:15:aa:8f:48:cc:8c:63:87:5e:db:06:3b:7a:1c:
         30:9f:9d:e9:ec:b5:02:3f:e4:ae:1f:ac:1e:5e:94:26:46:a5:
         ef:f2:aa:ab:3f:0a:c7:05:d9:95:06:6e:41:b4:56:68:b5:21:
         8a:15:1a:62:49:b9:3b:61:9c:67:5c:4f:27:3d:70:22:87:c9:
         c8:92:7d:b6:f3:4e:1e:cb:fb:2b:40:ac:ee:2d:ed:01:60:48:
         85:5e:46:ff
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQgaCbWZnWyEnKBT17kg8ITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NWJlNzRkMDlkOWIwNTI1MWRhZDJjOTY5Njc5M2MwNGI0
MGYyNDEwHhcNMjUwMTAxMDU0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWE3MjRjNjBmMzhkZWNjYzAyNDM1Yjc2MTM3MDJmODZiYjE3NGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskkCpz3ayvAbC6X1f0JnkwwoT4iX
QSYqPxVvjB2phO0VkbGhKGgL2tK48XUB/y6JdhuFrO5hamigrCbXQvZSYKc3F8ip
SF2sRqIFgmXSsikNPvG2xpz4I47jiFlzrfX83lsbb+4g5ALX5cnD0N0bQLqvTrrP
jXW4CGsstU0UHWk7g9sMAb1KVIiaET2URw82Rf4j/QVnJsXxlcFcq6HnqG5aJn18
ax3kjda+JiY6drzzKl26HzaSccoQEaEc32oqDMaIie6L0jgJSKx6CYZ2CXLRb9Wy
VxnB+JDOVn4KFycOU7X4nagz70Q5FRJBC89Rz7h1ptw5d7KP2MHlXw06fQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMGnJMYPON7MwCQ1t2E3AvhrsXTNMB8GA1UdIwQY
MBaAFIVb500J2bBSUdrSyWlnk8BLQPJBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFZ2blRRblpzRkpSMnRMSmFXZVR3RXRBOGtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC80OGQwOTItYTc2Yy00YzI4LWI4NGIt
MzlhZDgwZjU0MmEwLzEvd2Fja3hnODQzc3pBSkRXM1lUY0MtR3V4ZE0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC80OGQwOTItYTc2Yy00YzI4LWI4NGItMzlhZDgwZjU0MmEw
LzEvaFZ2blRRblpzRkpSMnRMSmFXZVR3RXRBOGtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhIHxzAN
BgkqhkiG9w0BAQsFAAOCAQEAXNP5CxvdI+CbF+0s/VxHp3BAJw34JDlxK+M0T9tm
ztE4+7CCfhAtwPEaHyuYFMTxcJgDvn3CCdnddMshMgD8U9LJ9jAsSDOSID63Np+4
/2Jlzp/LoYLzC2Gf+kIaTRVrfQ4PhisDhEevVDJgTZ80X4z/5hk1JNTTRa9OxYvs
YE65qBvAQ7+1t+01QBd1+EdBXku/18U71vKGj8kzukfKjCzBDIa5yRWqj0jMjGOH
XtsGO3ocMJ+d6ey1Aj/krh+sHl6UJkal7/Kqqz8KxwXZlQZuQbRWaLUhihUaYkm5
O2GcZ1xPJz1wIofJyJJ9tvNOHsv7K0Cs7i3tAWBIhV5G/w==
-----END CERTIFICATE-----