Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/WtuPQAz22oEnCEx3Rc-9J0U0Qbk.roa
File:                     WtuPQAz22oEnCEx3Rc-9J0U0Qbk.roa (raw, json)
Hash identifier:          LqsVaHB6US9lWput6TNuWvOyM8xnvQFU16n5uBdiSPM=
Subject key identifier:   5A:DB:8F:40:0C:F6:DA:81:27:08:4C:77:45:CF:BD:27:45:34:41:B9
Certificate issuer:       /CN=d0b61d1f1d9ccdab6b6d8e1450c2c936d397e670
Certificate serial:       0194228E2E8A36D5D1234794D08B2E6D35CE
Authority key identifier: D0:B6:1D:1F:1D:9C:CD:AB:6B:6D:8E:14:50:C2:C9:36:D3:97:E6:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/WtuPQAz22oEnCEx3Rc-9J0U0Qbk.roa
Signing time:             Wed 01 Jan 2025 15:48:50 +0000
ROA not before:           Wed 01 Jan 2025 15:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198154
IP address blocks:        2a14:23c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 06:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:2e:8a:36:d5:d1:23:47:94:d0:8b:2e:6d:35:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0b61d1f1d9ccdab6b6d8e1450c2c936d397e670
        Validity
            Not Before: Jan  1 15:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5adb8f400cf6da8127084c7745cfbd27453441b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:08:75:76:eb:10:02:19:07:03:06:be:b6:ea:
                    49:3f:1d:0b:de:f1:ea:47:bd:a7:7d:29:3c:4c:67:
                    68:f9:a6:bb:4a:ce:ed:ff:1f:df:fd:19:fc:24:88:
                    98:16:3d:15:1d:cd:3b:72:01:90:55:c2:7b:e1:88:
                    3e:ca:5a:64:e1:bf:d4:db:72:0d:ef:f8:30:27:dd:
                    41:34:58:56:fa:bf:37:02:fd:b6:0c:69:3f:29:47:
                    0e:65:1d:ab:c4:ed:eb:a0:f4:eb:13:ad:d3:b2:67:
                    c0:38:33:20:30:65:00:b1:f6:99:cb:4e:fb:3d:8d:
                    e3:b2:c6:4f:d2:fe:46:b3:ba:24:44:92:51:e5:86:
                    78:34:37:aa:22:1b:f5:6a:18:ca:dc:b0:8c:09:3c:
                    82:91:a4:75:65:43:a9:d3:37:5c:c3:77:f9:0a:53:
                    90:e9:85:fa:86:bc:0f:5d:d1:da:57:45:2d:ce:38:
                    0a:ae:1e:19:d2:1d:c7:24:53:d5:8b:08:51:21:2a:
                    1b:74:3a:53:d1:ac:29:ae:11:33:3f:8f:6b:b7:93:
                    2b:05:a9:25:b4:8c:9c:1f:5a:98:2d:4d:b5:ca:45:
                    ad:2e:f3:3c:79:09:26:61:84:b4:5a:39:9e:46:db:
                    6f:d4:68:c3:db:8d:11:18:40:06:9d:3f:22:c0:d8:
                    44:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:DB:8F:40:0C:F6:DA:81:27:08:4C:77:45:CF:BD:27:45:34:41:B9
            X509v3 Authority Key Identifier:
                keyid:D0:B6:1D:1F:1D:9C:CD:AB:6B:6D:8E:14:50:C2:C9:36:D3:97:E6:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0LYdHx2czatrbY4UUMLJNtOX5nA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/WtuPQAz22oEnCEx3Rc-9J0U0Qbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/317635-a90a-4704-9672-15f62c890af8/1/0LYdHx2czatrbY4UUMLJNtOX5nA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:23c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:4b:dc:54:68:91:41:44:ba:a1:42:94:cc:ed:e0:b2:65:03:
         90:8b:94:7f:59:49:da:86:93:d7:8b:5e:27:aa:db:c0:cc:84:
         24:7a:33:da:7b:10:d2:ec:90:fb:32:26:0e:6f:70:6f:ca:8d:
         63:69:df:ef:89:16:2a:c8:27:ee:c8:2c:fc:b0:11:09:6f:99:
         4e:a0:ce:ef:91:af:2c:19:a2:14:84:8a:28:42:af:3e:8d:a9:
         8f:20:6a:24:5f:c3:c4:ef:8c:5d:77:9f:b6:22:19:d0:33:2e:
         e0:47:a5:46:19:7e:ea:38:bc:32:6b:a8:d5:37:eb:6a:74:5e:
         70:53:15:ba:ce:35:f1:c8:a1:c1:e5:3b:e6:10:1d:23:dc:7e:
         e7:fa:16:04:d1:2c:2e:a9:36:18:20:4b:47:3e:8a:6c:ca:6a:
         54:41:47:69:7c:02:2a:c0:37:e1:69:be:5b:f7:f5:85:76:83:
         41:ac:9f:cc:69:71:e8:7a:4e:ab:e0:6c:ca:31:ed:39:04:1c:
         ed:16:ee:c7:a1:fa:e7:b2:8d:19:82:ba:d6:30:b3:d6:ae:9b:
         82:22:96:60:6f:2e:79:2e:84:9a:70:d8:49:c4:0e:33:6e:30:
         dd:dc:7e:67:08:fa:a2:c1:f4:b8:d6:c1:17:56:31:48:e2:0b:
         85:9b:8a:22
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiji6KNtXRI0eU0IsubTXOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYjYxZDFmMWQ5Y2NkYWI2YjZkOGUxNDUwYzJjOTM2ZDM5
N2U2NzAwHhcNMjUwMTAxMTU0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWRiOGY0MDBjZjZkYTgxMjcwODRjNzc0NWNmYmQyNzQ1MzQ0MWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1gh1dusQAhkHAwa+tupJPx0L3vHq
R72nfSk8TGdo+aa7Ss7t/x/f/Rn8JIiYFj0VHc07cgGQVcJ74Yg+ylpk4b/U23IN
7/gwJ91BNFhW+r83Av22DGk/KUcOZR2rxO3roPTrE63TsmfAODMgMGUAsfaZy077
PY3jssZP0v5Gs7okRJJR5YZ4NDeqIhv1ahjK3LCMCTyCkaR1ZUOp0zdcw3f5ClOQ
6YX6hrwPXdHaV0UtzjgKrh4Z0h3HJFPViwhRISobdDpT0awprhEzP49rt5MrBakl
tIycH1qYLU21ykWtLvM8eQkmYYS0WjmeRttv1GjD240RGEAGnT8iwNhE0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFrbj0AM9tqBJwhMd0XPvSdFNEG5MB8GA1UdIwQY
MBaAFNC2HR8dnM2ra22OFFDCyTbTl+ZwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMExZZEh4MmN6YXRyYlk0VVVNTEpOdE9YNW5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8zMTc2MzUtYTkwYS00NzA0LTk2NzIt
MTVmNjJjODkwYWY4LzEvV3R1UFFBejIyb0VuQ0V4M1JjLTlKMFUwUWJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8zMTc2MzUtYTkwYS00NzA0LTk2NzItMTVmNjJjODkwYWY4
LzEvMExZZEh4MmN6YXRyYlk0VVVNTEpOdE9YNW5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhQjwAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA7S9xUaJFBRLqhQpTM7eCyZQOQi5R/WUnahpPX
i14nqtvAzIQkejPaexDS7JD7MiYOb3Bvyo1jad/viRYqyCfuyCz8sBEJb5lOoM7v
ka8sGaIUhIooQq8+jamPIGokX8PE74xdd5+2IhnQMy7gR6VGGX7qOLwya6jVN+tq
dF5wUxW6zjXxyKHB5TvmEB0j3H7n+hYE0SwuqTYYIEtHPopsympUQUdpfAIqwDfh
ab5b9/WFdoNBrJ/MaXHoek6r4GzKMe05BBztFu7Hofrnso0ZgrrWMLPWrpuCIpZg
by55LoSacNhJxA4zbjDd3H5nCPqiwfS41sEXVjFI4guFm4oi
-----END CERTIFICATE-----