Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/w7Yzd2TedurzKewHoqpci2qYYp0.roa
File:                     w7Yzd2TedurzKewHoqpci2qYYp0.roa (raw, json)
Hash identifier:          spWJhk8H/dYbLSMFJX6DxO4QwlRmXLW9d+Xhr78uF5c=
Subject key identifier:   C3:B6:33:77:64:DE:76:EA:F3:29:EC:07:A2:AA:5C:8B:6A:98:62:9D
Certificate issuer:       /CN=e14ac611614dd165d94557296ed7ed46c8fc025f
Certificate serial:       018CC49371FF68C75C91CDB6A689EA27F046
Authority key identifier: E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/w7Yzd2TedurzKewHoqpci2qYYp0.roa
Signing time:             Mon 01 Jan 2024 10:30:46 +0000
ROA not before:           Mon 01 Jan 2024 10:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204443
IP address blocks:        2a0d:2146:8440::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:71:ff:68:c7:5c:91:cd:b6:a6:89:ea:27:f0:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e14ac611614dd165d94557296ed7ed46c8fc025f
        Validity
            Not Before: Jan  1 10:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3b6337764de76eaf329ec07a2aa5c8b6a98629d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:5c:1b:dc:27:9f:71:c7:56:25:c8:f7:c6:d0:
                    89:ff:1f:23:ad:b8:27:04:7d:bd:38:e7:9f:55:1f:
                    49:9c:1f:0a:3e:5a:3e:71:31:c5:2f:3f:17:7b:24:
                    50:a0:0c:fd:2e:44:cf:50:d9:77:4c:a4:cb:56:25:
                    4b:57:ee:15:20:4e:ca:b9:4f:dc:28:fe:9c:88:99:
                    00:2a:c5:fb:c3:b3:5a:3a:d3:32:fe:e9:48:b6:93:
                    d6:88:aa:a5:e1:ab:ea:45:72:d1:fd:dc:73:c1:63:
                    54:56:a0:15:10:5f:d1:a9:e3:0b:82:87:4b:5a:46:
                    9b:b6:96:c6:92:ed:71:24:ff:e0:89:07:0f:a6:36:
                    7d:f9:3e:2e:26:2b:76:40:9b:9a:f0:f5:59:c5:b7:
                    09:94:31:27:cc:33:e7:aa:02:87:cb:0c:29:84:ff:
                    35:13:80:1d:20:b2:e0:6e:28:f8:1d:bc:b1:5b:18:
                    8b:8b:c3:a7:29:a0:2c:49:e0:15:07:2f:d7:1f:2e:
                    f8:ce:b0:12:8f:5c:a3:d0:76:31:fe:cf:e9:4a:fe:
                    28:f9:e8:2e:af:52:a2:78:48:4e:da:82:07:85:bf:
                    d4:9f:f9:b5:bd:04:b5:bc:28:28:78:ba:61:15:79:
                    5e:07:69:4f:ec:33:db:8f:73:67:a6:de:00:f2:94:
                    ef:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:B6:33:77:64:DE:76:EA:F3:29:EC:07:A2:AA:5C:8B:6A:98:62:9D
            X509v3 Authority Key Identifier:
                keyid:E1:4A:C6:11:61:4D:D1:65:D9:45:57:29:6E:D7:ED:46:C8:FC:02:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4UrGEWFN0WXZRVcpbtftRsj8Al8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/w7Yzd2TedurzKewHoqpci2qYYp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/6e79b8-2b8f-4ecc-9a6e-70e898bb38dd/1/4UrGEWFN0WXZRVcpbtftRsj8Al8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2146:8440::/44

