Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/f7f0f2-479e-4f03-baa2-061ed9371475/1/wv3F4MbyXPoA7m84oaMfnBqFN2A.roa
File:                     wv3F4MbyXPoA7m84oaMfnBqFN2A.roa (raw, json)
Hash identifier:          K9gKYg4Hy2FQXO/4QsDi50L6663tp9SgINKN2m+cLAw=
Subject key identifier:   C2:FD:C5:E0:C6:F2:5C:FA:00:EE:6F:38:A1:A3:1F:9C:1A:85:37:60
Certificate issuer:       /CN=7575d53db822d25db827d0377cbeb06d2ca41acb
Certificate serial:       018FC4863C09136A911B163A117FFB9E667C
Authority key identifier: 75:75:D5:3D:B8:22:D2:5D:B8:27:D0:37:7C:BE:B0:6D:2C:A4:1A:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXXVPbgi0l24J9A3fL6wbSykGss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/f7f0f2-479e-4f03-baa2-061ed9371475/1/wv3F4MbyXPoA7m84oaMfnBqFN2A.roa
Signing time:             Wed 29 May 2024 13:24:42 +0000
ROA not before:           Wed 29 May 2024 13:24:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214812
IP address blocks:        212.5.58.0/24 maxlen: 24
                          2a13:a2c0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/f7f0f2-479e-4f03-baa2-061ed9371475/1/dXXVPbgi0l24J9A3fL6wbSykGss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/f7f0f2-479e-4f03-baa2-061ed9371475/1/dXXVPbgi0l24J9A3fL6wbSykGss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXXVPbgi0l24J9A3fL6wbSykGss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 16:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c4:86:3c:09:13:6a:91:1b:16:3a:11:7f:fb:9e:66:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7575d53db822d25db827d0377cbeb06d2ca41acb
        Validity
            Not Before: May 29 13:24:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2fdc5e0c6f25cfa00ee6f38a1a31f9c1a853760
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:19:0b:3b:0f:21:b0:56:87:76:50:2d:67:49:
                    fa:67:68:b1:1c:d8:72:83:a6:7e:86:b2:63:2c:3e:
                    40:1c:3f:0c:67:34:cb:8a:07:6a:77:1d:39:2c:64:
                    cf:25:c8:18:e1:e1:49:87:9d:cc:a7:e4:3b:ab:5d:
                    ab:4e:ef:9e:44:b5:4d:07:ad:8e:13:85:ea:26:fe:
                    c3:77:f1:9e:a7:28:d5:a7:73:84:3e:10:f2:c5:1f:
                    f2:69:a6:6a:a1:8c:fd:a9:db:78:34:20:36:6f:b6:
                    bd:ca:e3:d0:ee:85:33:d9:d2:3e:dc:73:8e:02:54:
                    93:e3:0d:5f:91:24:b3:bb:9a:bc:b4:40:fa:71:71:
                    d8:b1:8f:87:7e:b0:d5:2e:24:6d:3a:1d:02:16:ba:
                    71:17:75:1c:63:e7:eb:9d:9a:f2:bc:13:d3:72:60:
                    35:6a:2d:86:76:c5:37:08:b5:f9:5d:ca:6e:9e:1d:
                    46:c5:9a:f0:ad:be:62:77:09:ab:24:03:c0:8a:53:
                    77:9e:7d:cc:10:9d:a1:ed:1e:af:ea:43:0c:58:9e:
                    a1:3e:49:6d:1a:df:d8:23:31:c1:02:2f:45:fc:bc:
                    d6:96:70:23:a6:23:40:12:6c:f8:c7:2f:55:9f:6a:
                    87:28:f4:c5:25:88:e9:5b:d0:fb:7c:14:55:b9:8d:
                    9b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:FD:C5:E0:C6:F2:5C:FA:00:EE:6F:38:A1:A3:1F:9C:1A:85:37:60
            X509v3 Authority Key Identifier:
