Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/24149d-d115-4330-bd49-cb56ed3ea7fa/1/Wa2qrWGzHE75TYooHE6ALHQZdqc.roa
File:                     Wa2qrWGzHE75TYooHE6ALHQZdqc.roa (raw, json)
Hash identifier:          ptgNr2CBJfdDIAoa2ybwTJjBusIU6LT5OJDDd2QdEH4=
Subject key identifier:   59:AD:AA:AD:61:B3:1C:4E:F9:4D:8A:28:1C:4E:80:2C:74:19:76:A7
Certificate issuer:       /CN=dc1089c942b68033683b4dd506c0c36f74be0ea3
Certificate serial:       018CC348D4F181BCD4F19AE096A4F3164537
Authority key identifier: DC:10:89:C9:42:B6:80:33:68:3B:4D:D5:06:C0:C3:6F:74:BE:0E:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3BCJyUK2gDNoO03VBsDDb3S-DqM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/24149d-d115-4330-bd49-cb56ed3ea7fa/1/Wa2qrWGzHE75TYooHE6ALHQZdqc.roa
Signing time:             Mon 01 Jan 2024 04:29:39 +0000
ROA not before:           Mon 01 Jan 2024 04:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26073
IP address blocks:        2a09:a446:1337::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/24149d-d115-4330-bd49-cb56ed3ea7fa/1/3BCJyUK2gDNoO03VBsDDb3S-DqM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/24149d-d115-4330-bd49-cb56ed3ea7fa/1/3BCJyUK2gDNoO03VBsDDb3S-DqM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3BCJyUK2gDNoO03VBsDDb3S-DqM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:d4:f1:81:bc:d4:f1:9a:e0:96:a4:f3:16:45:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc1089c942b68033683b4dd506c0c36f74be0ea3
        Validity
            Not Before: Jan  1 04:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59adaaad61b31c4ef94d8a281c4e802c741976a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:35:7b:d8:de:87:bf:e6:ac:27:f3:0c:f0:ba:
                    dc:f7:8a:11:4c:ce:eb:5f:00:c0:b3:62:df:da:fe:
                    68:b1:99:46:08:d0:42:d4:97:27:e0:b3:4f:5f:ff:
                    00:19:7c:49:37:a2:6b:01:5c:ed:b5:80:e4:52:58:
                    c8:b3:2c:78:d0:ba:fa:1f:77:97:e4:1c:bc:bc:8e:
                    e4:63:52:b0:53:58:ea:21:2b:16:9a:9a:47:d9:1b:
                    42:43:99:86:5a:84:4d:ee:27:66:93:46:fc:f7:78:
                    9b:eb:9b:96:a9:3f:52:e2:78:3b:e5:78:6c:71:2e:
                    7c:d8:a5:f3:2e:6d:f8:f1:a3:fd:9b:53:5f:b8:3e:
                    f5:23:8b:eb:2d:2e:2d:6e:36:37:ef:3c:05:1f:7d:
                    70:f9:5c:35:5d:ac:05:a6:e8:4a:8b:47:19:d3:82:
                    f4:c2:24:c5:3d:4f:61:e1:da:0f:19:ae:c5:dd:93:
                    a3:a5:a2:d1:b9:08:0b:f5:4b:88:e3:e3:b1:8c:44:
                    ca:1c:1d:93:a6:50:fd:6d:44:0c:0d:df:b2:b1:4d:
                    84:f0:e4:13:da:51:a3:85:c1:d9:c0:41:69:76:0c:
                    dd:a3:6c:0e:6a:c9:6d:2c:1f:28:58:cd:e9:3f:c3:
                    14:2d:90:24:9f:22:e3:7c:01:69:45:5a:7e:f4:0e:
                    e5:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:AD:AA:AD:61:B3:1C:4E:F9:4D:8A:28:1C:4E:80:2C:74:19:76:A7
            X509v3 Authority Key Identifier:
