Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/1aSXcVGk1Vm5At4pQcwezylM4Ug.roa
File:                     1aSXcVGk1Vm5At4pQcwezylM4Ug.roa (raw, json)
Hash identifier:          eXNr6QZZrfiJjqFEbzAoH26vvhPMcGhdRkQbECqKs6Q=
Subject key identifier:   D5:A4:97:71:51:A4:D5:59:B9:02:DE:29:41:CC:1E:CF:29:4C:E1:48
Certificate issuer:       /CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
Certificate serial:       018CC5DC0ECFE517B43FF306FE62086EAB4B
Authority key identifier: C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/1aSXcVGk1Vm5At4pQcwezylM4Ug.roa
Signing time:             Mon 01 Jan 2024 16:29:42 +0000
ROA not before:           Mon 01 Jan 2024 16:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211411
IP address blocks:        2a05:b0c7:5000::/37 maxlen: 37

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:0e:cf:e5:17:b4:3f:f3:06:fe:62:08:6e:ab:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c228348e9054973d7a5f8193bd4e5c44f67399e1
        Validity
            Not Before: Jan  1 16:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5a4977151a4d559b902de2941cc1ecf294ce148
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2e:72:fb:d1:61:97:7a:17:89:ce:ef:4f:7a:
                    41:b4:9e:87:15:c1:5f:f0:74:9c:6b:02:70:f8:e5:
                    5a:7c:de:cb:df:1e:fa:a7:8c:9b:ce:52:98:05:62:
                    13:cf:bc:d1:23:d2:bd:2c:3d:39:f9:95:11:a6:3c:
                    2f:22:19:e0:20:62:1c:d3:bf:1e:3d:07:d1:4c:95:
                    ee:5e:32:94:1b:fe:55:88:b6:d8:84:c3:cb:b2:73:
                    da:21:32:60:d7:e6:c9:b0:b6:1c:6d:8b:24:d9:14:
                    61:07:f3:6e:f1:0c:12:21:4f:69:af:f5:41:58:fe:
                    3c:8d:be:2e:e3:2f:39:8d:cd:88:83:38:db:e7:94:
                    25:a1:9b:7a:8f:7a:1d:b7:e4:2e:b9:4b:13:b0:ea:
                    56:11:c7:5c:f6:85:51:17:4b:eb:40:ec:6d:06:56:
                    f6:ee:d9:78:6d:11:73:c4:c4:17:71:3d:5b:ba:02:
                    b0:6b:13:e0:be:4c:05:1b:10:05:fc:c2:f2:16:b6:
                    e3:39:d9:92:42:42:a7:ae:37:d7:06:53:b5:7b:cc:
                    ff:0b:73:29:b4:84:34:4e:eb:80:5b:52:bf:3d:d1:
                    6f:b7:9e:ed:e9:71:c1:2d:f2:35:58:d9:7f:ea:91:
                    f5:8a:0c:87:20:5e:dd:48:6a:a3:ed:e1:42:96:2a:
                    28:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:A4:97:71:51:A4:D5:59:B9:02:DE:29:41:CC:1E:CF:29:4C:E1:48
            X509v3 Authority Key Identifier:
                keyid:C2:28:34:8E:90:54:97:3D:7A:5F:81:93:BD:4E:5C:44:F6:73:99:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wig0jpBUlz16X4GTvU5cRPZzmeE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/1aSXcVGk1Vm5At4pQcwezylM4Ug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/f16794-91ad-4984-9c6c-e88fff82d553/1/wig0jpBUlz16X4GTvU5cRPZzmeE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b0c7:5000::/37