                keyid:75:75:D5:3D:B8:22:D2:5D:B8:27:D0:37:7C:BE:B0:6D:2C:A4:1A:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXXVPbgi0l24J9A3fL6wbSykGss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/f7f0f2-479e-4f03-baa2-061ed9371475/1/wv3F4MbyXPoA7m84oaMfnBqFN2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/f7f0f2-479e-4f03-baa2-061ed9371475/1/dXXVPbgi0l24J9A3fL6wbSykGss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.5.58.0/24
                IPv6:
                  2a13:a2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1a:55:76:32:79:2a:34:ef:89:90:9d:46:38:22:92:2a:17:76:
         db:39:70:e4:45:74:0c:b8:65:75:58:e4:42:50:41:c0:15:59:
         26:02:f9:8c:6f:0a:21:bc:82:98:3e:fc:a2:66:33:47:2f:63:
         a0:cc:96:46:58:e8:ba:83:0d:ee:11:70:b5:ee:b3:45:b3:f5:
         9a:52:df:59:8e:54:1e:40:70:09:c5:6b:2d:ea:be:eb:51:f3:
         94:9c:50:02:4a:59:19:28:4d:38:a5:36:63:f2:bb:31:9c:69:
         67:8c:de:d6:5e:9f:5c:26:a2:cf:e3:91:af:ed:3a:a7:2a:66:
         10:9b:58:20:1f:5e:be:65:13:d1:7c:8c:67:58:76:d5:47:8f:
         c3:59:28:7d:17:90:52:47:56:be:e3:8a:e7:50:77:10:d3:78:
         4d:50:79:59:31:cb:c9:a0:c2:e3:70:f4:a5:8a:ad:3c:eb:7d:
         80:bf:6b:4e:2d:dc:0f:ca:43:30:88:30:83:49:99:b0:dc:3b:
         4a:b6:bf:63:5c:49:e1:e9:75:0a:7e:9f:1d:3b:67:28:d7:ad:
         80:1e:55:f8:a9:08:cf:c1:69:f5:da:02:67:52:f3:a2:8a:4e:
         6f:e9:02:32:08:08:c7:c0:a2:8a:7a:74:67:ce:bd:42:2b:f4:
         12:3a:81:bd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY/EhjwJE2qRGxY6EX/7nmZ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1NzVkNTNkYjgyMmQyNWRiODI3ZDAzNzdjYmViMDZkMmNh
NDFhY2IwHhcNMjQwNTI5MTMyNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmZkYzVlMGM2ZjI1Y2ZhMDBlZTZmMzhhMWEzMWY5YzFhODUzNzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxkLOw8hsFaHdlAtZ0n6Z2ixHNhy
g6Z+hrJjLD5AHD8MZzTLigdqdx05LGTPJcgY4eFJh53Mp+Q7q12rTu+eRLVNB62O
E4XqJv7Dd/GepyjVp3OEPhDyxR/yaaZqoYz9qdt4NCA2b7a9yuPQ7oUz2dI+3HOO
AlST4w1fkSSzu5q8tED6cXHYsY+HfrDVLiRtOh0CFrpxF3UcY+frnZryvBPTcmA1
ai2GdsU3CLX5Xcpunh1GxZrwrb5idwmrJAPAilN3nn3MEJ2h7R6v6kMMWJ6hPklt
Gt/YIzHBAi9F/LzWlnAjpiNAEmz4xy9Vn2qHKPTFJYjpW9D7fBRVuY2bwwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFML9xeDG8lz6AO5vOKGjH5wahTdgMB8GA1UdIwQY
MBaAFHV11T24ItJduCfQN3y+sG0spBrLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFhYVlBiZ2kwbDI0SjlBM2ZMNndiU3lrR3NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9mN2YwZjItNDc5ZS00ZjAzLWJhYTIt
MDYxZWQ5MzcxNDc1LzEvd3YzRjRNYnlYUG9BN204NG9hTWZuQnFGTjJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9mN2YwZjItNDc5ZS00ZjAzLWJhYTItMDYxZWQ5MzcxNDc1
LzEvZFhYVlBiZ2kwbDI0SjlBM2ZMNndiU3lrR3NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1AU6MA0E
AgACMAcDBQMqE6LAMA0GCSqGSIb3DQEBCwUAA4IBAQAaVXYyeSo074mQnUY4IpIq
F3bbOXDkRXQMuGV1WORCUEHAFVkmAvmMbwohvIKYPvyiZjNHL2OgzJZGWOi6gw3u
EXC17rNFs/WaUt9ZjlQeQHAJxWst6r7rUfOUnFACSlkZKE04pTZj8rsxnGlnjN7W
Xp9cJqLP45Gv7TqnKmYQm1ggH16+ZRPRfIxnWHbVR4/DWSh9F5BSR1a+44rnUHcQ
03hNUHlZMcvJoMLjcPSliq08632Av2tOLdwPykMwiDCDSZmw3DtKtr9jXEnh6XUK
fp8dO2co162AHlX4qQjPwWn12gJnUvOiik5v6QIyCAjHwKKKenRnzr1CK/QSOoG9
-----END CERTIFICATE-----