                keyid:DC:10:89:C9:42:B6:80:33:68:3B:4D:D5:06:C0:C3:6F:74:BE:0E:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3BCJyUK2gDNoO03VBsDDb3S-DqM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/24149d-d115-4330-bd49-cb56ed3ea7fa/1/Wa2qrWGzHE75TYooHE6ALHQZdqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/24149d-d115-4330-bd49-cb56ed3ea7fa/1/3BCJyUK2gDNoO03VBsDDb3S-DqM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:a446:1337::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:1c:93:50:82:fe:6f:53:d9:90:f8:e3:6d:48:3b:fe:f8:a9:
         7f:12:bc:96:16:bb:6c:b7:17:e6:97:4c:1b:b5:c9:1a:5a:f0:
         fc:d8:36:48:8e:c4:df:02:88:3b:18:c0:19:e7:a1:cd:d5:58:
         f4:1e:01:c4:1a:1c:51:4d:eb:0a:84:d5:da:9c:1b:14:47:2a:
         6c:73:92:8f:db:23:e1:44:ef:a2:b8:1a:0a:6c:a5:14:4c:65:
         0e:48:96:aa:ff:98:bf:d8:2c:f7:99:c2:7f:d3:12:04:41:1b:
         9b:f0:56:85:fd:04:b1:b2:2e:d3:5b:7f:e2:8c:e5:e8:c1:2b:
         63:f1:07:b6:76:48:66:e2:58:6d:8e:c3:9e:d1:cf:71:21:4d:
         dc:d3:78:d9:e9:dd:7e:0e:91:24:d1:95:dc:3e:2b:35:3f:b7:
         5e:dd:9e:bf:c9:dd:47:52:73:b7:5b:6b:87:c8:d3:d7:2e:1a:
         56:1a:a4:e0:1c:e0:72:23:31:82:ba:21:a2:a0:93:37:fa:52:
         68:29:8f:01:81:09:92:fe:35:30:db:e6:94:82:88:c5:eb:e9:
         4d:b4:68:d3:3b:ee:d5:e8:00:98:d8:2d:84:e3:3d:29:dd:9d:
         f9:b9:41:da:3d:b0:37:6d:86:4e:30:27:84:c7:2e:cb:ca:20:
         2a:94:a4:15
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzDSNTxgbzU8ZrglqTzFkU3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMTA4OWM5NDJiNjgwMzM2ODNiNGRkNTA2YzBjMzZmNzRi
ZTBlYTMwHhcNMjQwMTAxMDQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWFkYWFhZDYxYjMxYzRlZjk0ZDhhMjgxYzRlODAyYzc0MTk3NmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDV72N6Hv+asJ/MM8Lrc94oRTM7r
XwDAs2Lf2v5osZlGCNBC1Jcn4LNPX/8AGXxJN6JrAVzttYDkUljIsyx40Lr6H3eX
5By8vI7kY1KwU1jqISsWmppH2RtCQ5mGWoRN7idmk0b893ib65uWqT9S4ng75Xhs
cS582KXzLm348aP9m1NfuD71I4vrLS4tbjY37zwFH31w+Vw1XawFpuhKi0cZ04L0
wiTFPU9h4doPGa7F3ZOjpaLRuQgL9UuI4+OxjETKHB2TplD9bUQMDd+ysU2E8OQT
2lGjhcHZwEFpdgzdo2wOasltLB8oWM3pP8MULZAknyLjfAFpRVp+9A7lYwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFmtqq1hsxxO+U2KKBxOgCx0GXanMB8GA1UdIwQY
MBaAFNwQiclCtoAzaDtN1QbAw290vg6jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JDSnlVSzJnRE5vTzAzVkJzRERiM1MtRHFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy8yNDE0OWQtZDExNS00MzMwLWJkNDkt
Y2I1NmVkM2VhN2ZhLzEvV2EycXJXR3pIRTc1VFlvb0hFNkFMSFFaZHFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy8yNDE0OWQtZDExNS00MzMwLWJkNDktY2I1NmVkM2VhN2Zh
LzEvM0JDSnlVSzJnRE5vTzAzVkJzRERiM1MtRHFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgmkRhM3
MA0GCSqGSIb3DQEBCwUAA4IBAQBDHJNQgv5vU9mQ+ONtSDv++Kl/EryWFrtstxfm
l0wbtckaWvD82DZIjsTfAog7GMAZ56HN1Vj0HgHEGhxRTesKhNXanBsURypsc5KP
2yPhRO+iuBoKbKUUTGUOSJaq/5i/2Cz3mcJ/0xIEQRub8FaF/QSxsi7TW3/ijOXo
wStj8Qe2dkhm4lhtjsOe0c9xIU3c03jZ6d1+DpEk0ZXcPis1P7de3Z6/yd1HUnO3
W2uHyNPXLhpWGqTgHOByIzGCuiGioJM3+lJoKY8BgQmS/jUw2+aUgojF6+lNtGjT
O+7V6ACY2C2E4z0p3Z35uUHaPbA3bYZOMCeExy7LyiAqlKQV
-----END CERTIFICATE-----