Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/WD3jaJHDfiM2rSGx5gVKnd6x0SU.roa
File:                     WD3jaJHDfiM2rSGx5gVKnd6x0SU.roa (raw, json)
Hash identifier:          7Dl4lyt7OrnXj09ig4h3cFcXSMd+OVijbQ7nFBNrh1o=
Subject key identifier:   58:3D:E3:68:91:C3:7E:23:36:AD:21:B1:E6:05:4A:9D:DE:B1:D1:25
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       018CC26D41085CD51F3123DD36E4F24ABE9B
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/WD3jaJHDfiM2rSGx5gVKnd6x0SU.roa
Signing time:             Mon 01 Jan 2024 00:29:49 +0000
ROA not before:           Mon 01 Jan 2024 00:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211647
IP address blocks:        2a0e:aa07:e04a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:41:08:5c:d5:1f:31:23:dd:36:e4:f2:4a:be:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 00:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=583de36891c37e2336ad21b1e6054a9ddeb1d125
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:e3:0d:50:c9:f0:9b:48:0c:71:67:72:80:24:
                    0f:8c:58:f9:2a:5f:74:09:0c:fc:91:92:0e:78:63:
                    a7:ff:eb:75:77:bf:74:af:94:e2:0b:da:2d:51:2b:
                    15:3b:90:80:dc:e8:a7:d7:a9:32:36:12:23:37:20:
                    81:3a:76:5a:b1:00:db:16:72:12:c8:c3:b5:31:b5:
                    d5:59:72:af:43:d6:17:ef:1a:34:a8:32:18:b3:58:
                    ce:f9:60:1f:8f:ed:4b:d0:1e:77:b3:b2:cc:ea:7a:
                    2b:50:86:b8:5d:d7:ef:d5:86:bd:d1:72:9a:00:91:
                    90:95:25:59:f1:ab:9c:6a:05:45:42:f0:c6:a9:da:
                    03:10:07:ae:54:b8:b6:ca:c9:0c:1f:03:18:e4:eb:
                    c8:74:4a:47:81:aa:22:19:8e:98:88:07:5f:f6:98:
                    ac:34:89:e7:81:91:63:6a:75:7b:fe:c1:b0:7b:2e:
                    4f:43:82:f1:5b:56:a5:74:3a:6a:ae:b6:65:1c:81:
                    68:8d:87:95:db:12:da:a4:cd:34:fe:75:30:5a:25:
                    4e:d6:d7:cc:35:b6:a6:9f:0c:08:4d:a2:99:77:7c:
                    84:26:35:59:d3:ae:e4:2d:70:71:80:fb:be:e3:51:
                    c3:ed:a2:9a:f9:40:b9:88:6f:65:eb:f4:ea:1a:b8:
                    39:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:3D:E3:68:91:C3:7E:23:36:AD:21:B1:E6:05:4A:9D:DE:B1:D1:25
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/WD3jaJHDfiM2rSGx5gVKnd6x0SU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e04a::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:57:23:55:2c:4b:66:0b:6d:8c:ed:51:d8:e0:11:7d:18:37:
         47:b7:c4:8f:e4:dd:2f:ed:1a:75:b9:ca:be:e3:24:8e:dc:d4:
         01:cb:cb:33:f9:e0:ee:43:97:67:42:87:42:ca:df:c4:f4:d9:
         71:f6:a1:06:1a:f0:d4:28:84:a1:ec:26:d3:9d:b7:50:9a:c2:
         25:4c:1d:e1:37:50:ce:81:ce:21:ef:d1:91:9d:d3:d6:87:fe:
         b1:b8:c8:43:1d:77:21:ee:fb:14:21:2a:0f:a6:a3:83:79:01:
         b5:82:b4:a6:74:b6:74:9e:4b:77:c6:8c:17:4e:25:97:a4:63:
         b5:27:34:03:da:84:51:a1:0e:f2:57:96:bb:fa:19:8f:79:88:
         69:31:5c:2c:29:3d:2c:f1:89:a0:81:cb:8c:c0:e9:02:5d:9e:
         98:2e:db:2e:5d:8d:63:d7:88:09:cf:d0:cd:55:e2:3f:d9:13:
         f1:46:db:0d:80:c6:6d:ca:cb:9b:9f:fe:78:cb:22:3b:66:ed:
         7e:22:ec:90:bb:40:3e:3f:7a:16:c1:42:11:1d:05:59:d1:9e:
         b6:c7:9a:b4:c7:47:13:d2:74:23:c6:4b:59:f5:53:54:b6:36:
         77:67:e0:7c:50:2f:8e:c1:4a:f8:54:c4:8d:d3:f3:72:e5:4f:
         ba:b5:ff:62
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzCbUEIXNUfMSPdNuTySr6bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwMTAxMDAyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODNkZTM2ODkxYzM3ZTIzMzZhZDIxYjFlNjA1NGE5ZGRlYjFkMTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1OMNUMnwm0gMcWdygCQPjFj5Kl90
CQz8kZIOeGOn/+t1d790r5TiC9otUSsVO5CA3Oin16kyNhIjNyCBOnZasQDbFnIS
yMO1MbXVWXKvQ9YX7xo0qDIYs1jO+WAfj+1L0B53s7LM6norUIa4Xdfv1Ya90XKa
AJGQlSVZ8aucagVFQvDGqdoDEAeuVLi2yskMHwMY5OvIdEpHgaoiGY6YiAdf9pis
NInngZFjanV7/sGwey5PQ4LxW1aldDpqrrZlHIFojYeV2xLapM00/nUwWiVO1tfM
NbamnwwITaKZd3yEJjVZ067kLXBxgPu+41HD7aKa+UC5iG9l6/TqGrg58QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFg942iRw34jNq0hseYFSp3esdElMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvV0QzamFKSERmaU0yclNHeDVnVktuZDZ4MFNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+BK
MA0GCSqGSIb3DQEBCwUAA4IBAQA2VyNVLEtmC22M7VHY4BF9GDdHt8SP5N0v7Rp1
ucq+4ySO3NQBy8sz+eDuQ5dnQodCyt/E9Nlx9qEGGvDUKISh7CbTnbdQmsIlTB3h
N1DOgc4h79GRndPWh/6xuMhDHXch7vsUISoPpqODeQG1grSmdLZ0nkt3xowXTiWX
pGO1JzQD2oRRoQ7yV5a7+hmPeYhpMVwsKT0s8YmggcuMwOkCXZ6YLtsuXY1j14gJ
z9DNVeI/2RPxRtsNgMZtysubn/54yyI7Zu1+IuyQu0A+P3oWwUIRHQVZ0Z62x5q0
x0cT0nQjxktZ9VNUtjZ3Z+B8UC+OwUr4VMSN0/Ny5U+6tf9i
-----END CERTIFICATE-----