Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/Wy0VU30SABmnJdJtWMeVCXUj4wE.roa
File:                     Wy0VU30SABmnJdJtWMeVCXUj4wE.roa (raw, json)
Hash identifier:          fqi3moaVSHFHX7RuD2Et3DddtYFCbrKm4Xa6UWww6pQ=
Subject key identifier:   5B:2D:15:53:7D:12:00:19:A7:25:D2:6D:58:C7:95:09:75:23:E3:01
Certificate issuer:       /CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
Certificate serial:       019151CF83B57A4F46C22D6813B5388B5A3C
Authority key identifier: C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/Wy0VU30SABmnJdJtWMeVCXUj4wE.roa
Signing time:             Wed 14 Aug 2024 16:53:59 +0000
ROA not before:           Wed 14 Aug 2024 16:53:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44331
IP address blocks:        2a07:2486:fe0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:51:cf:83:b5:7a:4f:46:c2:2d:68:13:b5:38:8b:5a:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
        Validity
            Not Before: Aug 14 16:53:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b2d15537d120019a725d26d58c795097523e301
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e3:fb:cc:f5:c0:72:a3:f1:e7:96:c0:7e:c7:
                    f8:db:98:1f:76:55:ff:56:75:d3:38:21:63:17:05:
                    fa:dd:cd:77:69:10:5d:a7:77:ba:51:ff:72:2f:15:
                    b7:c7:29:db:8e:5d:7b:20:fb:c5:8e:80:78:9d:d2:
                    c9:39:3c:b4:bc:c6:a8:7a:4f:cf:f6:ea:45:aa:9b:
                    b9:59:b7:df:4a:ca:a5:4e:09:ae:bc:ad:8b:74:ba:
                    42:10:14:04:08:9b:e3:88:73:23:37:ce:d9:18:df:
                    06:95:e2:83:ff:de:1b:15:b4:0a:fa:4f:b1:a3:d6:
                    28:fe:ba:ae:e7:69:cd:c3:a9:8c:0e:73:c1:9c:e4:
                    3f:65:62:1f:3b:1f:bc:d0:09:14:86:f4:1d:48:7f:
                    2f:cd:b9:af:e5:eb:1f:c5:19:f6:ed:29:6d:b8:cc:
                    12:24:7d:02:77:75:a4:0a:9a:75:8b:a6:4e:0c:4c:
                    b8:d2:29:18:83:f2:da:81:3d:ca:f9:fe:3a:05:be:
                    12:91:e7:da:d3:b9:9d:d1:86:3f:d7:26:39:17:a3:
                    e8:7c:03:7f:a5:62:fc:d9:c6:a5:d5:df:9c:ac:c5:
                    6e:aa:a6:29:a5:4e:e4:72:75:02:0d:eb:92:82:96:
                    e2:e7:e1:48:ae:25:6e:82:44:d8:84:bc:49:5d:53:
                    c3:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:2D:15:53:7D:12:00:19:A7:25:D2:6D:58:C7:95:09:75:23:E3:01
            X509v3 Authority Key Identifier:
                keyid:C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/Wy0VU30SABmnJdJtWMeVCXUj4wE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2486:fe0::/44

    Signature Algorithm: sha256WithRSAEncryption
         58:74:a5:7b:8f:73:e7:03:f0:f9:3b:56:d4:b7:6a:5b:2c:0b:
         76:05:32:54:2a:24:4c:f2:5f:a9:47:48:4d:d6:68:28:1f:1b:
         c5:55:ae:b4:ca:8e:5a:c1:67:d3:6d:7d:17:4f:da:af:69:a6:
         84:e6:09:f7:a6:d2:b6:69:d1:a6:b8:63:72:48:e7:10:a3:84:
         8f:ee:3d:20:6f:18:7b:33:21:f5:62:83:28:a8:f4:f7:e6:06:
         c2:80:b9:e0:e6:9d:41:a3:09:07:18:25:9d:c6:50:a8:46:47:
         ad:62:f1:87:9b:39:29:6c:52:b0:43:3b:0d:ce:7b:36:49:7b:
         2b:45:d2:4c:5c:2e:52:8c:2f:af:f9:9b:49:dc:0f:fa:2d:d3:
         5d:9b:df:b2:c7:fa:ac:09:e8:a4:d6:42:47:48:3d:c5:74:e6:
         58:8a:1e:56:ca:ef:9c:f6:39:24:93:28:f0:86:fa:23:ad:61:
         50:36:57:58:6f:08:a5:e8:79:0a:2a:72:aa:70:50:d3:39:2d:
         46:e8:e7:ed:6b:5f:49:da:97:1e:2d:c1:dd:f7:35:b0:2b:ff:
         15:11:f2:0c:83:73:b4:68:b0:bd:b6:30:7e:1b:3e:72:7b:98:
         fc:c8:5d:5c:4c:62:56:f8:5d:67:27:8d:5d:48:50:cd:81:09:
         86:d5:a5:3e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZFRz4O1ek9Gwi1oE7U4i1o8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMzZlOGMyMTZmMDVhOWQ5ZTAzMjdmMTIyMmJmMTIxOThh
YmE1ZGEwHhcNMjQwODE0MTY1MzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjJkMTU1MzdkMTIwMDE5YTcyNWQyNmQ1OGM3OTUwOTc1MjNlMzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquP7zPXAcqPx55bAfsf425gfdlX/
VnXTOCFjFwX63c13aRBdp3e6Uf9yLxW3xynbjl17IPvFjoB4ndLJOTy0vMaoek/P
9upFqpu5WbffSsqlTgmuvK2LdLpCEBQECJvjiHMjN87ZGN8GleKD/94bFbQK+k+x
o9Yo/rqu52nNw6mMDnPBnOQ/ZWIfOx+80AkUhvQdSH8vzbmv5esfxRn27SltuMwS
JH0Cd3WkCpp1i6ZODEy40ikYg/LagT3K+f46Bb4Skefa07md0YY/1yY5F6PofAN/
pWL82cal1d+crMVuqqYppU7kcnUCDeuSgpbi5+FIriVugkTYhLxJXVPDiQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFstFVN9EgAZpyXSbVjHlQl1I+MBMB8GA1UdIwQY
MBaAFMI26MIW8FqdngMn8SIr8SGYq6XaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgt
Mzg0ZmZjZTc3ZjUyLzEvV3kwVlUzMFNBQm1uSmRKdFdNZVZDWFVqNHdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgtMzg0ZmZjZTc3ZjUy
LzEvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgckhg/g
MA0GCSqGSIb3DQEBCwUAA4IBAQBYdKV7j3PnA/D5O1bUt2pbLAt2BTJUKiRM8l+p
R0hN1mgoHxvFVa60yo5awWfTbX0XT9qvaaaE5gn3ptK2adGmuGNySOcQo4SP7j0g
bxh7MyH1YoMoqPT35gbCgLng5p1BowkHGCWdxlCoRketYvGHmzkpbFKwQzsNzns2
SXsrRdJMXC5SjC+v+ZtJ3A/6LdNdm9+yx/qsCeik1kJHSD3FdOZYih5Wyu+c9jkk
kyjwhvojrWFQNldYbwil6HkKKnKqcFDTOS1G6Ofta19J2pceLcHd9zWwK/8VEfIM
g3O0aLC9tjB+Gz5ye5j8yF1cTGJW+F1nJ41dSFDNgQmG1aU+
-----END CERTIFICATE-----