Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/89ff47-0b7b-4309-a8af-2cbd55f9a8ee/1/WdYc6wSLVkfUe7irxf4uyXxEIsM.roa
File:                     WdYc6wSLVkfUe7irxf4uyXxEIsM.roa (raw, json)
Hash identifier:          dpYwLA3RR3eH0lZ7/JtVVQoaXF1Y2bKy7GfyH86APlE=
Subject key identifier:   59:D6:1C:EB:04:8B:56:47:D4:7B:B8:AB:C5:FE:2E:C9:7C:44:22:C3
Certificate issuer:       /CN=69a28c2f84c75e8d0388694355152dd2b731f249
Certificate serial:       0194A7F2AC41E13FC417AEB6938B678D6681
Authority key identifier: 69:A2:8C:2F:84:C7:5E:8D:03:88:69:43:55:15:2D:D2:B7:31:F2:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aaKML4THXo0DiGlDVRUt0rcx8kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/89ff47-0b7b-4309-a8af-2cbd55f9a8ee/1/WdYc6wSLVkfUe7irxf4uyXxEIsM.roa
Signing time:             Mon 27 Jan 2025 13:28:06 +0000
ROA not before:           Mon 27 Jan 2025 13:28:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41783
IP address blocks:        217.26.16.0/21 maxlen: 21
                          2a00:7c00::/32 maxlen: 39
                          2a00:7c00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/89ff47-0b7b-4309-a8af-2cbd55f9a8ee/1/aaKML4THXo0DiGlDVRUt0rcx8kk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/89ff47-0b7b-4309-a8af-2cbd55f9a8ee/1/aaKML4THXo0DiGlDVRUt0rcx8kk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aaKML4THXo0DiGlDVRUt0rcx8kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a7:f2:ac:41:e1:3f:c4:17:ae:b6:93:8b:67:8d:66:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69a28c2f84c75e8d0388694355152dd2b731f249
        Validity
            Not Before: Jan 27 13:28:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59d61ceb048b5647d47bb8abc5fe2ec97c4422c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:fb:b3:f3:3b:f9:d5:77:d2:11:d1:d6:ba:ae:
                    fe:a2:8c:75:ef:f7:7a:2a:fd:f4:21:f5:11:ce:ee:
                    1a:26:aa:dd:c6:cc:c4:e4:14:60:a4:28:82:6f:13:
                    c2:3d:5b:09:2b:6c:16:83:63:eb:ab:c3:68:9b:32:
                    8a:59:71:7f:5e:cb:a4:9f:88:77:11:1d:05:2b:9b:
                    13:49:8c:4d:b9:a7:29:fc:64:04:d4:61:53:cd:21:
                    a9:1e:24:31:c1:88:8f:ad:d4:91:bf:05:8c:ac:9b:
                    ca:d6:2d:4a:be:a6:35:5a:58:a8:cc:0d:27:40:17:
                    85:23:0e:e3:bd:0b:46:0b:80:49:ee:fa:55:33:a5:
                    0b:0c:18:4d:38:fd:44:14:8f:60:4b:c0:f4:9f:9b:
                    04:a1:bc:51:17:e7:33:47:f0:56:19:64:7a:08:5d:
                    40:04:4c:cc:0d:6e:05:9f:e9:7b:fe:88:8c:ac:0d:
                    d5:e2:c7:ff:ac:11:5a:d8:43:6f:df:cd:f4:6a:89:
                    c8:f4:e4:c6:cd:bc:1e:93:4c:fc:9c:67:a4:4b:4f:
                    de:c1:c7:f0:6f:b8:7f:c0:6d:fc:7e:79:3b:9d:3e:
                    75:0b:ec:dc:31:03:0a:95:35:6f:00:ac:be:db:c4:
                    c9:cf:c5:f3:09:8f:10:bd:35:7d:ff:9f:f3:2b:3a:
                    99:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:D6:1C:EB:04:8B:56:47:D4:7B:B8:AB:C5:FE:2E:C9:7C:44:22:C3
            X509v3 Authority Key Identifier:
                keyid:69:A2:8C:2F:84:C7:5E:8D:03:88:69:43:55:15:2D:D2:B7:31:F2:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aaKML4THXo0DiGlDVRUt0rcx8kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/89ff47-0b7b-4309-a8af-2cbd55f9a8ee/1/WdYc6wSLVkfUe7irxf4uyXxEIsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/89ff47-0b7b-4309-a8af-2cbd55f9a8ee/1/aaKML4THXo0DiGlDVRUt0rcx8kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.26.16.0/21
                IPv6:
                  2a00:7c00::/32

    Signature Algorithm: sha256WithRSAEncryption
         be:1a:cc:67:9e:29:e0:5a:f0:09:8f:f4:db:9c:2d:ed:c4:b1:
         84:46:ef:de:7e:9c:4b:5c:0d:06:a3:3f:95:47:47:5b:e7:ba:
         37:92:f9:03:71:8e:35:20:5f:c4:13:a5:1a:e4:a6:b0:d6:2a:
         45:9b:8f:19:02:80:df:ca:48:dc:8b:c0:73:f9:2b:a8:22:1f:
         ee:d4:96:17:16:36:5a:fe:a5:0e:73:13:e3:78:0f:b9:fe:66:
         d1:04:4a:94:51:a5:aa:17:14:a9:7b:ca:34:9d:f7:00:6d:20:
         96:55:53:f2:a5:2b:f4:f9:0e:34:b7:0f:a6:d7:59:5b:de:57:
         2a:17:22:72:88:f0:c0:36:0f:64:14:20:bf:06:f9:a5:f0:f7:
         fb:84:04:19:d3:1b:5a:8e:ee:78:bf:0f:57:e3:a8:9c:0f:23:
         14:a9:7a:fb:d6:72:97:68:94:73:e4:49:68:e0:ae:e8:00:d4:
         2c:3e:e6:2c:2a:54:7f:80:a8:44:9a:9d:1d:c7:8d:b6:9c:bd:
         b5:98:62:13:0e:98:10:d4:cb:b2:4a:59:ec:21:a2:43:7d:ba:
         a5:e4:14:4b:2b:82:f6:f9:e5:f1:5c:fb:19:56:45:f0:21:e1:
         bf:d8:0f:bd:33:25:ad:04:1e:e7:2a:b5:2c:05:0a:1f:d9:0c:
         d3:5b:14:40
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZSn8qxB4T/EF662k4tnjWaBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5YTI4YzJmODRjNzVlOGQwMzg4Njk0MzU1MTUyZGQyYjcz
MWYyNDkwHhcNMjUwMTI3MTMyODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWQ2MWNlYjA0OGI1NjQ3ZDQ3YmI4YWJjNWZlMmVjOTdjNDQyMmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvuz8zv51XfSEdHWuq7+oox17/d6
Kv30IfURzu4aJqrdxszE5BRgpCiCbxPCPVsJK2wWg2Prq8NomzKKWXF/Xsukn4h3
ER0FK5sTSYxNuacp/GQE1GFTzSGpHiQxwYiPrdSRvwWMrJvK1i1KvqY1WliozA0n
QBeFIw7jvQtGC4BJ7vpVM6ULDBhNOP1EFI9gS8D0n5sEobxRF+czR/BWGWR6CF1A
BEzMDW4Fn+l7/oiMrA3V4sf/rBFa2ENv3830aonI9OTGzbwek0z8nGekS0/ewcfw
b7h/wG38fnk7nT51C+zcMQMKlTVvAKy+28TJz8XzCY8QvTV9/5/zKzqZYwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFnWHOsEi1ZH1Hu4q8X+Lsl8RCLDMB8GA1UdIwQY
MBaAFGmijC+Ex16NA4hpQ1UVLdK3MfJJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWFLTUw0VEhYbzBEaUdsRFZSVXQwcmN4OGtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS84OWZmNDctMGI3Yi00MzA5LWE4YWYt
MmNiZDU1ZjlhOGVlLzEvV2RZYzZ3U0xWa2ZVZTdpcnhmNHV5WHhFSXNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS84OWZmNDctMGI3Yi00MzA5LWE4YWYtMmNiZDU1ZjlhOGVl
LzEvYWFLTUw0VEhYbzBEaUdsRFZSVXQwcmN4OGtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQD2RoQMA0E
AgACMAcDBQAqAHwAMA0GCSqGSIb3DQEBCwUAA4IBAQC+GsxnningWvAJj/TbnC3t
xLGERu/efpxLXA0Goz+VR0db57o3kvkDcY41IF/EE6Ua5Kaw1ipFm48ZAoDfykjc
i8Bz+SuoIh/u1JYXFjZa/qUOcxPjeA+5/mbRBEqUUaWqFxSpe8o0nfcAbSCWVVPy
pSv0+Q40tw+m11lb3lcqFyJyiPDANg9kFCC/Bvml8Pf7hAQZ0xtaju54vw9X46ic
DyMUqXr71nKXaJRz5Elo4K7oANQsPuYsKlR/gKhEmp0dx422nL21mGITDpgQ1Muy
SlnsIaJDfbql5BRLK4L2+eXxXPsZVkXwIeG/2A+9MyWtBB7nKrUsBQof2QzTWxRA
-----END CERTIFICATE-----