    Signature Algorithm: sha256WithRSAEncryption
         69:5f:c0:85:2a:eb:a6:4e:56:45:ee:9f:e2:9a:1c:c6:f9:40:
         b1:1d:ce:c4:17:5c:a0:cf:ba:c2:8c:5c:4a:b3:f5:97:06:9a:
         ee:52:51:01:b0:30:a3:08:3c:8e:9e:e2:dd:25:bc:91:25:d2:
         2e:17:c4:17:e9:8a:29:b7:8f:6a:c5:3f:4a:10:bf:3f:01:24:
         03:e7:f2:af:d7:91:38:16:05:1e:0d:65:2c:82:6a:ec:2b:be:
         65:67:d7:f0:e0:b8:c7:63:12:a5:2d:08:ab:91:0a:eb:80:7a:
         cd:56:9a:a5:98:10:b9:df:63:a8:9b:d9:ef:fc:67:67:51:bf:
         9b:32:96:ad:ef:5b:51:50:00:f3:27:12:0f:64:21:50:a0:f6:
         4e:19:e1:89:a4:17:27:42:c9:22:96:95:83:56:10:31:c5:46:
         0d:3b:29:ca:54:a8:50:25:f8:9e:eb:ba:1b:d8:20:58:21:d7:
         ee:04:e7:d3:39:61:db:61:7d:9b:44:94:36:c3:e6:4a:1d:90:
         a0:b2:6c:e4:b5:f7:f9:58:45:0d:e5:e6:00:c7:fd:cb:2b:b8:
         4e:52:59:f1:13:ee:a4:8c:cf:88:08:34:e8:6d:d4:16:20:a7:
         a6:5c:03:26:c4:5c:c0:55:7e:8d:7c:24:53:72:e6:f4:ba:b7:
         3e:63:7d:35
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzF3A7P5Re0P/MG/mIIbqtLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMjgzNDhlOTA1NDk3M2Q3YTVmODE5M2JkNGU1YzQ0ZjY3
Mzk5ZTEwHhcNMjQwMTAxMTYyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWE0OTc3MTUxYTRkNTU5YjkwMmRlMjk0MWNjMWVjZjI5NGNlMTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqy5y+9Fhl3oXic7vT3pBtJ6HFcFf
8HScawJw+OVafN7L3x76p4ybzlKYBWITz7zRI9K9LD05+ZURpjwvIhngIGIc078e
PQfRTJXuXjKUG/5ViLbYhMPLsnPaITJg1+bJsLYcbYsk2RRhB/Nu8QwSIU9pr/VB
WP48jb4u4y85jc2Igzjb55QloZt6j3odt+QuuUsTsOpWEcdc9oVRF0vrQOxtBlb2
7tl4bRFzxMQXcT1bugKwaxPgvkwFGxAF/MLyFrbjOdmSQkKnrjfXBlO1e8z/C3Mp
tIQ0TuuAW1K/PdFvt57t6XHBLfI1WNl/6pH1igyHIF7dSGqj7eFClioohQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNWkl3FRpNVZuQLeKUHMHs8pTOFIMB8GA1UdIwQY
MBaAFMIoNI6QVJc9el+Bk71OXET2c5nhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMt
ZTg4ZmZmODJkNTUzLzEvMWFTWGNWR2sxVm01QXQ0cFFjd2V6eWxNNFVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9mMTY3OTQtOTFhZC00OTg0LTljNmMtZTg4ZmZmODJkNTUz
LzEvd2lnMGpwQlVsejE2WDRHVHZVNWNSUFp6bWVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYDKgWwx1Aw
DQYJKoZIhvcNAQELBQADggEBAGlfwIUq66ZOVkXun+KaHMb5QLEdzsQXXKDPusKM
XEqz9ZcGmu5SUQGwMKMIPI6e4t0lvJEl0i4XxBfpiim3j2rFP0oQvz8BJAPn8q/X
kTgWBR4NZSyCauwrvmVn1/DguMdjEqUtCKuRCuuAes1WmqWYELnfY6ib2e/8Z2dR
v5sylq3vW1FQAPMnEg9kIVCg9k4Z4YmkFydCySKWlYNWEDHFRg07KcpUqFAl+J7r
uhvYIFgh1+4E59M5YdthfZtElDbD5kodkKCybOS19/lYRQ3l5gDH/csruE5SWfET
7qSMz4gINOht1BYgp6ZcAybEXMBVfo18JFNy5vS6tz5jfTU=
-----END CERTIFICATE-----