Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/4aa5a7-8bec-4247-a15f-5a3612352b37/1/wEztfgDsD3VgXR_6I7E9tHgko-0.roa
File:                     wEztfgDsD3VgXR_6I7E9tHgko-0.roa (raw, json)
Hash identifier:          csoAzGEEjkxJQ7QLqTKr0Z1Z0z14AnLYZP4PrJptqYE=
Subject key identifier:   C0:4C:ED:7E:00:EC:0F:75:60:5D:1F:FA:23:B1:3D:B4:78:24:A3:ED
Certificate issuer:       /CN=b360f0097be481c21bb1d51c85d44f6574158aa9
Certificate serial:       018D87D6C4BD3D7F702689BA3C2CAD3D1839
Authority key identifier: B3:60:F0:09:7B:E4:81:C2:1B:B1:D5:1C:85:D4:4F:65:74:15:8A:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s2DwCXvkgcIbsdUchdRPZXQViqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/4aa5a7-8bec-4247-a15f-5a3612352b37/1/wEztfgDsD3VgXR_6I7E9tHgko-0.roa
Signing time:             Thu 08 Feb 2024 08:30:15 +0000
ROA not before:           Thu 08 Feb 2024 08:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a14:2a00:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/4aa5a7-8bec-4247-a15f-5a3612352b37/1/s2DwCXvkgcIbsdUchdRPZXQViqk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/4aa5a7-8bec-4247-a15f-5a3612352b37/1/s2DwCXvkgcIbsdUchdRPZXQViqk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s2DwCXvkgcIbsdUchdRPZXQViqk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:87:d6:c4:bd:3d:7f:70:26:89:ba:3c:2c:ad:3d:18:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b360f0097be481c21bb1d51c85d44f6574158aa9
        Validity
            Not Before: Feb  8 08:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c04ced7e00ec0f75605d1ffa23b13db47824a3ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6d:73:3d:f0:39:c1:05:2f:cb:c7:ed:df:13:
                    61:66:0d:7b:1a:4f:ad:e2:00:8c:1d:2a:9d:a2:fb:
                    58:0d:e9:f4:df:5f:25:af:89:8c:fc:e2:3b:9c:07:
                    df:8c:c0:cd:20:14:a9:a3:c3:7b:60:c9:81:3c:e8:
                    30:3f:76:ce:2e:0a:70:02:a7:3e:b0:48:6a:88:2d:
                    be:4f:9d:59:71:70:94:af:07:e7:fc:ea:fb:6d:d6:
                    d9:68:6c:6b:49:a0:79:73:ba:8f:c9:c8:02:72:65:
                    74:85:42:84:db:d9:fc:51:c5:43:22:66:dc:95:6c:
                    0f:1f:f8:6d:3a:bd:23:04:3f:ab:79:69:96:c7:41:
                    8f:f8:22:eb:ea:42:ef:e3:67:db:56:e8:a1:d5:14:
                    8d:9b:47:0f:52:fd:a8:11:e9:f1:9c:1b:6d:77:d9:
                    b0:fc:94:2e:bc:5d:33:6d:a7:b4:fa:a1:ad:85:8d:
                    01:61:a0:c3:a1:42:07:08:bb:f1:6c:10:ad:21:13:
                    80:85:7e:4c:7f:c6:80:3c:ab:93:21:91:b0:08:4c:
                    b3:48:15:3e:1c:00:1e:5b:16:bd:8c:9f:a4:59:81:
                    34:e2:2f:90:fd:1f:17:c4:f8:0e:f8:a0:19:1e:92:
                    07:ba:57:2e:f4:05:ae:bd:a5:9d:45:75:ee:38:df:
                    db:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:4C:ED:7E:00:EC:0F:75:60:5D:1F:FA:23:B1:3D:B4:78:24:A3:ED
            X509v3 Authority Key Identifier:
                keyid:B3:60:F0:09:7B:E4:81:C2:1B:B1:D5:1C:85:D4:4F:65:74:15:8A:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s2DwCXvkgcIbsdUchdRPZXQViqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4aa5a7-8bec-4247-a15f-5a3612352b37/1/wEztfgDsD3VgXR_6I7E9tHgko-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4aa5a7-8bec-4247-a15f-5a3612352b37/1/s2DwCXvkgcIbsdUchdRPZXQViqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:2a00:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         92:28:d0:b3:50:9b:b6:f1:63:fa:7f:cb:9f:b2:8b:10:f4:c7:
         8e:7b:20:11:fe:0c:62:17:ef:d6:31:71:4a:43:41:2a:1e:5a:
         8d:22:c5:3a:3b:c6:10:f2:56:b4:57:a0:a5:95:c0:4d:b8:63:
         20:09:b0:9b:54:69:bc:f8:8f:f0:f7:30:a4:36:c3:07:e0:fc:
         81:8f:38:91:bb:7d:90:d3:20:16:ff:c6:bc:41:c9:69:35:e2:
         76:f1:15:13:5c:f1:ed:e8:ae:24:83:6c:56:ac:8d:47:aa:f5:
         81:2f:86:92:ba:c9:b9:7f:07:25:9f:b3:37:15:9d:02:be:66:
         e0:c9:e7:85:24:c7:67:5e:f3:4b:20:da:ba:53:db:c4:fc:a6:
         fc:2a:a7:12:9b:74:d8:d3:3f:35:35:fa:84:5b:35:72:98:95:
         c6:b4:0c:36:24:40:35:f8:42:55:d2:cc:a6:65:88:4d:cb:76:
         dc:1c:66:e2:3b:40:e6:c5:5a:32:9e:2b:a2:29:29:1e:f1:fc:
         bc:ca:06:6e:52:99:77:c6:98:2d:ec:de:ec:70:12:86:cc:b9:
         b5:6f:69:b6:c4:54:23:b1:af:9c:5a:00:0b:23:7e:32:c4:9c:
         97:87:51:dd:de:9a:a2:e9:f2:30:36:b3:f2:3b:00:34:11:fb:
         ff:57:64:32
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY2H1sS9PX9wJom6PCytPRg5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNjBmMDA5N2JlNDgxYzIxYmIxZDUxYzg1ZDQ0ZjY1NzQx
NThhYTkwHhcNMjQwMjA4MDgzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDRjZWQ3ZTAwZWMwZjc1NjA1ZDFmZmEyM2IxM2RiNDc4MjRhM2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApW1zPfA5wQUvy8ft3xNhZg17Gk+t
4gCMHSqdovtYDen0318lr4mM/OI7nAffjMDNIBSpo8N7YMmBPOgwP3bOLgpwAqc+
sEhqiC2+T51ZcXCUrwfn/Or7bdbZaGxrSaB5c7qPycgCcmV0hUKE29n8UcVDImbc
lWwPH/htOr0jBD+reWmWx0GP+CLr6kLv42fbVuih1RSNm0cPUv2oEenxnBttd9mw
/JQuvF0zbae0+qGthY0BYaDDoUIHCLvxbBCtIROAhX5Mf8aAPKuTIZGwCEyzSBU+
HAAeWxa9jJ+kWYE04i+Q/R8XxPgO+KAZHpIHulcu9AWuvaWdRXXuON/bUQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMBM7X4A7A91YF0f+iOxPbR4JKPtMB8GA1UdIwQY
MBaAFLNg8Al75IHCG7HVHIXUT2V0FYqpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczJEd0NYdmtnY0lic2RVY2hkUlBaWFFWaXFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi80YWE1YTctOGJlYy00MjQ3LWExNWYt
NWEzNjEyMzUyYjM3LzEvd0V6dGZnRHNEM1ZnWFJfNkk3RTl0SGdrby0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi80YWE1YTctOGJlYy00MjQ3LWExNWYtNWEzNjEyMzUyYjM3
LzEvczJEd0NYdmtnY0lic2RVY2hkUlBaWFFWaXFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhQqAAEw
DQYJKoZIhvcNAQELBQADggEBAJIo0LNQm7bxY/p/y5+yixD0x457IBH+DGIX79Yx
cUpDQSoeWo0ixTo7xhDyVrRXoKWVwE24YyAJsJtUabz4j/D3MKQ2wwfg/IGPOJG7
fZDTIBb/xrxByWk14nbxFRNc8e3oriSDbFasjUeq9YEvhpK6ybl/ByWfszcVnQK+
ZuDJ54Ukx2de80sg2rpT28T8pvwqpxKbdNjTPzU1+oRbNXKYlca0DDYkQDX4QlXS
zKZliE3LdtwcZuI7QObFWjKeK6IpKR7x/LzKBm5SmXfGmC3s3uxwEobMubVvabbE
VCOxr5xaAAsjfjLEnJeHUd3emqLp8jA2s/I7ADQR+/9XZDI=
-----END CERTIFICATE-----