Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/31a6a4-8a9d-47a2-8fbb-b9dff3e7a32e/1/WzcaaMQRrlChBNRzpd6ejVsnjhE.roa
File:                     WzcaaMQRrlChBNRzpd6ejVsnjhE.roa (raw, json)
Hash identifier:          thxrjBXbUSSC8DCWldp79G7rZSMi1abwsQ1q60K08dg=
Subject key identifier:   5B:37:1A:68:C4:11:AE:50:A1:04:D4:73:A5:DE:9E:8D:5B:27:8E:11
Certificate issuer:       /CN=9213f2c2d06c64b895457ab50fc4920283a49cc7
Certificate serial:       019468F765872F16EC169FA45540807A1D43
Authority key identifier: 92:13:F2:C2:D0:6C:64:B8:95:45:7A:B5:0F:C4:92:02:83:A4:9C:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/khPywtBsZLiVRXq1D8SSAoOknMc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/31a6a4-8a9d-47a2-8fbb-b9dff3e7a32e/1/WzcaaMQRrlChBNRzpd6ejVsnjhE.roa
Signing time:             Wed 15 Jan 2025 07:57:11 +0000
ROA not before:           Wed 15 Jan 2025 07:57:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206119
IP address blocks:        2a0f:c940::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/31a6a4-8a9d-47a2-8fbb-b9dff3e7a32e/1/khPywtBsZLiVRXq1D8SSAoOknMc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/31a6a4-8a9d-47a2-8fbb-b9dff3e7a32e/1/khPywtBsZLiVRXq1D8SSAoOknMc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/khPywtBsZLiVRXq1D8SSAoOknMc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:68:f7:65:87:2f:16:ec:16:9f:a4:55:40:80:7a:1d:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9213f2c2d06c64b895457ab50fc4920283a49cc7
        Validity
            Not Before: Jan 15 07:57:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b371a68c411ae50a104d473a5de9e8d5b278e11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ee:57:e0:cf:e6:7c:73:df:b6:40:b6:b4:e8:
                    ed:91:99:c3:69:48:96:6e:d5:1c:da:0a:77:31:ab:
                    6c:3c:21:ab:60:e2:8c:a5:a7:fc:09:6f:60:07:6e:
                    11:5e:69:e0:b8:f1:49:5d:1a:da:5a:51:5f:7d:52:
                    f8:43:0a:1d:c7:a9:b3:7f:2e:38:e8:6c:ec:cb:8f:
                    1f:04:78:7d:05:84:6d:a8:3f:05:63:34:2f:9d:d4:
                    ea:72:92:61:03:46:98:b6:76:39:58:e0:59:20:1b:
                    51:d7:e5:2f:7e:8d:c4:64:ae:eb:5f:43:dd:f2:4c:
                    7f:1b:cb:92:52:20:96:6c:60:4b:21:73:71:47:a9:
                    84:e3:bf:15:2f:32:53:07:16:65:75:84:3b:13:f9:
                    3f:b9:90:11:3e:fe:af:aa:16:3d:5e:16:69:ae:16:
                    2b:65:c7:84:8c:32:49:5f:6a:a1:fd:e4:0a:72:f9:
                    e1:61:51:e5:75:d2:0c:24:65:ac:c7:4b:f9:d1:8e:
                    6f:04:84:2c:fe:39:31:63:2c:26:af:b6:63:4c:e8:
                    da:c2:0f:46:e5:47:c9:e1:a2:d8:a1:89:dc:7b:da:
                    dc:ca:67:c0:5f:af:4f:93:ff:96:92:ed:4a:22:18:
                    43:e3:66:25:3f:71:39:fd:18:16:46:e7:60:73:8f:
                    67:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:37:1A:68:C4:11:AE:50:A1:04:D4:73:A5:DE:9E:8D:5B:27:8E:11
            X509v3 Authority Key Identifier:
                keyid:92:13:F2:C2:D0:6C:64:B8:95:45:7A:B5:0F:C4:92:02:83:A4:9C:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/khPywtBsZLiVRXq1D8SSAoOknMc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/31a6a4-8a9d-47a2-8fbb-b9dff3e7a32e/1/WzcaaMQRrlChBNRzpd6ejVsnjhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/31a6a4-8a9d-47a2-8fbb-b9dff3e7a32e/1/khPywtBsZLiVRXq1D8SSAoOknMc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:c940::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:39:80:7d:3e:d1:c3:9a:07:f0:09:5e:14:e3:a5:98:8c:bd:
         f9:0f:85:8e:24:58:4f:15:b9:a0:24:47:1e:75:27:75:45:8c:
         4f:e9:de:30:5b:9b:ed:2b:57:61:9d:33:52:14:64:80:31:ed:
         af:81:9b:4a:99:67:5a:e1:82:04:63:03:2b:b3:30:f1:ee:55:
         db:67:16:9d:75:be:9c:1f:24:53:33:41:f4:e6:61:f7:07:06:
         74:60:c8:91:af:13:88:67:df:d2:b8:fb:a7:b4:96:06:35:49:
         d7:e2:ea:89:6c:c2:32:16:3b:68:41:d2:22:3e:78:04:10:60:
         35:c0:17:3b:44:a4:c3:cf:12:9b:76:3b:fa:dc:1c:d6:31:76:
         b6:34:96:73:63:2f:20:c8:28:f7:62:7e:b4:f7:46:e8:8a:00:
         b6:8e:90:1b:f2:ce:21:f3:d0:1c:5c:51:f7:8d:17:5a:35:ed:
         3c:b8:21:33:55:3c:51:0c:93:1b:f3:4a:fa:7b:54:b1:c1:9b:
         f5:25:bf:59:45:7c:70:e3:56:6a:4c:0e:28:6a:2e:03:cb:19:
         e1:a8:aa:fb:2a:69:d7:3e:db:52:70:59:4b:e4:28:22:35:9d:
         37:20:82:8b:1f:9e:80:24:2f:b5:ce:a2:e7:7e:bf:97:62:39:
         fc:3e:da:18
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZRo92WHLxbsFp+kVUCAeh1DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMTNmMmMyZDA2YzY0Yjg5NTQ1N2FiNTBmYzQ5MjAyODNh
NDljYzcwHhcNMjUwMTE1MDc1NzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjM3MWE2OGM0MTFhZTUwYTEwNGQ0NzNhNWRlOWU4ZDViMjc4ZTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuO5X4M/mfHPftkC2tOjtkZnDaUiW
btUc2gp3MatsPCGrYOKMpaf8CW9gB24RXmnguPFJXRraWlFffVL4Qwodx6mzfy44
6Gzsy48fBHh9BYRtqD8FYzQvndTqcpJhA0aYtnY5WOBZIBtR1+Uvfo3EZK7rX0Pd
8kx/G8uSUiCWbGBLIXNxR6mE478VLzJTBxZldYQ7E/k/uZARPv6vqhY9XhZprhYr
ZceEjDJJX2qh/eQKcvnhYVHlddIMJGWsx0v50Y5vBIQs/jkxYywmr7ZjTOjawg9G
5UfJ4aLYoYnce9rcymfAX69Pk/+Wku1KIhhD42YlP3E5/RgWRudgc49nXwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFs3GmjEEa5QoQTUc6Xeno1bJ44RMB8GA1UdIwQY
MBaAFJIT8sLQbGS4lUV6tQ/EkgKDpJzHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2hQeXd0QnNaTGlWUlhxMUQ4U1NBb09rbk1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8zMWE2YTQtOGE5ZC00N2EyLThmYmIt
YjlkZmYzZTdhMzJlLzEvV3pjYWFNUVJybENoQk5SenBkNmVqVnNuamhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi8zMWE2YTQtOGE5ZC00N2EyLThmYmItYjlkZmYzZTdhMzJl
LzEva2hQeXd0QnNaTGlWUlhxMUQ4U1NBb09rbk1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg/JQDAN
BgkqhkiG9w0BAQsFAAOCAQEAUDmAfT7Rw5oH8AleFOOlmIy9+Q+FjiRYTxW5oCRH
HnUndUWMT+neMFub7StXYZ0zUhRkgDHtr4GbSplnWuGCBGMDK7Mw8e5V22cWnXW+
nB8kUzNB9OZh9wcGdGDIka8TiGff0rj7p7SWBjVJ1+LqiWzCMhY7aEHSIj54BBBg
NcAXO0Skw88Sm3Y7+twc1jF2tjSWc2MvIMgo92J+tPdG6IoAto6QG/LOIfPQHFxR
940XWjXtPLghM1U8UQyTG/NK+ntUscGb9SW/WUV8cONWakwOKGouA8sZ4aiq+ypp
1z7bUnBZS+QoIjWdNyCCix+egCQvtc6i536/l2I5/D7aGA==
-----END CERTIFICATE-----