    Signature Algorithm: sha256WithRSAEncryption
         ab:26:72:a9:eb:50:00:98:41:95:9c:9e:8e:e8:00:4b:7b:cb:
         5d:9c:d5:ac:2b:af:02:85:e4:09:7a:ec:f6:e5:11:d3:a8:7c:
         c0:2d:1d:c0:8b:86:38:99:17:6c:69:e4:5f:14:8e:69:bb:40:
         94:39:01:48:d7:1f:d3:b0:05:c0:ac:70:38:d0:93:17:16:ab:
         06:ad:91:15:9f:3c:c1:ef:9a:d3:db:41:75:13:dc:70:f6:f5:
         33:69:ed:a4:68:e4:d2:2e:d5:7f:f3:fe:f8:26:e2:76:90:1d:
         31:a3:f6:86:17:e9:e9:99:09:2d:ce:db:5f:b4:4d:de:c6:fb:
         91:03:cb:e2:52:5a:1e:1b:fe:cc:ca:e6:48:eb:ab:e6:f2:38:
         a3:92:5f:a8:45:a7:84:c2:86:75:d9:92:d8:50:49:3d:48:48:
         6e:d9:2c:d4:25:73:cb:fa:c0:68:38:46:d5:d2:bc:81:74:1b:
         6f:36:23:a9:ae:de:bb:a5:6b:e8:e9:c9:5e:e4:14:6a:d8:8f:
         2e:98:62:52:e9:12:39:b8:00:0e:2e:28:07:83:f0:43:b3:b4:
         61:ed:4a:61:70:2e:94:e6:9b:c8:c8:ae:02:01:32:78:42:06:
         0c:3f:56:73:95:8d:0c:82:53:90:8f:16:7f:1b:bf:01:c6:19:
         44:67:7d:e3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk3H/aMdckc22ponqJ/BGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNGFjNjExNjE0ZGQxNjVkOTQ1NTcyOTZlZDdlZDQ2Yzhm
YzAyNWYwHhcNMjQwMTAxMTAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2I2MzM3NzY0ZGU3NmVhZjMyOWVjMDdhMmFhNWM4YjZhOTg2MjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFwb3CefccdWJcj3xtCJ/x8jrbgn
BH29OOefVR9JnB8KPlo+cTHFLz8XeyRQoAz9LkTPUNl3TKTLViVLV+4VIE7KuU/c
KP6ciJkAKsX7w7NaOtMy/ulItpPWiKql4avqRXLR/dxzwWNUVqAVEF/RqeMLgodL
WkabtpbGku1xJP/giQcPpjZ9+T4uJit2QJua8PVZxbcJlDEnzDPnqgKHywwphP81
E4AdILLgbij4HbyxWxiLi8OnKaAsSeAVBy/XHy74zrASj1yj0HYx/s/pSv4o+egu
r1KieEhO2oIHhb/Un/m1vQS1vCgoeLphFXleB2lP7DPbj3Nnpt4A8pTv0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMO2M3dk3nbq8ynsB6KqXItqmGKdMB8GA1UdIwQY
MBaAFOFKxhFhTdFl2UVXKW7X7UbI/AJfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUt
NzBlODk4YmIzOGRkLzEvdzdZemQyVGVkdXJ6S2V3SG9xcGNpMnFZWXAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS82ZTc5YjgtMmI4Zi00ZWNjLTlhNmUtNzBlODk4YmIzOGRk
LzEvNFVyR0VXRk4wV1haUlZjcGJ0ZnRSc2o4QWw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg0hRoRA
MA0GCSqGSIb3DQEBCwUAA4IBAQCrJnKp61AAmEGVnJ6O6ABLe8tdnNWsK68CheQJ
euz25RHTqHzALR3Ai4Y4mRdsaeRfFI5pu0CUOQFI1x/TsAXArHA40JMXFqsGrZEV
nzzB75rT20F1E9xw9vUzae2kaOTSLtV/8/74JuJ2kB0xo/aGF+npmQktzttftE3e
xvuRA8viUloeG/7MyuZI66vm8jijkl+oRaeEwoZ12ZLYUEk9SEhu2SzUJXPL+sBo
OEbV0ryBdBtvNiOprt67pWvo6cle5BRq2I8umGJS6RI5uAAOLigHg/BDs7Rh7Uph
cC6U5pvIyK4CATJ4QgYMP1ZzlY0MglOQjxZ/G78BxhlEZ33j
-----END CERTIFICATE-----