Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/wwae6JCwUFau3DPtRWA4tcuswCA.roa
File:                     wwae6JCwUFau3DPtRWA4tcuswCA.roa (raw, json)
Hash identifier:          a1rOkO8Ktj7uzFofk4g1u5g/zqKUSrhosALYZchiLsU=
Subject key identifier:   C3:06:9E:E8:90:B0:50:56:AE:DC:33:ED:45:60:38:B5:CB:AC:C0:20
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       01903BF16707D9B401C423F4529DD0F6DAE8
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/wwae6JCwUFau3DPtRWA4tcuswCA.roa
Signing time:             Fri 21 Jun 2024 17:56:34 +0000
ROA not before:           Fri 21 Jun 2024 17:56:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49111
IP address blocks:        2a0e:98c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:09:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:3b:f1:67:07:d9:b4:01:c4:23:f4:52:9d:d0:f6:da:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jun 21 17:56:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3069ee890b05056aedc33ed456038b5cbacc020
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:bf:f4:c8:be:dc:e5:23:a5:69:d9:ac:0b:c6:
                    6f:73:30:a1:ac:78:e6:98:b5:1b:26:c1:74:b6:d8:
                    01:66:0c:07:28:e1:48:00:00:15:dc:a5:4f:96:6a:
                    ad:dc:f1:08:77:7f:29:b1:3b:22:f2:0b:e5:c6:bf:
                    39:6e:df:b9:52:b0:86:3e:ab:c2:4b:a4:cd:aa:19:
                    b5:3c:91:43:94:b5:4d:c1:7d:fb:60:f2:a7:90:2d:
                    65:b5:54:7b:46:2a:36:95:11:a8:38:f8:3a:cd:7c:
                    a7:6a:bc:82:f5:44:7c:51:26:b4:f0:38:83:39:2d:
                    c9:03:89:4c:4f:9f:3e:95:9a:42:ad:22:c2:84:02:
                    ae:05:d2:d6:73:b1:41:14:28:26:fe:ca:23:ab:29:
                    0f:ed:2d:bc:85:b4:13:89:19:05:4e:20:b1:93:c6:
                    df:19:23:bb:3f:54:c6:4a:84:10:b5:50:f9:09:4e:
                    d8:da:10:2c:94:66:5c:16:b1:28:d5:fd:9b:f7:a3:
                    ed:4d:a3:ad:89:9c:ff:c4:97:f2:30:a0:88:83:30:
                    35:af:fe:bd:43:0a:4c:49:3b:1b:a6:50:15:34:d9:
                    9d:4c:da:40:71:ce:f4:03:d6:08:7d:62:68:2f:28:
                    56:85:f7:70:2a:36:f9:b1:18:ad:45:62:9d:a8:f1:
                    b8:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:06:9E:E8:90:B0:50:56:AE:DC:33:ED:45:60:38:B5:CB:AC:C0:20
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/wwae6JCwUFau3DPtRWA4tcuswCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:98c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:30:d5:58:61:ff:7b:2e:f2:95:3c:df:9d:2e:d1:05:1b:3e:
         20:15:11:e5:c7:c3:14:b2:7b:93:ad:68:cd:39:d2:a8:83:38:
         1c:ce:af:51:c6:4a:05:42:bc:15:ab:97:d4:b6:f3:69:2b:d4:
         fe:e3:e6:bc:eb:66:d7:d0:4e:1a:8a:a1:eb:e4:4c:2e:6f:24:
         8f:52:3c:6c:d7:eb:08:67:db:f0:1c:27:2d:70:e4:63:f1:21:
         3f:86:40:c2:05:b6:89:18:3b:d2:6d:80:39:ed:34:d7:72:16:
         49:ea:b5:87:cf:a2:61:20:32:67:bf:a7:f3:9f:42:11:f6:27:
         bc:b4:42:bb:77:b5:1c:6b:4c:59:f5:98:85:62:3d:03:06:6c:
         e1:13:a3:90:d8:4b:57:11:2d:04:e8:16:8d:87:ee:1e:d8:1a:
         86:f9:28:9a:20:9c:21:a4:54:8d:9a:67:ea:98:11:5e:f6:c2:
         ad:15:08:8b:5d:a9:db:e4:3e:ac:53:91:1f:ac:bf:55:57:9b:
         f5:fe:06:b6:b7:45:f8:ec:23:2e:92:b8:64:08:21:6f:3e:26:
         e7:ac:23:9c:04:ab:01:a4:a5:ab:9c:8c:c7:42:f3:bc:4c:da:
         0f:d5:a9:41:cb:2f:39:07:68:4c:d3:d9:6e:64:86:ab:cb:23:
         68:a3:09:56
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZA78WcH2bQBxCP0Up3Q9troMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwNjIxMTc1NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzA2OWVlODkwYjA1MDU2YWVkYzMzZWQ0NTYwMzhiNWNiYWNjMDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb/0yL7c5SOladmsC8ZvczChrHjm
mLUbJsF0ttgBZgwHKOFIAAAV3KVPlmqt3PEId38psTsi8gvlxr85bt+5UrCGPqvC
S6TNqhm1PJFDlLVNwX37YPKnkC1ltVR7Rio2lRGoOPg6zXynaryC9UR8USa08DiD
OS3JA4lMT58+lZpCrSLChAKuBdLWc7FBFCgm/sojqykP7S28hbQTiRkFTiCxk8bf
GSO7P1TGSoQQtVD5CU7Y2hAslGZcFrEo1f2b96PtTaOtiZz/xJfyMKCIgzA1r/69
QwpMSTsbplAVNNmdTNpAcc70A9YIfWJoLyhWhfdwKjb5sRitRWKdqPG4/QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMMGnuiQsFBWrtwz7UVgOLXLrMAgMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvd3dhZTZKQ3dVRmF1M0RQdFJXQTR0Y3Vzd0NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg6YwDAN
BgkqhkiG9w0BAQsFAAOCAQEACDDVWGH/ey7ylTzfnS7RBRs+IBUR5cfDFLJ7k61o
zTnSqIM4HM6vUcZKBUK8FauX1LbzaSvU/uPmvOtm19BOGoqh6+RMLm8kj1I8bNfr
CGfb8BwnLXDkY/EhP4ZAwgW2iRg70m2AOe0013IWSeq1h8+iYSAyZ7+n859CEfYn
vLRCu3e1HGtMWfWYhWI9AwZs4ROjkNhLVxEtBOgWjYfuHtgahvkomiCcIaRUjZpn
6pgRXvbCrRUIi12p2+Q+rFORH6y/VVeb9f4GtrdF+OwjLpK4ZAghbz4m56wjnASr
AaSlq5yMx0LzvEzaD9WpQcsvOQdoTNPZbmSGq8sjaKMJVg==
-----END CERTIFICATE-----