Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/WHlwnGMQm3YWlBXsWjYga7U62KE.roa
File:                     WHlwnGMQm3YWlBXsWjYga7U62KE.roa (raw, json)
Hash identifier:          5ief57cFXSIn3uv6L5y8VBNp1CpasvF9dmCS7OMY4oE=
Subject key identifier:   58:79:70:9C:63:10:9B:76:16:94:15:EC:5A:36:20:6B:B5:3A:D8:A1
Certificate issuer:       /CN=29b79380fe407439cc2ecd3fac18157db36cf768
Certificate serial:       018CC6B9239C8F32F1C02B762378CC21A02D
Authority key identifier: 29:B7:93:80:FE:40:74:39:CC:2E:CD:3F:AC:18:15:7D:B3:6C:F7:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KbeTgP5AdDnMLs0_rBgVfbNs92g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/WHlwnGMQm3YWlBXsWjYga7U62KE.roa
Signing time:             Mon 01 Jan 2024 20:31:11 +0000
ROA not before:           Mon 01 Jan 2024 20:31:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     4755
IP address blocks:        2a05:6742:9050::/46 maxlen: 46

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/KbeTgP5AdDnMLs0_rBgVfbNs92g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/KbeTgP5AdDnMLs0_rBgVfbNs92g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KbeTgP5AdDnMLs0_rBgVfbNs92g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:23:9c:8f:32:f1:c0:2b:76:23:78:cc:21:a0:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29b79380fe407439cc2ecd3fac18157db36cf768
        Validity
            Not Before: Jan  1 20:31:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5879709c63109b76169415ec5a36206bb53ad8a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:90:f4:6a:2d:84:4f:fe:c0:41:c1:63:c9:df:
                    46:22:71:86:c2:8d:33:1a:55:9a:09:ed:2d:ca:39:
                    b7:72:2d:67:b6:ad:97:d8:bf:d2:c8:8d:1e:56:5f:
                    b0:92:7b:21:88:6b:78:cd:53:b1:a4:79:3c:7c:16:
                    81:4e:5d:9d:f2:32:ad:bf:8a:9f:8f:00:e3:c6:62:
                    b6:57:cd:e2:b7:db:df:e1:8c:c6:27:bd:4f:70:8c:
                    8c:a3:82:6b:ea:6c:10:6d:86:c3:9b:a5:97:08:52:
                    63:f2:fd:b8:99:3e:95:06:33:ff:e9:68:49:fc:88:
                    37:fd:e7:fe:77:0c:88:c6:7e:8e:5c:ae:97:a7:45:
                    d7:c9:fb:6c:67:c9:0b:02:b7:e9:4f:d2:66:9e:ba:
                    5e:f4:b9:49:d2:98:77:a4:b5:16:18:3f:0e:7b:60:
                    a4:cf:ff:dc:04:b3:3f:85:dd:f9:73:10:53:85:b8:
                    7f:d5:e4:ce:da:ea:5c:6d:cd:74:db:ed:1a:46:5a:
                    8e:dc:3c:18:c1:7b:1d:2a:49:de:5e:c1:f8:5d:53:
                    70:c6:49:04:d2:01:1f:4b:0f:63:7b:39:44:f0:1a:
                    f0:52:1a:82:d4:dd:77:39:0d:21:b0:85:17:fd:c0:
                    22:ff:c6:f8:cb:3e:ba:e4:44:33:5b:ca:53:4e:b8:
                    bb:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:79:70:9C:63:10:9B:76:16:94:15:EC:5A:36:20:6B:B5:3A:D8:A1
            X509v3 Authority Key Identifier:
                keyid:29:B7:93:80:FE:40:74:39:CC:2E:CD:3F:AC:18:15:7D:B3:6C:F7:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KbeTgP5AdDnMLs0_rBgVfbNs92g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/WHlwnGMQm3YWlBXsWjYga7U62KE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/393842-e7ef-4893-9c1b-1e842118db6f/1/KbeTgP5AdDnMLs0_rBgVfbNs92g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:6742:9050::/46

    Signature Algorithm: sha256WithRSAEncryption
         00:6c:5f:9b:23:3b:8a:30:35:53:f3:1b:a2:85:c7:91:fa:9a:
         20:4e:f2:08:e1:11:b8:ce:b7:82:68:a8:62:47:bf:0f:84:f7:
         b7:f8:d8:ac:89:7c:4f:46:10:05:bc:ef:c8:47:93:ad:21:55:
         2f:80:3c:18:de:47:23:f5:5c:c7:f1:ee:1c:f6:39:6b:c2:2a:
         28:5f:c1:b4:f4:17:01:6c:5e:fb:21:e8:dd:45:94:b2:cd:4d:
         6b:ce:53:3d:f3:9e:ec:42:9c:83:ba:34:1c:63:b9:30:a3:33:
         07:3c:07:13:47:4c:a1:ea:cf:a3:c5:f2:11:79:5b:13:76:56:
         af:c0:53:da:ce:2c:f8:27:a6:7b:c9:18:67:6a:89:c4:2c:34:
         9a:b0:56:f4:b2:73:f2:d3:4b:e6:27:7c:22:e1:3e:4d:77:83:
         bd:d9:49:e0:a1:64:3f:f6:e9:10:a8:ca:8f:cf:e7:ef:41:b5:
         64:fd:ae:c3:5f:85:1f:56:91:71:5a:49:66:f5:55:fa:1f:e9:
         e3:e2:ca:6c:4b:15:8b:a2:f4:9c:d3:fc:7f:e4:77:71:3d:c0:
         c7:1e:d8:cb:a7:db:16:88:97:5b:8c:80:75:4c:f7:7c:2b:ec:
         c7:a9:75:d2:2d:87:14:7f:f2:0e:14:98:75:8e:df:54:2d:7f:
         c3:04:3c:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuSOcjzLxwCt2I3jMIaAtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5Yjc5MzgwZmU0MDc0MzljYzJlY2QzZmFjMTgxNTdkYjM2
Y2Y3NjgwHhcNMjQwMTAxMjAzMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODc5NzA5YzYzMTA5Yjc2MTY5NDE1ZWM1YTM2MjA2YmI1M2FkOGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJD0ai2ET/7AQcFjyd9GInGGwo0z
GlWaCe0tyjm3ci1ntq2X2L/SyI0eVl+wknshiGt4zVOxpHk8fBaBTl2d8jKtv4qf
jwDjxmK2V83it9vf4YzGJ71PcIyMo4Jr6mwQbYbDm6WXCFJj8v24mT6VBjP/6WhJ
/Ig3/ef+dwyIxn6OXK6Xp0XXyftsZ8kLArfpT9Jmnrpe9LlJ0ph3pLUWGD8Oe2Ck
z//cBLM/hd35cxBThbh/1eTO2upcbc102+0aRlqO3DwYwXsdKkneXsH4XVNwxkkE
0gEfSw9jezlE8BrwUhqC1N13OQ0hsIUX/cAi/8b4yz665EQzW8pTTri7lQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFh5cJxjEJt2FpQV7Fo2IGu1OtihMB8GA1UdIwQY
MBaAFCm3k4D+QHQ5zC7NP6wYFX2zbPdoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2JlVGdQNUFkRG5NTHMwX3JCZ1ZmYk5zOTJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8zOTM4NDItZTdlZi00ODkzLTljMWIt
MWU4NDIxMThkYjZmLzEvV0hsd25HTVFtM1lXbEJYc1dqWWdhN1U2MktFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8zOTM4NDItZTdlZi00ODkzLTljMWItMWU4NDIxMThkYjZm
LzEvS2JlVGdQNUFkRG5NTHMwX3JCZ1ZmYk5zOTJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgVnQpBQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAAbF+bIzuKMDVT8xuihceR+pogTvII4RG4zreC
aKhiR78PhPe3+NisiXxPRhAFvO/IR5OtIVUvgDwY3kcj9VzH8e4c9jlrwiooX8G0
9BcBbF77IejdRZSyzU1rzlM9857sQpyDujQcY7kwozMHPAcTR0yh6s+jxfIReVsT
dlavwFPaziz4J6Z7yRhnaonELDSasFb0snPy00vmJ3wi4T5Nd4O92UngoWQ/9ukQ
qMqPz+fvQbVk/a7DX4UfVpFxWklm9VX6H+nj4spsSxWLovSc0/x/5HdxPcDHHtjL
p9sWiJdbjIB1TPd8K+zHqXXSLYcUf/IOFJh1jt9ULX/DBDzD
-----END CERTIFICATE-----