Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/12391d-5fb6-4dea-a713-73a452bafb46/1/Wo-dX3lQK__8wGgqhbqIC_egjRY.roa
File:                     Wo-dX3lQK__8wGgqhbqIC_egjRY.roa (raw, json)
Hash identifier:          Kje1K6kIBEP6yfvrAyyBJragoqmu73LHVFRq0DMX108=
Subject key identifier:   5A:8F:9D:5F:79:50:2B:FF:FC:C0:68:2A:85:BA:88:0B:F7:A0:8D:16
Certificate issuer:       /CN=101287927ad7b1db479ae5ab92ab87c4a4faf496
Certificate serial:       019421B2008087C850A260B545DEAA7B6394
Authority key identifier: 10:12:87:92:7A:D7:B1:DB:47:9A:E5:AB:92:AB:87:C4:A4:FA:F4:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EBKHknrXsdtHmuWrkquHxKT69JY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/12391d-5fb6-4dea-a713-73a452bafb46/1/Wo-dX3lQK__8wGgqhbqIC_egjRY.roa
Signing time:             Wed 01 Jan 2025 11:48:21 +0000
ROA not before:           Wed 01 Jan 2025 11:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15557
IP address blocks:        2a00:be80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/12391d-5fb6-4dea-a713-73a452bafb46/1/EBKHknrXsdtHmuWrkquHxKT69JY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/12391d-5fb6-4dea-a713-73a452bafb46/1/EBKHknrXsdtHmuWrkquHxKT69JY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EBKHknrXsdtHmuWrkquHxKT69JY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:00:80:87:c8:50:a2:60:b5:45:de:aa:7b:63:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=101287927ad7b1db479ae5ab92ab87c4a4faf496
        Validity
            Not Before: Jan  1 11:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a8f9d5f79502bfffcc0682a85ba880bf7a08d16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:70:17:6c:8e:12:38:00:ad:8a:12:19:29:3b:
                    d5:05:ae:54:81:51:c0:79:b0:12:1a:e4:ee:45:0a:
                    8a:8d:cf:a9:f5:34:c8:cc:3a:2c:3a:c0:4e:8c:1f:
                    4c:4c:d5:a8:e4:0d:44:cf:6d:ea:1a:dd:e0:b2:ac:
                    c7:8d:84:d1:5f:58:62:99:b8:4f:b0:6e:cb:e0:56:
                    98:ef:83:5d:57:0e:ee:ce:9a:11:31:20:32:de:e9:
                    fb:82:ca:29:9d:bf:7f:52:08:50:27:15:35:c6:26:
                    72:1e:15:47:60:f3:c9:b7:bc:7f:d0:d9:f5:96:96:
                    70:be:9b:7d:dc:88:ac:53:01:7e:d7:6a:b6:c7:19:
                    f7:a8:c9:85:10:11:a1:39:e3:98:bf:23:d4:7e:1f:
                    d1:85:7c:50:0f:5c:20:83:37:9c:ea:de:2b:1a:ab:
                    c0:95:90:5c:e3:c4:48:cf:38:88:37:56:2a:58:2c:
                    8d:d3:89:35:f6:69:d4:3f:6f:c4:32:bf:96:90:0e:
                    69:0d:6c:c4:63:9b:ac:5c:02:45:ad:5e:7d:7b:6f:
                    d3:f2:38:3d:ab:d4:1f:6a:d0:bc:4d:a2:75:01:99:
                    c3:b7:dc:c8:07:7b:6a:45:f2:06:e1:71:f2:18:c3:
                    f2:94:ba:e8:03:dd:16:f0:b1:5c:58:27:01:05:5b:
                    3d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:8F:9D:5F:79:50:2B:FF:FC:C0:68:2A:85:BA:88:0B:F7:A0:8D:16
            X509v3 Authority Key Identifier:
                keyid:10:12:87:92:7A:D7:B1:DB:47:9A:E5:AB:92:AB:87:C4:A4:FA:F4:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EBKHknrXsdtHmuWrkquHxKT69JY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/12391d-5fb6-4dea-a713-73a452bafb46/1/Wo-dX3lQK__8wGgqhbqIC_egjRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/12391d-5fb6-4dea-a713-73a452bafb46/1/EBKHknrXsdtHmuWrkquHxKT69JY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:be80::/32

    Signature Algorithm: sha256WithRSAEncryption
         11:89:71:df:df:08:67:6d:bc:f4:84:cc:c1:9a:47:87:89:e7:
         d2:8c:dd:4b:f6:1e:66:41:ad:18:24:9f:3b:8f:32:ac:14:2c:
         6f:2f:01:f8:73:03:aa:9f:ca:00:c8:bc:b9:a7:57:56:04:11:
         48:f6:a2:6a:16:50:f5:97:06:16:44:1b:a9:2a:6a:d0:64:98:
         4d:32:e6:89:0f:72:53:74:88:7d:18:b0:49:5c:2a:50:05:74:
         05:04:5b:dd:fa:1c:0a:20:ef:eb:56:88:a3:0f:9b:ab:47:4d:
         50:64:ec:cc:9e:3e:47:b8:4c:6f:e6:9a:41:0d:4a:2d:7f:6f:
         50:de:5c:00:96:18:eb:53:fe:86:d5:b3:99:9c:c8:72:af:39:
         bf:27:8c:08:34:0c:87:86:8a:38:25:1a:58:1d:6a:0a:de:89:
         aa:3b:21:46:ff:de:12:55:b1:f0:e6:06:95:5f:1b:01:f2:84:
         bf:e9:b1:55:ef:d1:d7:de:3f:e3:be:8c:7c:d9:73:06:9e:71:
         6f:3d:61:a2:5d:b3:fe:ca:22:d3:54:dc:be:44:67:9f:29:6e:
         d7:2a:89:d7:c5:e5:d0:18:e7:f9:ed:60:05:6a:b2:c5:ae:de:
         bb:84:5a:a4:25:9a:6c:d6:48:60:d8:17:8f:cb:e1:b8:4f:7d:
         95:fe:b2:7f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQhsgCAh8hQomC1Rd6qe2OUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwMTI4NzkyN2FkN2IxZGI0NzlhZTVhYjkyYWI4N2M0YTRm
YWY0OTYwHhcNMjUwMTAxMTE0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YThmOWQ1Zjc5NTAyYmZmZmNjMDY4MmE4NWJhODgwYmY3YTA4ZDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3AXbI4SOACtihIZKTvVBa5UgVHA
ebASGuTuRQqKjc+p9TTIzDosOsBOjB9MTNWo5A1Ez23qGt3gsqzHjYTRX1himbhP
sG7L4FaY74NdVw7uzpoRMSAy3un7gsopnb9/UghQJxU1xiZyHhVHYPPJt7x/0Nn1
lpZwvpt93IisUwF+12q2xxn3qMmFEBGhOeOYvyPUfh/RhXxQD1wggzec6t4rGqvA
lZBc48RIzziIN1YqWCyN04k19mnUP2/EMr+WkA5pDWzEY5usXAJFrV59e2/T8jg9
q9QfatC8TaJ1AZnDt9zIB3tqRfIG4XHyGMPylLroA90W8LFcWCcBBVs9SQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFqPnV95UCv//MBoKoW6iAv3oI0WMB8GA1UdIwQY
MBaAFBASh5J617HbR5rlq5Krh8Sk+vSWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUJLSGtuclhzZHRIbXVXcmtxdUh4S1Q2OUpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8xMjM5MWQtNWZiNi00ZGVhLWE3MTMt
NzNhNDUyYmFmYjQ2LzEvV28tZFgzbFFLX184d0dncWhicUlDX2VnalJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8xMjM5MWQtNWZiNi00ZGVhLWE3MTMtNzNhNDUyYmFmYjQ2
LzEvRUJLSGtuclhzZHRIbXVXcmtxdUh4S1Q2OUpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgC+gDAN
BgkqhkiG9w0BAQsFAAOCAQEAEYlx398IZ2289ITMwZpHh4nn0ozdS/YeZkGtGCSf
O48yrBQsby8B+HMDqp/KAMi8uadXVgQRSPaiahZQ9ZcGFkQbqSpq0GSYTTLmiQ9y
U3SIfRiwSVwqUAV0BQRb3focCiDv61aIow+bq0dNUGTszJ4+R7hMb+aaQQ1KLX9v
UN5cAJYY61P+htWzmZzIcq85vyeMCDQMh4aKOCUaWB1qCt6JqjshRv/eElWx8OYG
lV8bAfKEv+mxVe/R194/476MfNlzBp5xbz1hol2z/soi01TcvkRnnylu1yqJ18Xl
0Bjn+e1gBWqyxa7eu4RapCWabNZIYNgXj8vhuE99lf6yfw==
-----END CERTIFICATE-----