Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c90a34-0afd-49b9-bbd6-a297c1408085/1/x-wi5OePJObwjtMIP5kzaryMlig.roa
File:                     x-wi5OePJObwjtMIP5kzaryMlig.roa (raw, json)
Hash identifier:          tI9He1PeHxfRiuZ2yrv1KlruGK7iuaoeDbA57xWU8EE=
Subject key identifier:   C7:EC:22:E4:E7:8F:24:E6:F0:8E:D3:08:3F:99:33:6A:BC:8C:96:28
Certificate issuer:       /CN=28203decd08bd47d8a9162a6e1742f3c53ea3c74
Certificate serial:       018CC3B73DBBBFBED05820DCAEC7EE259092
Authority key identifier: 28:20:3D:EC:D0:8B:D4:7D:8A:91:62:A6:E1:74:2F:3C:53:EA:3C:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KCA97NCL1H2KkWKm4XQvPFPqPHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c90a34-0afd-49b9-bbd6-a297c1408085/1/x-wi5OePJObwjtMIP5kzaryMlig.roa
Signing time:             Mon 01 Jan 2024 06:30:15 +0000
ROA not before:           Mon 01 Jan 2024 06:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35207
IP address blocks:        2a0c:7180::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c90a34-0afd-49b9-bbd6-a297c1408085/1/KCA97NCL1H2KkWKm4XQvPFPqPHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c90a34-0afd-49b9-bbd6-a297c1408085/1/KCA97NCL1H2KkWKm4XQvPFPqPHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KCA97NCL1H2KkWKm4XQvPFPqPHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 12:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:3d:bb:bf:be:d0:58:20:dc:ae:c7:ee:25:90:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28203decd08bd47d8a9162a6e1742f3c53ea3c74
        Validity
            Not Before: Jan  1 06:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7ec22e4e78f24e6f08ed3083f99336abc8c9628
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:c2:10:87:9a:44:67:2c:03:cb:5f:a5:2e:4e:
                    90:99:fd:8e:fc:3f:65:7e:07:9c:a2:e2:86:21:3d:
                    2f:8c:5e:2b:ff:9b:ed:75:9f:65:fc:5b:4a:fe:fe:
                    0e:3f:4b:4a:59:db:2e:9d:ac:e3:bc:55:13:5d:db:
                    81:ba:2c:5d:46:35:64:58:78:97:fc:75:7d:72:6e:
                    29:18:a0:27:49:29:6c:a5:a3:9e:70:ad:82:ed:8f:
                    84:24:54:60:d2:49:bd:5d:7b:08:f9:f3:7b:df:a8:
                    6c:61:2d:b4:a6:80:e0:38:93:00:7a:65:98:e5:8e:
                    3b:28:47:e8:bd:68:1f:22:04:c6:c9:f1:65:c3:18:
                    59:c1:a2:92:23:3c:a5:e7:0b:17:05:9a:16:9d:74:
                    0d:0f:4f:33:ba:8f:2c:3d:39:70:81:9a:54:bb:c0:
                    18:2b:48:13:18:af:62:8e:8e:86:ae:a9:8d:55:72:
                    da:7d:69:49:43:48:9a:39:62:f0:a1:b4:2c:f5:6c:
                    6e:fe:ed:62:b0:2d:67:20:29:38:43:8e:9c:06:f6:
                    fa:55:93:ed:d1:62:35:68:1c:7c:35:1a:70:51:0c:
                    68:0b:ba:9d:75:77:3e:10:b6:fd:10:65:03:7f:7d:
                    74:ed:b5:80:83:a8:f6:6d:a8:6e:c2:3c:a0:e9:39:
                    c0:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:EC:22:E4:E7:8F:24:E6:F0:8E:D3:08:3F:99:33:6A:BC:8C:96:28
            X509v3 Authority Key Identifier:
                keyid:28:20:3D:EC:D0:8B:D4:7D:8A:91:62:A6:E1:74:2F:3C:53:EA:3C:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KCA97NCL1H2KkWKm4XQvPFPqPHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c90a34-0afd-49b9-bbd6-a297c1408085/1/x-wi5OePJObwjtMIP5kzaryMlig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c90a34-0afd-49b9-bbd6-a297c1408085/1/KCA97NCL1H2KkWKm4XQvPFPqPHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:7180::/30

    Signature Algorithm: sha256WithRSAEncryption
         75:8c:e2:8b:32:1c:3f:c1:f6:11:b3:56:ff:7d:79:04:39:23:
         49:ce:a5:2b:d3:d5:6b:bc:46:26:47:51:c4:ac:3f:a7:b4:2d:
         f5:d3:73:54:39:98:ea:9d:71:c2:90:0a:ba:a0:cc:b1:9e:aa:
         32:f3:29:f9:ff:6d:22:01:bc:26:7d:79:6b:0f:29:6c:6a:d7:
         b2:42:bb:85:81:0a:26:d7:b3:4b:2c:9f:d2:8f:14:22:5e:2a:
         69:9f:b5:8c:3a:c1:18:ef:01:59:9d:f4:e9:37:2c:b8:87:53:
         7e:47:df:81:42:8d:95:ed:9c:57:47:ed:74:db:9d:d6:c2:b7:
         2d:fc:1b:82:b7:2d:0a:ba:ed:e3:88:07:00:95:d0:a7:c2:0a:
         7e:de:3a:f3:7f:9b:7e:ff:14:50:6a:39:a1:70:d3:c5:50:e9:
         e0:10:e1:9a:c4:f7:b8:52:b2:ba:bd:90:62:28:46:53:6b:43:
         e3:90:b4:0c:a9:4c:34:d3:6b:c9:d8:a9:2d:8b:e2:7e:f7:c8:
         24:79:d5:ce:3a:b3:82:c5:94:69:a1:8d:f9:48:c3:67:a6:00:
         b2:f7:5b:e1:72:69:a7:05:99:b9:cd:ea:54:4c:3d:eb:25:93:
         ab:7c:81:c0:f2:07:3f:48:41:38:6f:45:7e:17:62:5d:d4:5e:
         4c:61:8f:ed
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDtz27v77QWCDcrsfuJZCSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MjAzZGVjZDA4YmQ0N2Q4YTkxNjJhNmUxNzQyZjNjNTNl
YTNjNzQwHhcNMjQwMTAxMDYzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2VjMjJlNGU3OGYyNGU2ZjA4ZWQzMDgzZjk5MzM2YWJjOGM5NjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMIQh5pEZywDy1+lLk6Qmf2O/D9l
fgecouKGIT0vjF4r/5vtdZ9l/FtK/v4OP0tKWdsunazjvFUTXduBuixdRjVkWHiX
/HV9cm4pGKAnSSlspaOecK2C7Y+EJFRg0km9XXsI+fN736hsYS20poDgOJMAemWY
5Y47KEfovWgfIgTGyfFlwxhZwaKSIzyl5wsXBZoWnXQND08zuo8sPTlwgZpUu8AY
K0gTGK9ijo6GrqmNVXLafWlJQ0iaOWLwobQs9Wxu/u1isC1nICk4Q46cBvb6VZPt
0WI1aBx8NRpwUQxoC7qddXc+ELb9EGUDf3107bWAg6j2bahuwjyg6TnAmwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMfsIuTnjyTm8I7TCD+ZM2q8jJYoMB8GA1UdIwQY
MBaAFCggPezQi9R9ipFipuF0LzxT6jx0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0NBOTdOQ0wxSDJLa1dLbTRYUXZQRlBxUEhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jOTBhMzQtMGFmZC00OWI5LWJiZDYt
YTI5N2MxNDA4MDg1LzEveC13aTVPZVBKT2J3anRNSVA1a3phcnlNbGlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jOTBhMzQtMGFmZC00OWI5LWJiZDYtYTI5N2MxNDA4MDg1
LzEvS0NBOTdOQ0wxSDJLa1dLbTRYUXZQRlBxUEhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUCKgxxgDAN
BgkqhkiG9w0BAQsFAAOCAQEAdYziizIcP8H2EbNW/315BDkjSc6lK9PVa7xGJkdR
xKw/p7Qt9dNzVDmY6p1xwpAKuqDMsZ6qMvMp+f9tIgG8Jn15aw8pbGrXskK7hYEK
JtezSyyf0o8UIl4qaZ+1jDrBGO8BWZ306TcsuIdTfkffgUKNle2cV0ftdNud1sK3
LfwbgrctCrrt44gHAJXQp8IKft4683+bfv8UUGo5oXDTxVDp4BDhmsT3uFKyur2Q
YihGU2tD45C0DKlMNNNrydipLYvifvfIJHnVzjqzgsWUaaGN+UjDZ6YAsvdb4XJp
pwWZuc3qVEw96yWTq3yBwPIHP0hBOG9FfhdiXdReTGGP7Q==
-----END CERTIFICATE-----