Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/3a7e49-9d27-4e4e-aa36-6f6ccb6e2cda/1/WElDknMFTvjh83xx5Et50wg1v-U.roa
File:                     WElDknMFTvjh83xx5Et50wg1v-U.roa (raw, json)
Hash identifier:          h2j+BHn4dkbiWQyqhWCFg30pzxdp3aNlZOiTKyUxBVQ=
Subject key identifier:   58:49:43:92:73:05:4E:F8:E1:F3:7C:71:E4:4B:79:D3:08:35:BF:E5
Certificate issuer:       /CN=4ddd0f9dcd88949b8f3a3771063562a057679290
Certificate serial:       018CC726527D6D5BF9736F341A1FDCA3BF03
Authority key identifier: 4D:DD:0F:9D:CD:88:94:9B:8F:3A:37:71:06:35:62:A0:57:67:92:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Td0Pnc2IlJuPOjdxBjVioFdnkpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/3a7e49-9d27-4e4e-aa36-6f6ccb6e2cda/1/WElDknMFTvjh83xx5Et50wg1v-U.roa
Signing time:             Mon 01 Jan 2024 22:30:26 +0000
ROA not before:           Mon 01 Jan 2024 22:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204810
IP address blocks:        2a0c:4b80:4000::/34 maxlen: 34

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/3a7e49-9d27-4e4e-aa36-6f6ccb6e2cda/1/Td0Pnc2IlJuPOjdxBjVioFdnkpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/3a7e49-9d27-4e4e-aa36-6f6ccb6e2cda/1/Td0Pnc2IlJuPOjdxBjVioFdnkpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Td0Pnc2IlJuPOjdxBjVioFdnkpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:52:7d:6d:5b:f9:73:6f:34:1a:1f:dc:a3:bf:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4ddd0f9dcd88949b8f3a3771063562a057679290
        Validity
            Not Before: Jan  1 22:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5849439273054ef8e1f37c71e44b79d30835bfe5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:61:7c:aa:b5:03:e3:ff:45:9c:62:fc:1c:be:
                    a5:6a:82:ac:11:47:2f:d1:b7:4b:c3:7e:68:f8:f9:
                    43:a5:2b:1d:df:c6:b7:e6:52:da:bd:d6:23:cc:bf:
                    78:ef:99:48:9e:a5:81:13:2e:0a:95:e3:83:df:9a:
                    3f:da:45:7e:d4:ae:9c:3a:ef:66:c4:17:f1:77:5c:
                    78:2e:5b:b9:47:58:0b:de:85:18:c7:17:30:51:21:
                    97:e0:17:30:62:04:4a:d5:6b:ca:93:b1:97:79:36:
                    bc:14:e2:fe:9a:ce:15:bb:cc:29:23:a8:f5:b0:7f:
                    37:ad:b2:fe:ef:bc:6c:89:f1:2d:26:96:6b:12:7d:
                    b6:a2:08:13:ff:6c:f3:9a:58:74:34:af:05:77:3f:
                    95:ca:dd:73:90:cb:9e:d3:0c:fb:30:f7:b8:9c:fe:
                    19:4d:b1:e0:d7:12:cf:25:27:a9:80:7a:6e:cb:49:
                    b5:36:8a:7b:36:ba:8e:21:f4:93:be:5d:7e:45:be:
                    18:f5:de:52:8c:36:38:e8:d4:8b:f5:bd:63:1c:bc:
                    b8:76:38:c0:57:a1:22:12:57:af:46:7b:c9:61:aa:
                    87:33:f5:37:af:a0:3a:f1:30:50:c3:5c:ea:90:62:
                    82:05:a6:ff:52:47:9a:50:bf:6f:19:7b:56:ce:fa:
                    94:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:49:43:92:73:05:4E:F8:E1:F3:7C:71:E4:4B:79:D3:08:35:BF:E5
            X509v3 Authority Key Identifier:
                keyid:4D:DD:0F:9D:CD:88:94:9B:8F:3A:37:71:06:35:62:A0:57:67:92:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Td0Pnc2IlJuPOjdxBjVioFdnkpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/3a7e49-9d27-4e4e-aa36-6f6ccb6e2cda/1/WElDknMFTvjh83xx5Et50wg1v-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/3a7e49-9d27-4e4e-aa36-6f6ccb6e2cda/1/Td0Pnc2IlJuPOjdxBjVioFdnkpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:4b80:4000::/34

    Signature Algorithm: sha256WithRSAEncryption
         32:d9:ad:e4:41:f0:b8:47:81:62:13:b5:f6:1d:0f:1b:b3:83:
         27:39:b6:74:41:65:56:68:a2:7a:cf:69:b0:26:23:16:00:4f:
         99:7b:b9:b0:c2:15:fc:48:3a:df:8b:c0:57:9b:ae:70:9a:1c:
         98:83:b8:74:6b:cb:fa:c7:1d:2c:cb:b2:bd:9c:be:da:7f:f3:
         d4:a1:8b:e6:25:f0:d4:cb:34:45:23:57:e9:ff:eb:38:eb:05:
         97:17:39:23:9f:ca:ab:a9:81:61:33:4e:6c:b0:27:49:1c:1a:
         1a:0e:56:90:91:46:92:07:22:5d:93:7a:82:18:ff:01:3b:f0:
         66:3b:e7:2f:e3:8d:0d:cd:b3:01:f8:a8:80:24:bb:63:0b:3c:
         63:99:1b:55:da:40:a8:a5:33:a1:1e:e6:68:d3:f1:56:ee:5d:
         fe:5b:10:07:3e:ba:78:78:c7:50:4c:0d:35:5e:99:bc:3b:cc:
         b6:c8:e3:0e:13:2d:9b:f2:40:21:ae:05:08:15:39:10:0c:3f:
         23:ac:e3:e6:b3:9e:fe:dc:e9:28:bd:73:6b:a7:b4:23:ac:79:
         3d:91:a7:68:5f:5a:d6:86:ce:57:25:5f:0e:e5:b1:77:42:40:
         d0:58:58:9b:76:7f:3b:35:e8:ef:48:b6:80:53:e2:7f:a7:27:
         83:09:19:41
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHJlJ9bVv5c280Gh/co78DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZGQwZjlkY2Q4ODk0OWI4ZjNhMzc3MTA2MzU2MmEwNTc2
NzkyOTAwHhcNMjQwMTAxMjIzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODQ5NDM5MjczMDU0ZWY4ZTFmMzdjNzFlNDRiNzlkMzA4MzViZmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2F8qrUD4/9FnGL8HL6laoKsEUcv
0bdLw35o+PlDpSsd38a35lLavdYjzL9475lInqWBEy4KleOD35o/2kV+1K6cOu9m
xBfxd1x4Llu5R1gL3oUYxxcwUSGX4BcwYgRK1WvKk7GXeTa8FOL+ms4Vu8wpI6j1
sH83rbL+77xsifEtJpZrEn22oggT/2zzmlh0NK8Fdz+Vyt1zkMue0wz7MPe4nP4Z
TbHg1xLPJSepgHpuy0m1Nop7NrqOIfSTvl1+Rb4Y9d5SjDY46NSL9b1jHLy4djjA
V6EiElevRnvJYaqHM/U3r6A68TBQw1zqkGKCBab/UkeaUL9vGXtWzvqU2QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFhJQ5JzBU744fN8ceRLedMINb/lMB8GA1UdIwQY
MBaAFE3dD53NiJSbjzo3cQY1YqBXZ5KQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGQwUG5jMklsSnVQT2pkeEJqVmlvRmRua3BBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8zYTdlNDktOWQyNy00ZTRlLWFhMzYt
NmY2Y2NiNmUyY2RhLzEvV0VsRGtuTUZUdmpoODN4eDVFdDUwd2cxdi1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8zYTdlNDktOWQyNy00ZTRlLWFhMzYtNmY2Y2NiNmUyY2Rh
LzEvVGQwUG5jMklsSnVQT2pkeEJqVmlvRmRua3BBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYGKgxLgEAw
DQYJKoZIhvcNAQELBQADggEBADLZreRB8LhHgWITtfYdDxuzgyc5tnRBZVZoonrP
abAmIxYAT5l7ubDCFfxIOt+LwFebrnCaHJiDuHRry/rHHSzLsr2cvtp/89Shi+Yl
8NTLNEUjV+n/6zjrBZcXOSOfyqupgWEzTmywJ0kcGhoOVpCRRpIHIl2TeoIY/wE7
8GY75y/jjQ3NswH4qIAku2MLPGOZG1XaQKilM6Ee5mjT8VbuXf5bEAc+unh4x1BM
DTVembw7zLbI4w4TLZvyQCGuBQgVORAMPyOs4+aznv7c6Si9c2untCOseT2Rp2hf
WtaGzlclXw7lsXdCQNBYWJt2fzs16O9ItoBT4n+nJ4MJGUE=
-----END CERTIFICATE-----