Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/81bf03-695c-4bb1-a10c-e7edeba7b702/1/WTYKu26kIWjOTIQNkx9XhusumzA.roa
File:                     WTYKu26kIWjOTIQNkx9XhusumzA.roa (raw, json)
Hash identifier:          jdR1zGE/VerZVpVMdByTcrJDOg5A7+iJoxqGyTD0+wQ=
Subject key identifier:   59:36:0A:BB:6E:A4:21:68:CE:4C:84:0D:93:1F:57:86:EB:2E:9B:30
Certificate issuer:       /CN=a8c6ee76c4e8d94614e082505ffe8c991a24af8a
Certificate serial:       0194221FDEFB90CD641D2D2F125BBCA5AC1A
Authority key identifier: A8:C6:EE:76:C4:E8:D9:46:14:E0:82:50:5F:FE:8C:99:1A:24:AF:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qMbudsTo2UYU4IJQX_6MmRokr4o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/81bf03-695c-4bb1-a10c-e7edeba7b702/1/WTYKu26kIWjOTIQNkx9XhusumzA.roa
Signing time:             Wed 01 Jan 2025 13:48:21 +0000
ROA not before:           Wed 01 Jan 2025 13:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212125
IP address blocks:        2001:67c:2904::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/81bf03-695c-4bb1-a10c-e7edeba7b702/1/qMbudsTo2UYU4IJQX_6MmRokr4o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/81bf03-695c-4bb1-a10c-e7edeba7b702/1/qMbudsTo2UYU4IJQX_6MmRokr4o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qMbudsTo2UYU4IJQX_6MmRokr4o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:de:fb:90:cd:64:1d:2d:2f:12:5b:bc:a5:ac:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8c6ee76c4e8d94614e082505ffe8c991a24af8a
        Validity
            Not Before: Jan  1 13:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59360abb6ea42168ce4c840d931f5786eb2e9b30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a8:ba:88:c0:cb:54:5e:e8:30:c0:0e:39:45:
                    bf:2b:b2:09:33:67:41:0e:15:3b:96:e4:2e:fc:5b:
                    a8:cc:78:b0:6d:a5:39:df:4c:5c:aa:9e:f3:d6:35:
                    54:86:a7:d1:80:d4:b3:6b:ec:bc:75:73:fd:e5:d2:
                    1b:6a:d9:74:ed:11:3c:38:25:fb:2d:ab:ea:cd:d5:
                    42:dc:5b:93:2c:0c:c3:10:63:63:a0:bd:5a:ac:60:
                    92:22:5f:7e:05:89:08:e2:49:63:b9:ee:54:c1:f6:
                    57:6d:3a:1b:77:aa:11:0a:74:6c:19:6b:9d:94:4d:
                    4c:de:d1:7c:e7:eb:03:7a:ea:13:c0:24:0a:dc:50:
                    eb:2c:62:f7:07:0c:73:ad:0c:d7:ab:e4:38:c3:7a:
                    c3:93:d8:80:15:e1:72:be:f5:f5:a5:61:e2:95:38:
                    5e:05:e2:4f:f2:9b:9b:a5:21:6a:b3:66:3b:0e:96:
                    4b:aa:8a:b5:6b:44:2e:08:4b:79:d9:b4:a8:df:a5:
                    b1:01:fe:38:7b:26:7d:ad:b1:f3:df:2b:f1:0d:bd:
                    9b:f4:d6:70:e9:6b:3b:3f:19:1c:7a:8e:21:62:c6:
                    be:fa:ca:dd:56:1e:9f:55:4f:8f:c1:ea:df:68:c9:
                    19:9a:a1:ed:02:e4:a8:6f:b6:50:e5:1b:8e:c8:f7:
                    6d:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:36:0A:BB:6E:A4:21:68:CE:4C:84:0D:93:1F:57:86:EB:2E:9B:30
            X509v3 Authority Key Identifier:
                keyid:A8:C6:EE:76:C4:E8:D9:46:14:E0:82:50:5F:FE:8C:99:1A:24:AF:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qMbudsTo2UYU4IJQX_6MmRokr4o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/81bf03-695c-4bb1-a10c-e7edeba7b702/1/WTYKu26kIWjOTIQNkx9XhusumzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/81bf03-695c-4bb1-a10c-e7edeba7b702/1/qMbudsTo2UYU4IJQX_6MmRokr4o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2904::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:cf:f5:2e:47:2a:a1:0a:b1:09:3b:17:22:58:21:c9:74:9a:
         7d:e7:29:58:cb:2e:a9:bf:95:8e:e5:93:e9:93:9d:e6:bc:0b:
         22:67:eb:05:75:59:c6:54:84:0b:78:c4:21:ea:6f:46:a9:9b:
         86:b4:eb:94:ba:ec:35:92:af:1d:2e:58:3b:84:fa:09:ca:99:
         f2:d4:ef:54:c3:27:67:c8:96:3e:1a:63:ff:d6:f4:25:e6:64:
         09:43:05:3d:28:19:3e:69:b6:79:7d:c9:f1:60:0a:65:85:9d:
         9b:ab:ab:2d:62:0f:3d:15:e5:2b:3b:e9:97:73:69:a0:d8:a3:
         b8:48:b9:44:2c:cb:35:14:75:37:66:e0:bb:87:d9:c1:25:fe:
         10:80:31:f3:7f:18:a3:19:9e:de:cf:71:6a:93:10:90:ea:80:
         ac:31:e4:04:21:f4:68:cf:61:d5:03:3c:7c:88:0f:8f:e3:3b:
         69:a6:b9:15:24:dc:11:15:93:af:6f:01:33:32:0f:6f:74:bd:
         87:3f:ee:2c:1b:c0:ee:ff:59:6e:b1:c2:f0:30:ed:6d:be:a4:
         0d:39:b7:bc:12:01:7c:86:9e:d4:9b:b6:da:03:1c:f4:8d:2b:
         b8:e6:d2:ca:ff:33:aa:b8:de:a6:65:af:96:47:e9:9b:44:80:
         ca:75:5b:ce
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiH977kM1kHS0vElu8pawaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4YzZlZTc2YzRlOGQ5NDYxNGUwODI1MDVmZmU4Yzk5MWEy
NGFmOGEwHhcNMjUwMTAxMTM0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTM2MGFiYjZlYTQyMTY4Y2U0Yzg0MGQ5MzFmNTc4NmViMmU5YjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxqi6iMDLVF7oMMAOOUW/K7IJM2dB
DhU7luQu/FuozHiwbaU530xcqp7z1jVUhqfRgNSza+y8dXP95dIbatl07RE8OCX7
LavqzdVC3FuTLAzDEGNjoL1arGCSIl9+BYkI4kljue5UwfZXbTobd6oRCnRsGWud
lE1M3tF85+sDeuoTwCQK3FDrLGL3BwxzrQzXq+Q4w3rDk9iAFeFyvvX1pWHilThe
BeJP8pubpSFqs2Y7DpZLqoq1a0QuCEt52bSo36WxAf44eyZ9rbHz3yvxDb2b9NZw
6Ws7Pxkceo4hYsa++srdVh6fVU+PwerfaMkZmqHtAuSob7ZQ5RuOyPdtvQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFk2CrtupCFozkyEDZMfV4brLpswMB8GA1UdIwQY
MBaAFKjG7nbE6NlGFOCCUF/+jJkaJK+KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU1idWRzVG8yVVlVNElKUVhfNk1tUm9rcjRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi84MWJmMDMtNjk1Yy00YmIxLWExMGMt
ZTdlZGViYTdiNzAyLzEvV1RZS3UyNmtJV2pPVElRTmt4OVhodXN1bXpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi84MWJmMDMtNjk1Yy00YmIxLWExMGMtZTdlZGViYTdiNzAy
LzEvcU1idWRzVG8yVVlVNElKUVhfNk1tUm9rcjRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCkE
MA0GCSqGSIb3DQEBCwUAA4IBAQB0z/UuRyqhCrEJOxciWCHJdJp95ylYyy6pv5WO
5ZPpk53mvAsiZ+sFdVnGVIQLeMQh6m9GqZuGtOuUuuw1kq8dLlg7hPoJypny1O9U
wydnyJY+GmP/1vQl5mQJQwU9KBk+abZ5fcnxYAplhZ2bq6stYg89FeUrO+mXc2mg
2KO4SLlELMs1FHU3ZuC7h9nBJf4QgDHzfxijGZ7ez3FqkxCQ6oCsMeQEIfRoz2HV
Azx8iA+P4ztpprkVJNwRFZOvbwEzMg9vdL2HP+4sG8Du/1luscLwMO1tvqQNObe8
EgF8hp7Um7baAxz0jSu45tLK/zOquN6mZa+WR+mbRIDKdVvO
-----END CERTIFICATE-----