Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/wtKDd8WqxzFAo7emkeR1wXM1OIU.roa
File:                     wtKDd8WqxzFAo7emkeR1wXM1OIU.roa (raw, json)
Hash identifier:          G+AeczEeuEpEkmAe59Kfv0UCMBy8VfAj4AhjwK3Ll1A=
Subject key identifier:   C2:D2:83:77:C5:AA:C7:31:40:A3:B7:A6:91:E4:75:C1:73:35:38:85
Certificate issuer:       /CN=35ef79c51e3fa084332064aa0b83608d6e41c12b
Certificate serial:       018F069D62C4F63C3258687CCDB269878790
Authority key identifier: 35:EF:79:C5:1E:3F:A0:84:33:20:64:AA:0B:83:60:8D:6E:41:C1:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ne95xR4_oIQzIGSqC4NgjW5BwSs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/wtKDd8WqxzFAo7emkeR1wXM1OIU.roa
Signing time:             Mon 22 Apr 2024 16:22:08 +0000
ROA not before:           Mon 22 Apr 2024 16:22:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        157.5.48.0/21 maxlen: 21
                          157.5.56.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/Ne95xR4_oIQzIGSqC4NgjW5BwSs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/Ne95xR4_oIQzIGSqC4NgjW5BwSs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ne95xR4_oIQzIGSqC4NgjW5BwSs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:06:9d:62:c4:f6:3c:32:58:68:7c:cd:b2:69:87:87:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35ef79c51e3fa084332064aa0b83608d6e41c12b
        Validity
            Not Before: Apr 22 16:22:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2d28377c5aac73140a3b7a691e475c173353885
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:11:07:f9:42:32:42:70:c0:62:e8:67:cc:b4:
                    7f:d9:fc:93:0f:6d:e4:10:55:8c:33:c6:96:6b:89:
                    b2:af:dc:bd:af:79:b8:1a:e2:51:80:83:c1:f2:b0:
                    ea:8e:8b:ba:c1:dd:68:60:61:fe:aa:3e:5a:02:ea:
                    e5:fc:26:a4:27:34:53:03:7c:cc:93:1c:eb:1f:90:
                    c8:be:eb:2b:a6:0b:2c:6f:a9:7d:4e:51:dd:48:1d:
                    f8:e7:c2:36:1b:38:fb:37:2c:26:84:c8:72:e5:d3:
                    99:0d:7b:30:ff:9c:97:68:37:1f:d1:ef:3a:77:71:
                    21:2c:3a:96:99:c6:b9:39:29:64:88:15:ab:df:1a:
                    f7:d3:c8:99:69:21:6b:9a:7a:ce:7b:43:e8:d1:b9:
                    41:54:be:7c:91:c6:e8:c8:a4:e5:92:24:05:50:2f:
                    11:80:29:2a:c9:1e:db:b8:c7:5d:a5:b9:1a:9f:ce:
                    c3:c2:bf:f6:dc:bc:30:fe:10:17:74:3d:69:67:37:
                    d4:12:52:1a:ed:be:42:69:f7:07:d0:b0:e0:c2:61:
                    34:bf:46:ac:5c:55:ab:9f:bc:2b:c0:3c:67:dc:5a:
                    12:61:22:9b:24:1f:7c:2a:15:ac:9a:35:b2:97:41:
                    fe:0b:41:9f:4e:50:aa:58:06:40:ff:58:2e:47:8a:
                    16:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:D2:83:77:C5:AA:C7:31:40:A3:B7:A6:91:E4:75:C1:73:35:38:85
            X509v3 Authority Key Identifier:
                keyid:35:EF:79:C5:1E:3F:A0:84:33:20:64:AA:0B:83:60:8D:6E:41:C1:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ne95xR4_oIQzIGSqC4NgjW5BwSs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/wtKDd8WqxzFAo7emkeR1wXM1OIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/Ne95xR4_oIQzIGSqC4NgjW5BwSs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.5.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         24:5f:fd:11:67:b2:82:d9:de:f6:ce:49:fc:3b:a4:90:6e:8c:
         99:3e:22:7a:7d:e0:b3:22:47:54:cf:5e:c8:89:45:ab:86:16:
         cf:0b:87:54:54:e2:a2:7a:ca:cc:88:58:3e:62:f0:12:bd:5b:
         46:c2:b6:96:ec:33:4d:1a:19:5a:72:d7:cc:b2:08:ea:8b:22:
         10:c9:51:da:cd:e8:c2:a6:6d:29:8b:1a:2e:9c:c7:02:a3:37:
         3a:98:3d:16:a6:c3:8e:9f:2e:40:90:12:14:95:97:12:15:d9:
         17:26:01:cc:e3:ff:eb:58:08:bc:28:62:00:e3:85:35:ea:15:
         22:72:e3:82:ac:6e:34:56:7d:1e:68:f3:c4:78:70:d7:8c:9e:
         b2:5c:08:28:e5:db:75:5d:e6:a1:21:e2:19:07:0e:b3:cf:f4:
         2c:a8:11:b4:d1:b3:8f:c4:56:fe:81:ce:b2:4d:0e:96:b3:58:
         74:3e:9d:74:86:80:2c:73:40:18:ad:e3:b8:95:79:0e:b8:24:
         2d:b6:a2:18:7b:da:35:51:40:1c:a3:b3:c3:db:3f:d3:c7:74:
         70:2c:32:bb:5d:5c:4e:3b:8a:9a:ae:db:3f:f2:9f:b4:e2:8f:
         ea:a8:b6:f0:5a:50:a5:1e:eb:28:d3:7a:7a:63:e2:ff:5e:52:
         b9:eb:40:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8GnWLE9jwyWGh8zbJph4eQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1ZWY3OWM1MWUzZmEwODQzMzIwNjRhYTBiODM2MDhkNmU0
MWMxMmIwHhcNMjQwNDIyMTYyMjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmQyODM3N2M1YWFjNzMxNDBhM2I3YTY5MWU0NzVjMTczMzUzODg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBEH+UIyQnDAYuhnzLR/2fyTD23k
EFWMM8aWa4myr9y9r3m4GuJRgIPB8rDqjou6wd1oYGH+qj5aAurl/CakJzRTA3zM
kxzrH5DIvusrpgssb6l9TlHdSB3458I2Gzj7NywmhMhy5dOZDXsw/5yXaDcf0e86
d3EhLDqWmca5OSlkiBWr3xr308iZaSFrmnrOe0Po0blBVL58kcboyKTlkiQFUC8R
gCkqyR7buMddpbkan87Dwr/23Lww/hAXdD1pZzfUElIa7b5CafcH0LDgwmE0v0as
XFWrn7wrwDxn3FoSYSKbJB98KhWsmjWyl0H+C0GfTlCqWAZA/1guR4oWswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMLSg3fFqscxQKO3ppHkdcFzNTiFMB8GA1UdIwQY
MBaAFDXvecUeP6CEMyBkqguDYI1uQcErMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmU5NXhSNF9vSVF6SUdTcUM0TmdqVzVCd1NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9kM2YwZjMtZGRlZC00MmRjLTgyZTAt
ZTNkOTUzMWRmZDJiLzEvd3RLRGQ4V3F4ekZBbzdlbWtlUjF3WE0xT0lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9kM2YwZjMtZGRlZC00MmRjLTgyZTAtZTNkOTUzMWRmZDJi
LzEvTmU5NXhSNF9vSVF6SUdTcUM0TmdqVzVCd1NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEnQUwMA0G
CSqGSIb3DQEBCwUAA4IBAQAkX/0RZ7KC2d72zkn8O6SQboyZPiJ6feCzIkdUz17I
iUWrhhbPC4dUVOKiesrMiFg+YvASvVtGwraW7DNNGhlactfMsgjqiyIQyVHazejC
pm0pixounMcCozc6mD0WpsOOny5AkBIUlZcSFdkXJgHM4//rWAi8KGIA44U16hUi
cuOCrG40Vn0eaPPEeHDXjJ6yXAgo5dt1XeahIeIZBw6zz/QsqBG00bOPxFb+gc6y
TQ6Ws1h0Pp10hoAsc0AYreO4lXkOuCQttqIYe9o1UUAco7PD2z/Tx3RwLDK7XVxO
O4qarts/8p+04o/qqLbwWlClHuso03p6Y+L/XlK560AY
-----END CERTIFICATE-----