Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/2b9e29-d568-4d53-b128-488792388e5b/1/WNTF--ntYZk5T7z204PKRBzT1z8.roa
File:                     WNTF--ntYZk5T7z204PKRBzT1z8.roa (raw, json)
Hash identifier:          957yHdibkKXT/xHo9dn+lmoBuSSstIwOTIbyPi8X9Fs=
Subject key identifier:   58:D4:C5:FB:E9:ED:61:99:39:4F:BC:F6:D3:83:CA:44:1C:D3:D7:3F
Certificate issuer:       /CN=77d2d928423104e5c3480e21b4a3ed1498b2a27e
Certificate serial:       018CCA2BAA2450711EEE7BFF2AF4405AE597
Authority key identifier: 77:D2:D9:28:42:31:04:E5:C3:48:0E:21:B4:A3:ED:14:98:B2:A2:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d9LZKEIxBOXDSA4htKPtFJiyon4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/2b9e29-d568-4d53-b128-488792388e5b/1/WNTF--ntYZk5T7z204PKRBzT1z8.roa
Signing time:             Tue 02 Jan 2024 12:35:08 +0000
ROA not before:           Tue 02 Jan 2024 12:35:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62392
IP address blocks:        2001:67c:1810::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/2b9e29-d568-4d53-b128-488792388e5b/1/d9LZKEIxBOXDSA4htKPtFJiyon4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/2b9e29-d568-4d53-b128-488792388e5b/1/d9LZKEIxBOXDSA4htKPtFJiyon4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d9LZKEIxBOXDSA4htKPtFJiyon4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:aa:24:50:71:1e:ee:7b:ff:2a:f4:40:5a:e5:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77d2d928423104e5c3480e21b4a3ed1498b2a27e
        Validity
            Not Before: Jan  2 12:35:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58d4c5fbe9ed6199394fbcf6d383ca441cd3d73f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ff:54:46:d1:84:5d:df:84:20:13:8b:c1:d5:
                    8a:00:8a:99:67:2a:7e:ab:9c:08:f2:52:39:56:73:
                    71:2a:e1:55:d2:e6:fc:ac:1a:e5:cf:43:a8:f9:d8:
                    6c:51:a4:67:a6:70:3b:2b:9a:4f:93:a8:04:2d:fa:
                    a2:8b:65:94:bf:e5:ff:7a:5d:06:b3:75:51:4e:ba:
                    85:06:47:bd:6f:b7:7a:dd:f1:d4:52:17:6a:40:4d:
                    bc:b9:ab:49:fd:ce:c5:90:7f:d8:e5:c7:d1:05:7d:
                    11:71:fb:41:8b:fc:d4:d4:0c:b8:7a:1b:71:db:31:
                    a4:7b:dd:fd:57:45:f9:01:90:41:a7:83:1f:21:34:
                    6d:e8:8c:65:a7:48:3e:8d:79:fc:7d:b1:0e:f5:c2:
                    19:01:95:b5:17:fd:ce:c9:3f:ad:54:b2:23:53:25:
                    3f:4d:ba:39:e2:4b:de:7d:af:1b:72:05:7c:0b:70:
                    08:a5:f6:39:3b:b8:c1:2a:e1:db:60:ea:7a:81:b0:
                    ef:c2:25:42:ed:11:36:ed:a0:72:9e:e1:c6:d5:e3:
                    c4:7c:42:91:e0:ae:ba:58:7f:75:43:08:f6:af:b3:
                    1b:cf:a5:64:dd:f2:83:65:c1:44:bf:74:ec:8b:77:
                    b9:fa:af:79:17:79:6b:4b:81:83:f5:fe:8c:a8:cf:
                    51:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:D4:C5:FB:E9:ED:61:99:39:4F:BC:F6:D3:83:CA:44:1C:D3:D7:3F
            X509v3 Authority Key Identifier:
                keyid:77:D2:D9:28:42:31:04:E5:C3:48:0E:21:B4:A3:ED:14:98:B2:A2:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9LZKEIxBOXDSA4htKPtFJiyon4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/2b9e29-d568-4d53-b128-488792388e5b/1/WNTF--ntYZk5T7z204PKRBzT1z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/2b9e29-d568-4d53-b128-488792388e5b/1/d9LZKEIxBOXDSA4htKPtFJiyon4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1810::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:82:40:a0:50:d0:9c:2f:d9:03:d7:78:06:b7:b3:ea:2d:32:
         da:25:d0:6d:3e:37:69:4e:f1:8a:22:1c:37:72:ba:70:b2:e9:
         ae:9a:51:b1:22:95:10:b3:30:88:e7:9f:ad:25:d2:66:96:5b:
         a1:2a:02:79:27:36:1a:c6:78:a5:91:3f:ab:97:99:c4:86:cc:
         56:34:1e:98:47:ca:58:5c:c5:e9:b5:ed:41:22:06:3b:66:1d:
         0e:71:b3:0d:f9:96:6f:c8:ac:b1:4f:ce:a0:bb:82:27:c5:94:
         44:65:ed:21:b3:9d:94:bc:06:3d:5f:c3:c8:55:28:0d:48:67:
         b0:4f:de:54:28:9b:5e:af:d0:00:15:7f:ea:f3:52:28:0d:1d:
         27:fc:5d:4a:71:f4:e5:b8:eb:15:5e:7f:88:a1:01:b0:c8:e8:
         7e:dc:86:ae:bc:59:ee:d6:be:ef:52:95:e4:57:a3:98:b5:b3:
         46:e2:fd:45:48:ff:f9:f0:ae:b9:ac:e9:73:a7:db:0d:a5:89:
         00:c2:f8:e0:a8:58:91:fc:7a:2f:74:ba:0c:a3:cc:38:05:88:
         58:2c:bc:88:8f:0d:94:ca:e2:d7:c8:ec:e8:fa:36:74:cf:d6:
         fa:0b:c8:de:f3:f8:d4:4f:b2:94:c7:7a:0a:42:12:c5:1c:64:
         bc:ab:7c:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKK6okUHEe7nv/KvRAWuWXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZDJkOTI4NDIzMTA0ZTVjMzQ4MGUyMWI0YTNlZDE0OThi
MmEyN2UwHhcNMjQwMTAyMTIzNTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGQ0YzVmYmU5ZWQ2MTk5Mzk0ZmJjZjZkMzgzY2E0NDFjZDNkNzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnv9URtGEXd+EIBOLwdWKAIqZZyp+
q5wI8lI5VnNxKuFV0ub8rBrlz0Oo+dhsUaRnpnA7K5pPk6gELfqii2WUv+X/el0G
s3VRTrqFBke9b7d63fHUUhdqQE28uatJ/c7FkH/Y5cfRBX0RcftBi/zU1Ay4ehtx
2zGke939V0X5AZBBp4MfITRt6Ixlp0g+jXn8fbEO9cIZAZW1F/3OyT+tVLIjUyU/
Tbo54kvefa8bcgV8C3AIpfY5O7jBKuHbYOp6gbDvwiVC7RE27aBynuHG1ePEfEKR
4K66WH91Qwj2r7Mbz6Vk3fKDZcFEv3Tsi3e5+q95F3lrS4GD9f6MqM9RkwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFjUxfvp7WGZOU+89tODykQc09c/MB8GA1UdIwQY
MBaAFHfS2ShCMQTlw0gOIbSj7RSYsqJ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDlMWktFSXhCT1hEU0E0aHRLUHRGSml5b240LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS8yYjllMjktZDU2OC00ZDUzLWIxMjgt
NDg4NzkyMzg4ZTViLzEvV05URi0tbnRZWms1VDd6MjA0UEtSQnpUMXo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS8yYjllMjktZDU2OC00ZDUzLWIxMjgtNDg4NzkyMzg4ZTVi
LzEvZDlMWktFSXhCT1hEU0E0aHRLUHRGSml5b240LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBgQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAHgkCgUNCcL9kD13gGt7PqLTLaJdBtPjdpTvGK
Ihw3crpwsumumlGxIpUQszCI55+tJdJmlluhKgJ5JzYaxnilkT+rl5nEhsxWNB6Y
R8pYXMXpte1BIgY7Zh0OcbMN+ZZvyKyxT86gu4InxZREZe0hs52UvAY9X8PIVSgN
SGewT95UKJter9AAFX/q81IoDR0n/F1KcfTluOsVXn+IoQGwyOh+3IauvFnu1r7v
UpXkV6OYtbNG4v1FSP/58K65rOlzp9sNpYkAwvjgqFiR/HovdLoMo8w4BYhYLLyI
jw2UyuLXyOzo+jZ0z9b6C8je8/jUT7KUx3oKQhLFHGS8q3xK
-----END CERTIFICATE-----