Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/wpnHv1dKov_F6zy5a9O4Xv8dEm4.roa
File:                     wpnHv1dKov_F6zy5a9O4Xv8dEm4.roa (raw, json)
Hash identifier:          oOK2aPTb6rT2Wy4hDwOgKJwKynH90mESgYs+ySI3tAs=
Subject key identifier:   C2:99:C7:BF:57:4A:A2:FF:C5:EB:3C:B9:6B:D3:B8:5E:FF:1D:12:6E
Certificate issuer:       /CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
Certificate serial:       018CC8DE82A8F207AA542097CB0F9D4C842D
Authority key identifier: C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/wpnHv1dKov_F6zy5a9O4Xv8dEm4.roa
Signing time:             Tue 02 Jan 2024 06:31:14 +0000
ROA not before:           Tue 02 Jan 2024 06:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210378
IP address blocks:        2a07:2902:9c00::/38 maxlen: 38

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:82:a8:f2:07:aa:54:20:97:cb:0f:9d:4c:84:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
        Validity
            Not Before: Jan  2 06:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c299c7bf574aa2ffc5eb3cb96bd3b85eff1d126e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:46:1b:cc:6e:bc:95:da:b3:60:51:80:09:b4:
                    a3:7f:04:e4:f6:71:b0:b2:76:70:30:11:83:db:28:
                    77:1c:12:48:12:4a:74:fe:02:00:db:4f:a2:1e:3d:
                    8d:1e:67:b3:68:d5:73:da:49:4f:ca:94:9c:e7:a4:
                    77:f8:5d:83:80:32:50:22:c4:56:c6:d7:db:d6:13:
                    8e:de:98:50:e9:1c:17:66:01:99:88:ea:1f:46:a6:
                    0b:cf:8e:cc:1e:22:ad:51:a7:8c:20:5a:8f:50:d4:
                    0a:f4:7d:e1:8b:6e:72:f2:c8:49:05:7b:3d:c7:42:
                    6c:15:17:ee:5f:25:29:83:53:57:1e:21:7f:c1:00:
                    9a:57:f3:2a:00:04:05:cb:c6:f7:c7:10:15:4e:cf:
                    05:b4:9d:ed:d3:a9:f8:af:d5:bc:62:b6:b6:75:5d:
                    53:89:e0:60:b7:7d:79:f0:3f:1f:39:d8:11:12:d7:
                    bc:a0:c4:18:7d:b9:48:46:20:54:63:92:eb:98:d0:
                    61:bb:a9:24:1a:d4:a5:54:a5:aa:ac:db:07:0b:84:
                    51:c3:91:bd:ae:81:bc:5c:59:2b:d5:f7:88:62:83:
                    22:5a:69:69:f5:0d:4f:59:ff:16:c2:25:7c:09:e7:
                    ed:b9:75:8e:3e:9c:54:4c:f3:9a:1d:09:fc:0d:96:
                    5f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:99:C7:BF:57:4A:A2:FF:C5:EB:3C:B9:6B:D3:B8:5E:FF:1D:12:6E
            X509v3 Authority Key Identifier:
                keyid:C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/wpnHv1dKov_F6zy5a9O4Xv8dEm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2902:9c00::/38

    Signature Algorithm: sha256WithRSAEncryption
         42:ff:4f:d0:f1:8d:44:ff:8c:35:2b:6e:0b:ff:1b:d0:18:a8:
         77:98:af:da:1e:66:b2:b0:af:88:32:56:08:26:fe:ea:a7:1a:
         15:c8:f5:c7:fb:b7:d7:38:d9:f1:77:83:f4:48:e9:85:12:7f:
         89:5f:55:5e:2f:81:c3:1c:0b:d7:2b:88:7a:4d:de:87:7e:4e:
         5d:71:d7:c7:4f:58:87:d7:1c:7a:b7:03:08:07:cc:48:fd:b6:
         3c:ad:6a:8f:a0:be:0c:a6:1e:fe:e5:2f:88:68:a6:9e:49:ff:
         81:08:29:c0:f5:95:53:27:4e:67:53:9c:00:1e:2a:b0:60:d9:
         23:43:7e:d4:b8:60:51:c3:44:ab:fe:18:17:b3:03:61:30:82:
         c8:de:40:40:16:2b:d0:a9:d3:d4:99:2d:b2:b5:68:f7:e9:da:
         d3:bb:93:17:24:30:46:7f:20:72:ea:92:00:09:0f:7f:b0:67:
         fb:8d:54:62:3b:b0:4a:19:1a:82:8b:c5:d6:73:b1:4d:cd:de:
         6b:bf:67:4c:ef:d2:29:78:25:14:87:35:34:da:0e:ef:1b:35:
         1a:9e:54:12:2a:49:a9:9a:3e:18:6c:d1:b3:9b:f8:c8:45:7b:
         5b:f3:0d:91:2f:bd:d5:be:74:12:15:9c:63:2b:e4:7d:7f:4f:
         04:8e:f1:57
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzI3oKo8geqVCCXyw+dTIQtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NWM2ODNjYjFlYjljMGY0OWI5NjdlM2JkOWI4Yjg0Y2Yw
OTliYjgwHhcNMjQwMTAyMDYzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjk5YzdiZjU3NGFhMmZmYzVlYjNjYjk2YmQzYjg1ZWZmMWQxMjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUYbzG68ldqzYFGACbSjfwTk9nGw
snZwMBGD2yh3HBJIEkp0/gIA20+iHj2NHmezaNVz2klPypSc56R3+F2DgDJQIsRW
xtfb1hOO3phQ6RwXZgGZiOofRqYLz47MHiKtUaeMIFqPUNQK9H3hi25y8shJBXs9
x0JsFRfuXyUpg1NXHiF/wQCaV/MqAAQFy8b3xxAVTs8FtJ3t06n4r9W8Yra2dV1T
ieBgt3158D8fOdgREte8oMQYfblIRiBUY5LrmNBhu6kkGtSlVKWqrNsHC4RRw5G9
roG8XFkr1feIYoMiWmlp9Q1PWf8WwiV8CeftuXWOPpxUTPOaHQn8DZZf7QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMKZx79XSqL/xes8uWvTuF7/HRJuMB8GA1UdIwQY
MBaAFMRcaDyx65wPSbln472bi4TPCZu4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYt
ODhkMmRmMTBkMTViLzEvd3BuSHYxZEtvdl9GNnp5NWE5TzRYdjhkRW00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYtODhkMmRmMTBkMTVi
LzEveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgcpApww
DQYJKoZIhvcNAQELBQADggEBAEL/T9DxjUT/jDUrbgv/G9AYqHeYr9oeZrKwr4gy
Vggm/uqnGhXI9cf7t9c42fF3g/RI6YUSf4lfVV4vgcMcC9criHpN3od+Tl1x18dP
WIfXHHq3AwgHzEj9tjytao+gvgymHv7lL4hopp5J/4EIKcD1lVMnTmdTnAAeKrBg
2SNDftS4YFHDRKv+GBezA2EwgsjeQEAWK9Cp09SZLbK1aPfp2tO7kxckMEZ/IHLq
kgAJD3+wZ/uNVGI7sEoZGoKLxdZzsU3N3mu/Z0zv0il4JRSHNTTaDu8bNRqeVBIq
SamaPhhs0bOb+MhFe1vzDZEvvdW+dBIVnGMr5H1/TwSO8Vc=
-----END CERTIFICATE-----