Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/DWUG66fFz-tva3IV1AIOt_XglVo.roa
File:                     DWUG66fFz-tva3IV1AIOt_XglVo.roa (raw, json)
Hash identifier:          cw0FLpXOdkucLVqG+he+FkBhBoW8gO03GJBq/a2yGAo=
Subject key identifier:   0D:65:06:EB:A7:C5:CF:EB:6F:6B:72:15:D4:02:0E:B7:F5:E0:95:5A
Certificate issuer:       /CN=807709e7b0efba127025c83e5d3194c71ba428c3
Certificate serial:       018CC49295D8608775A61BF698263A8E2B7F
Authority key identifier: 80:77:09:E7:B0:EF:BA:12:70:25:C8:3E:5D:31:94:C7:1B:A4:28:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gHcJ57DvuhJwJcg-XTGUxxukKMM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/DWUG66fFz-tva3IV1AIOt_XglVo.roa
Signing time:             Mon 01 Jan 2024 10:29:50 +0000
ROA not before:           Mon 01 Jan 2024 10:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31078
IP address blocks:        2a0f:6040:7966::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/gHcJ57DvuhJwJcg-XTGUxxukKMM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/gHcJ57DvuhJwJcg-XTGUxxukKMM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gHcJ57DvuhJwJcg-XTGUxxukKMM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:95:d8:60:87:75:a6:1b:f6:98:26:3a:8e:2b:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=807709e7b0efba127025c83e5d3194c71ba428c3
        Validity
            Not Before: Jan  1 10:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d6506eba7c5cfeb6f6b7215d4020eb7f5e0955a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:f1:c7:f2:43:ba:7c:a5:44:13:7a:bc:dd:4d:
                    db:d1:da:fe:b1:a9:29:bb:94:e5:95:6f:15:59:2d:
                    a2:66:17:58:38:6e:81:2b:08:54:4c:c8:fd:cc:55:
                    a4:fa:ed:66:79:e0:5a:88:e9:cb:db:ea:09:a5:a8:
                    dd:0e:da:98:f0:d3:ef:a7:88:15:98:73:b0:f1:b0:
                    e5:ee:0d:bc:5f:4c:1b:1b:f5:e8:c5:d7:a8:a9:5f:
                    7f:9c:97:09:b0:7d:21:50:4d:72:f3:c7:96:ad:61:
                    4c:e2:79:94:2a:88:37:3d:40:76:2d:63:3b:2a:30:
                    48:5c:6f:d6:b8:52:d1:6b:6c:e3:17:03:f8:68:b2:
                    26:14:eb:f9:6a:12:37:8a:3f:86:e9:4c:ba:61:8c:
                    bf:d2:8e:27:71:d4:b4:9e:71:c1:e1:4e:bf:7f:47:
                    b9:e4:71:65:41:76:53:68:c1:70:22:d3:d5:1c:3e:
                    d2:0b:74:8e:71:21:9d:c7:15:f8:5c:f0:dd:9a:83:
                    25:5b:5d:c4:49:55:33:73:a6:db:36:38:da:4e:42:
                    83:0b:4d:46:98:8a:fd:11:90:73:8f:91:f1:b1:bf:
                    a6:c5:aa:cf:63:e7:46:c3:e4:14:90:aa:2f:35:8f:
                    22:32:32:04:25:50:35:ae:75:f2:6e:b5:a2:22:ce:
                    93:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:65:06:EB:A7:C5:CF:EB:6F:6B:72:15:D4:02:0E:B7:F5:E0:95:5A
            X509v3 Authority Key Identifier:
                keyid:80:77:09:E7:B0:EF:BA:12:70:25:C8:3E:5D:31:94:C7:1B:A4:28:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gHcJ57DvuhJwJcg-XTGUxxukKMM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/DWUG66fFz-tva3IV1AIOt_XglVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c426c3-4f03-46bb-8008-be9ad2bf725f/1/gHcJ57DvuhJwJcg-XTGUxxukKMM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:6040:7966::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:29:14:41:40:e9:44:eb:ac:18:09:90:e5:36:27:79:64:ab:
         cf:07:e9:1a:b3:a2:82:76:f0:80:c3:3b:4f:7c:0f:b3:01:c8:
         75:2e:7a:e4:fb:d6:6f:72:fb:b9:82:70:ed:69:5d:83:71:26:
         d3:fb:df:4f:ee:f6:6a:2f:4b:21:49:dc:14:8a:2b:eb:c5:aa:
         75:53:c9:99:3a:e5:3d:60:fc:c5:31:33:db:9a:d5:ee:be:0c:
         90:2c:fc:c8:1c:50:ee:2f:44:40:97:05:9a:d2:af:50:cb:ca:
         e2:6d:42:3c:7e:ad:b3:f3:18:dd:79:11:04:9b:84:95:18:cf:
         ef:82:82:ee:13:1c:57:3e:fe:6e:19:e2:88:83:50:e2:34:d6:
         2c:5a:3b:cd:13:dc:94:0f:e2:7d:6f:3d:50:73:49:ac:90:3d:
         36:69:30:9c:e6:93:72:b8:d6:69:56:ef:97:47:8c:a5:ad:cd:
         be:17:d6:c5:e7:48:ca:66:71:37:78:60:e0:b5:67:6d:2d:16:
         d9:5e:08:45:dc:e9:e8:50:0b:0a:71:a1:26:78:b4:ba:c1:23:
         9d:57:92:09:6d:32:f6:0a:81:7b:3f:b4:35:fe:c3:cd:02:2e:
         9f:c1:90:35:5f:dd:66:2a:61:f7:bd:2e:52:9a:92:b9:c3:17:
         ab:88:cb:69
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEkpXYYId1phv2mCY6jit/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNzcwOWU3YjBlZmJhMTI3MDI1YzgzZTVkMzE5NGM3MWJh
NDI4YzMwHhcNMjQwMTAxMTAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDY1MDZlYmE3YzVjZmViNmY2YjcyMTVkNDAyMGViN2Y1ZTA5NTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPHH8kO6fKVEE3q83U3b0dr+sakp
u5TllW8VWS2iZhdYOG6BKwhUTMj9zFWk+u1meeBaiOnL2+oJpajdDtqY8NPvp4gV
mHOw8bDl7g28X0wbG/XoxdeoqV9/nJcJsH0hUE1y88eWrWFM4nmUKog3PUB2LWM7
KjBIXG/WuFLRa2zjFwP4aLImFOv5ahI3ij+G6Uy6YYy/0o4ncdS0nnHB4U6/f0e5
5HFlQXZTaMFwItPVHD7SC3SOcSGdxxX4XPDdmoMlW13ESVUzc6bbNjjaTkKDC01G
mIr9EZBzj5Hxsb+mxarPY+dGw+QUkKovNY8iMjIEJVA1rnXybrWiIs6TmwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA1lBuunxc/rb2tyFdQCDrf14JVaMB8GA1UdIwQY
MBaAFIB3Ceew77oScCXIPl0xlMcbpCjDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0hjSjU3RHZ1aEp3SmNnLVhUR1V4eHVrS01NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jNDI2YzMtNGYwMy00NmJiLTgwMDgt
YmU5YWQyYmY3MjVmLzEvRFdVRzY2ZkZ6LXR2YTNJVjFBSU90X1hnbFZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jNDI2YzMtNGYwMy00NmJiLTgwMDgtYmU5YWQyYmY3MjVm
LzEvZ0hjSjU3RHZ1aEp3SmNnLVhUR1V4eHVrS01NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9gQHlm
MA0GCSqGSIb3DQEBCwUAA4IBAQBeKRRBQOlE66wYCZDlNid5ZKvPB+kas6KCdvCA
wztPfA+zAch1Lnrk+9Zvcvu5gnDtaV2DcSbT+99P7vZqL0shSdwUiivrxap1U8mZ
OuU9YPzFMTPbmtXuvgyQLPzIHFDuL0RAlwWa0q9Qy8ribUI8fq2z8xjdeREEm4SV
GM/vgoLuExxXPv5uGeKIg1DiNNYsWjvNE9yUD+J9bz1Qc0mskD02aTCc5pNyuNZp
Vu+XR4ylrc2+F9bF50jKZnE3eGDgtWdtLRbZXghF3OnoUAsKcaEmeLS6wSOdV5IJ
bTL2CoF7P7Q1/sPNAi6fwZA1X91mKmH3vS5SmpK5wxeriMtp
-----END CERTIFICATE-----