Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/WAzJt5KFvNkbvOrY4DLl3DRMOXw.roa
File:                     WAzJt5KFvNkbvOrY4DLl3DRMOXw.roa (raw, json)
Hash identifier:          kFPvDBtZq/zWJI4t2lZlhoWhuxbbQs9xZ9Xd6bpJYR4=
Subject key identifier:   58:0C:C9:B7:92:85:BC:D9:1B:BC:EA:D8:E0:32:E5:DC:34:4C:39:7C
Certificate issuer:       /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial:       018CCA298214E89B300C2D3E0B7BC4175DDF
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/WAzJt5KFvNkbvOrY4DLl3DRMOXw.roa
Signing time:             Tue 02 Jan 2024 12:32:47 +0000
ROA not before:           Tue 02 Jan 2024 12:32:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        2a03:60c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 16:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:82:14:e8:9b:30:0c:2d:3e:0b:7b:c4:17:5d:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
        Validity
            Not Before: Jan  2 12:32:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=580cc9b79285bcd91bbcead8e032e5dc344c397c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:3c:a1:c0:55:8c:7b:28:15:4c:17:93:a3:52:
                    23:07:75:b3:22:4e:b7:e2:9c:c4:67:39:41:27:b0:
                    bb:84:81:5b:20:16:40:91:c8:53:8b:eb:89:64:11:
                    0d:26:79:c1:63:fb:e7:dc:ad:fa:95:9b:f6:a8:fc:
                    d1:2e:c0:70:3b:05:03:ee:e7:a0:e9:8c:f8:45:e9:
                    52:49:17:09:77:7f:b8:f4:6c:94:78:4f:2e:ce:80:
                    31:a0:4b:b6:c2:56:5b:29:36:46:a0:ae:b3:2f:d3:
                    1b:96:6b:cc:fd:2b:57:f7:7c:d7:46:17:46:38:b5:
                    41:5b:1d:cb:97:19:c3:03:7f:5b:88:ad:b2:06:a7:
                    d6:f3:7a:16:2d:de:96:af:d5:a4:e2:30:33:75:c4:
                    e9:6f:66:f4:c9:e9:da:2b:5b:f8:b6:e5:8f:7d:86:
                    86:7a:d3:ec:a7:95:b5:85:6b:52:65:67:98:eb:04:
                    55:c5:1f:e4:43:3c:d8:b0:5a:2c:dc:7b:1a:1e:57:
                    57:7d:12:bf:66:19:a7:6e:3d:a5:07:1c:84:76:c5:
                    4c:34:50:f7:9c:cc:98:5d:52:57:04:16:60:cd:5b:
                    b3:6d:ca:d3:e2:74:7e:d2:3e:38:10:28:fa:68:4f:
                    5c:cd:69:2f:f1:b1:ce:f7:47:75:87:2b:8d:48:c3:
                    41:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:0C:C9:B7:92:85:BC:D9:1B:BC:EA:D8:E0:32:E5:DC:34:4C:39:7C
            X509v3 Authority Key Identifier:
                keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/WAzJt5KFvNkbvOrY4DLl3DRMOXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:60c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:5f:d0:2b:01:d1:4f:9c:03:2d:98:f1:b3:d2:df:d3:27:9c:
         77:7a:79:42:93:9d:e1:43:a9:8f:df:ed:3a:ae:c6:45:3e:d0:
         24:03:38:d4:f4:1d:6e:63:d0:5c:d5:8c:2f:bc:a2:14:4a:71:
         6e:21:03:e8:22:65:55:b7:6d:b6:60:15:20:72:86:d8:d0:f0:
         c5:8e:44:20:e2:15:b5:0b:43:c4:cd:30:26:aa:52:15:2e:3c:
         e3:e6:7f:77:2e:c7:53:2e:1c:92:cd:11:d1:54:57:a2:a3:c4:
         99:f1:2a:0e:46:cd:7d:44:10:57:5b:8f:eb:9e:75:98:13:94:
         8a:77:04:21:6f:a7:40:9a:91:cd:1f:59:d5:28:e5:69:a8:e7:
         1a:f2:48:20:88:81:4a:7f:fc:00:3c:cb:86:a4:c0:7a:f2:6b:
         00:de:66:26:b0:20:7c:38:9d:4b:43:bb:cb:ff:09:b3:12:eb:
         dd:71:d0:65:2d:be:b8:fa:8d:94:2f:81:00:3a:6d:f1:6d:f3:
         31:52:c2:c8:b7:64:73:40:8f:ba:26:f8:7c:95:f6:81:05:a0:
         ce:83:b2:33:94:de:ef:e0:f1:07:c8:d0:c2:88:47:f8:6f:f8:
         0e:ff:43:69:34:b6:66:2e:7a:48:ad:7c:7e:84:33:76:2f:01:
         78:90:49:71
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKKYIU6JswDC0+C3vEF13fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjQwMTAyMTIzMjQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODBjYzliNzkyODViY2Q5MWJiY2VhZDhlMDMyZTVkYzM0NGMzOTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjyhwFWMeygVTBeTo1IjB3WzIk63
4pzEZzlBJ7C7hIFbIBZAkchTi+uJZBENJnnBY/vn3K36lZv2qPzRLsBwOwUD7ueg
6Yz4RelSSRcJd3+49GyUeE8uzoAxoEu2wlZbKTZGoK6zL9MblmvM/StX93zXRhdG
OLVBWx3LlxnDA39biK2yBqfW83oWLd6Wr9Wk4jAzdcTpb2b0yenaK1v4tuWPfYaG
etPsp5W1hWtSZWeY6wRVxR/kQzzYsFos3HsaHldXfRK/Zhmnbj2lBxyEdsVMNFD3
nMyYXVJXBBZgzVuzbcrT4nR+0j44ECj6aE9czWkv8bHO90d1hyuNSMNBPwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFgMybeShbzZG7zq2OAy5dw0TDl8MB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvV0F6SnQ1S0Z2Tmtidk9yWTRETGwzRFJNT1h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgNgwDAN
BgkqhkiG9w0BAQsFAAOCAQEAFl/QKwHRT5wDLZjxs9Lf0yecd3p5QpOd4UOpj9/t
Oq7GRT7QJAM41PQdbmPQXNWML7yiFEpxbiED6CJlVbdttmAVIHKG2NDwxY5EIOIV
tQtDxM0wJqpSFS484+Z/dy7HUy4cks0R0VRXoqPEmfEqDkbNfUQQV1uP6551mBOU
incEIW+nQJqRzR9Z1SjlaajnGvJIIIiBSn/8ADzLhqTAevJrAN5mJrAgfDidS0O7
y/8JsxLr3XHQZS2+uPqNlC+BADpt8W3zMVLCyLdkc0CPuib4fJX2gQWgzoOyM5Te
7+DxB8jQwohH+G/4Dv9DaTS2Zi56SK18foQzdi8BeJBJcQ==
-----END CERTIFICATE-----