Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/wmCIFf4sPDXMS7-vf_b_OidzyBk.roa
File:                     wmCIFf4sPDXMS7-vf_b_OidzyBk.roa (raw, json)
Hash identifier:          FoBmczY/AjS42Gc4+FSvLzg5+jmzLZvz0BjS67WFqBs=
Subject key identifier:   C2:60:88:15:FE:2C:3C:35:CC:4B:BF:AF:7F:F6:FF:3A:27:73:C8:19
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       0197133BCA7D0FD3B32492DF38B771F256D5
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/wmCIFf4sPDXMS7-vf_b_OidzyBk.roa
Signing time:             Tue 27 May 2025 19:32:54 +0000
ROA not before:           Tue 27 May 2025 19:32:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213861
IP address blocks:        2a11:e9c5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:13:3b:ca:7d:0f:d3:b3:24:92:df:38:b7:71:f2:56:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: May 27 19:32:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2608815fe2c3c35cc4bbfaf7ff6ff3a2773c819
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:6b:84:51:dc:cd:9d:57:1b:f2:fb:5c:b9:b1:
                    3e:6c:25:c8:49:9e:e9:00:1e:f7:3b:c7:50:0b:cf:
                    7f:b5:b8:22:81:09:57:f1:bd:eb:94:9b:39:c5:10:
                    05:85:aa:b2:bd:9b:9f:76:ac:c1:30:f6:da:d3:99:
                    03:96:e8:4a:a9:88:e1:87:af:16:69:82:45:36:27:
                    d4:00:8c:83:9c:9b:52:c7:7b:ec:c3:81:39:0d:6d:
                    ce:97:02:f6:f9:c4:82:00:7b:2f:e4:f3:45:ed:0d:
                    01:7e:52:a3:e7:ff:dc:75:b2:7f:08:ba:7e:26:1c:
                    a8:62:dd:9f:47:37:a7:65:a0:03:e9:8b:bb:92:fe:
                    ad:b6:11:71:f4:12:14:d9:31:5b:d9:29:57:37:a7:
                    69:c7:43:39:a8:8d:fc:f8:30:b3:9c:d0:05:01:cc:
                    6c:54:bf:57:8e:79:b2:2a:9e:bc:6f:f0:94:6e:9c:
                    0c:46:c0:9c:7d:3b:32:6f:27:12:71:94:3a:98:b9:
                    b0:c7:97:f7:b8:bb:58:95:a8:59:e7:54:32:8e:31:
                    ae:5c:67:e7:c5:29:69:0f:a3:5a:43:91:6e:b1:5a:
                    2d:6d:c1:80:25:29:46:ab:dc:44:40:25:d9:4a:c7:
                    87:38:9a:32:3d:06:1d:5b:e2:4d:f0:da:e6:1d:77:
                    6c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:60:88:15:FE:2C:3C:35:CC:4B:BF:AF:7F:F6:FF:3A:27:73:C8:19
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/wmCIFf4sPDXMS7-vf_b_OidzyBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:e9c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         49:68:11:64:76:12:14:0d:04:c0:0d:67:eb:74:a6:4e:1e:7a:
         98:b0:7f:12:a0:24:da:df:fc:6a:44:53:8e:ae:41:91:a8:a9:
         45:81:57:8a:ba:54:86:ee:1b:b5:49:10:5e:0c:74:9b:3c:46:
         37:e1:75:f9:9b:1f:4d:87:4c:2e:59:bd:67:ec:5f:73:ff:0e:
         20:87:f0:b4:00:68:6e:1c:e2:2b:64:a0:94:28:5c:bf:13:0e:
         b7:b5:40:0d:a5:a1:b4:9e:c4:c2:21:40:0d:dc:4c:b5:75:f2:
         b3:6e:d2:c1:1d:60:50:42:8b:29:22:59:83:90:05:2b:54:fa:
         47:de:ad:ba:ce:61:f1:8a:3a:9a:34:0d:1d:e1:20:fd:2e:31:
         57:ef:9e:31:53:fb:d2:0a:6c:6b:70:24:23:e1:4a:06:d8:83:
         0a:a0:66:29:2c:dd:00:c1:84:1e:65:af:ef:ae:f0:76:3f:ec:
         66:a1:b1:11:95:37:cd:26:f3:f6:d3:e9:e6:6c:b9:ee:bb:a0:
         d3:c7:d9:d4:bd:cb:4c:23:5d:9e:75:70:69:7b:8a:6b:6d:a6:
         ff:f1:2c:28:f5:09:62:64:7c:43:7d:c0:27:30:ac:a7:1f:de:
         6d:66:5f:d1:85:60:97:02:09:f2:62:77:d1:e4:3f:5e:ef:c3:
         50:d7:58:75
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZcTO8p9D9OzJJLfOLdx8lbVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwNTI3MTkzMjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjYwODgxNWZlMmMzYzM1Y2M0YmJmYWY3ZmY2ZmYzYTI3NzNjODE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGuEUdzNnVcb8vtcubE+bCXISZ7p
AB73O8dQC89/tbgigQlX8b3rlJs5xRAFhaqyvZufdqzBMPba05kDluhKqYjhh68W
aYJFNifUAIyDnJtSx3vsw4E5DW3OlwL2+cSCAHsv5PNF7Q0BflKj5//cdbJ/CLp+
JhyoYt2fRzenZaAD6Yu7kv6tthFx9BIU2TFb2SlXN6dpx0M5qI38+DCznNAFAcxs
VL9XjnmyKp68b/CUbpwMRsCcfTsybycScZQ6mLmwx5f3uLtYlahZ51QyjjGuXGfn
xSlpD6NaQ5FusVotbcGAJSlGq9xEQCXZSseHOJoyPQYdW+JN8NrmHXdsSQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMJgiBX+LDw1zEu/r3/2/zonc8gZMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvd21DSUZmNHNQRFhNUzctdmZfYl9PaWR6eUJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhHpxTAN
BgkqhkiG9w0BAQsFAAOCAQEASWgRZHYSFA0EwA1n63SmTh56mLB/EqAk2t/8akRT
jq5BkaipRYFXirpUhu4btUkQXgx0mzxGN+F1+ZsfTYdMLlm9Z+xfc/8OIIfwtABo
bhziK2SglChcvxMOt7VADaWhtJ7EwiFADdxMtXXys27SwR1gUEKLKSJZg5AFK1T6
R96tus5h8Yo6mjQNHeEg/S4xV++eMVP70gpsa3AkI+FKBtiDCqBmKSzdAMGEHmWv
767wdj/sZqGxEZU3zSbz9tPp5my57rug08fZ1L3LTCNdnnVwaXuKa22m//EsKPUJ
YmR8Q33AJzCspx/ebWZf0YVglwIJ8mJ30eQ/Xu/DUNdYdQ==
-----END CERTIFICATE-----