Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/1f1ccb-ed10-4fe8-ae0b-61b982ada662/1/WkYaA-tjakXn4pTSH_4CKcmo7gU.roa
File:                     WkYaA-tjakXn4pTSH_4CKcmo7gU.roa (raw, json)
Hash identifier:          DrW4OkBFTUqZRdjKCWYLrbyd66VmauMftDfudpWyQJs=
Subject key identifier:   5A:46:1A:03:EB:63:6A:45:E7:E2:94:D2:1F:FE:02:29:C9:A8:EE:05
Certificate issuer:       /CN=c0ab92de7eaf5fbb2d14a508a90cefc569b54ed4
Certificate serial:       018CC3B7452A1D554588E1A9FF814056CD51
Authority key identifier: C0:AB:92:DE:7E:AF:5F:BB:2D:14:A5:08:A9:0C:EF:C5:69:B5:4E:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wKuS3n6vX7stFKUIqQzvxWm1TtQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/1f1ccb-ed10-4fe8-ae0b-61b982ada662/1/WkYaA-tjakXn4pTSH_4CKcmo7gU.roa
Signing time:             Mon 01 Jan 2024 06:30:17 +0000
ROA not before:           Mon 01 Jan 2024 06:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210026
IP address blocks:        151.90.0.0/16 maxlen: 24
                          185.86.84.0/22 maxlen: 24
                          2a05:b740::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/1f1ccb-ed10-4fe8-ae0b-61b982ada662/1/wKuS3n6vX7stFKUIqQzvxWm1TtQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/1f1ccb-ed10-4fe8-ae0b-61b982ada662/1/wKuS3n6vX7stFKUIqQzvxWm1TtQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wKuS3n6vX7stFKUIqQzvxWm1TtQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:05:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:45:2a:1d:55:45:88:e1:a9:ff:81:40:56:cd:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0ab92de7eaf5fbb2d14a508a90cefc569b54ed4
        Validity
            Not Before: Jan  1 06:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a461a03eb636a45e7e294d21ffe0229c9a8ee05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:25:cd:98:cd:f5:6c:46:50:0e:ed:f6:f4:ff:
                    ae:df:23:ea:b0:4e:af:33:c1:09:0e:a7:d4:6e:89:
                    b0:48:a3:88:8c:7d:6b:41:01:44:e2:8a:b9:cc:fd:
                    ee:d1:d7:27:52:09:f5:2f:07:53:d0:6e:0d:f6:8f:
                    6a:a2:94:7d:f5:4b:48:9a:f5:19:f0:f1:4d:f1:97:
                    b8:58:00:92:5d:ae:02:60:b0:27:f3:9a:fc:40:1f:
                    63:47:3b:9b:ae:69:70:75:1e:33:35:b0:ef:33:57:
                    77:ab:8a:6e:7f:c0:cb:d6:b0:0c:38:57:ed:0e:c8:
                    25:89:8b:e4:5a:64:88:c2:3a:a1:1a:94:47:f9:69:
                    8c:9e:32:4b:4f:de:c5:d0:d7:83:d7:26:05:46:85:
                    86:7c:e6:bf:07:2b:5b:d5:4e:f2:a0:de:ec:03:9e:
                    1c:e5:19:24:47:fc:61:62:93:1a:69:5d:e2:26:4e:
                    16:51:ce:e6:b3:fc:e3:cb:2f:8b:96:34:02:16:39:
                    d7:fc:4f:41:d1:f1:85:f8:51:07:74:a0:5d:5b:28:
                    6d:21:71:23:b4:7a:14:55:36:6f:9b:d3:e4:c3:6f:
                    a6:87:4f:0e:24:e5:ff:e5:01:d9:91:70:ad:09:73:
                    f0:f5:b7:7c:85:76:1a:4f:9e:d6:ec:16:73:11:6f:
                    ed:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:46:1A:03:EB:63:6A:45:E7:E2:94:D2:1F:FE:02:29:C9:A8:EE:05
            X509v3 Authority Key Identifier:
                keyid:C0:AB:92:DE:7E:AF:5F:BB:2D:14:A5:08:A9:0C:EF:C5:69:B5:4E:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wKuS3n6vX7stFKUIqQzvxWm1TtQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/1f1ccb-ed10-4fe8-ae0b-61b982ada662/1/WkYaA-tjakXn4pTSH_4CKcmo7gU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/1f1ccb-ed10-4fe8-ae0b-61b982ada662/1/wKuS3n6vX7stFKUIqQzvxWm1TtQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.90.0.0/16
                  185.86.84.0/22
                IPv6:
                  2a05:b740::/29

    Signature Algorithm: sha256WithRSAEncryption
         31:2a:77:56:82:e6:27:e4:17:42:14:54:39:10:3c:0c:e3:0c:
         36:ae:ee:43:5a:91:cd:d7:17:81:ed:2f:9f:05:c1:7a:5c:25:
         59:b1:37:b6:0f:d9:27:d1:91:06:9d:9d:43:e1:1b:a3:90:06:
         61:46:0c:87:7c:e3:73:c1:54:2d:8f:ff:27:8f:18:0f:23:87:
         ab:16:a4:60:16:51:c2:99:8a:34:7c:d0:b3:70:72:ef:4e:86:
         e5:83:82:0c:f4:cd:7a:8c:22:18:a9:a8:20:59:1d:09:1d:17:
         9f:e0:d1:6e:21:2e:fa:59:4d:3e:08:d2:83:a6:b5:7f:a9:47:
         9e:d0:9f:56:da:54:d8:45:9d:e7:4e:3f:89:05:55:97:6f:1d:
         22:bb:13:f3:84:86:ee:0c:a4:f6:51:9e:2e:7e:ac:76:c3:d5:
         65:c1:b8:99:f2:59:fe:48:9a:f8:8e:49:79:75:6a:c8:b5:b1:
         4c:da:cb:6a:94:02:61:a1:c9:08:b0:62:55:8e:a7:33:be:c0:
         62:56:3e:f8:23:44:f5:a5:5e:00:b5:f1:a5:01:49:74:f6:db:
         86:c2:c9:13:48:8d:ce:69:5e:fa:48:d0:19:89:fa:bd:00:c9:
         49:73:eb:5f:11:da:80:7a:28:29:ac:0d:29:8f:8e:6a:0e:69:
         bc:22:c5:28
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYzDt0UqHVVFiOGp/4FAVs1RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwYWI5MmRlN2VhZjVmYmIyZDE0YTUwOGE5MGNlZmM1Njli
NTRlZDQwHhcNMjQwMTAxMDYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTQ2MWEwM2ViNjM2YTQ1ZTdlMjk0ZDIxZmZlMDIyOWM5YThlZTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSXNmM31bEZQDu329P+u3yPqsE6v
M8EJDqfUbomwSKOIjH1rQQFE4oq5zP3u0dcnUgn1LwdT0G4N9o9qopR99UtImvUZ
8PFN8Ze4WACSXa4CYLAn85r8QB9jRzubrmlwdR4zNbDvM1d3q4puf8DL1rAMOFft
DsgliYvkWmSIwjqhGpRH+WmMnjJLT97F0NeD1yYFRoWGfOa/Bytb1U7yoN7sA54c
5RkkR/xhYpMaaV3iJk4WUc7ms/zjyy+LljQCFjnX/E9B0fGF+FEHdKBdWyhtIXEj
tHoUVTZvm9Pkw2+mh08OJOX/5QHZkXCtCXPw9bd8hXYaT57W7BZzEW/tzQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFFpGGgPrY2pF5+KU0h/+AinJqO4FMB8GA1UdIwQY
MBaAFMCrkt5+r1+7LRSlCKkM78VptU7UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0t1UzNuNnZYN3N0RktVSXFRenZ4V20xVHRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8xZjFjY2ItZWQxMC00ZmU4LWFlMGIt
NjFiOTgyYWRhNjYyLzEvV2tZYUEtdGpha1huNHBUU0hfNENLY21vN2dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8xZjFjY2ItZWQxMC00ZmU4LWFlMGItNjFiOTgyYWRhNjYy
LzEvd0t1UzNuNnZYN3N0RktVSXFRenZ4V20xVHRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMAl1oDBAK5
VlQwDQQCAAIwBwMFAyoFt0AwDQYJKoZIhvcNAQELBQADggEBADEqd1aC5ifkF0IU
VDkQPAzjDDau7kNakc3XF4HtL58FwXpcJVmxN7YP2SfRkQadnUPhG6OQBmFGDId8
43PBVC2P/yePGA8jh6sWpGAWUcKZijR80LNwcu9OhuWDggz0zXqMIhipqCBZHQkd
F5/g0W4hLvpZTT4I0oOmtX+pR57Qn1baVNhFnedOP4kFVZdvHSK7E/OEhu4MpPZR
ni5+rHbD1WXBuJnyWf5ImviOSXl1asi1sUzay2qUAmGhyQiwYlWOpzO+wGJWPvgj
RPWlXgC18aUBSXT224bCyRNIjc5pXvpI0BmJ+r0AyUlz618R2oB6KCmsDSmPjmoO
abwixSg=
-----END CERTIFICATE-----