Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/wug50-di_jJU2fXDD4hpAtIf-cQ.roa
File:                     wug50-di_jJU2fXDD4hpAtIf-cQ.roa (raw, json)
Hash identifier:          AV05j0kVnru/QEP+KnZbQRjtF2/qBFYHDvKxCu4bwlA=
Subject key identifier:   C2:E8:39:D3:E7:62:FE:32:54:D9:F5:C3:0F:88:69:02:D2:1F:F9:C4
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       0190E625A3DA359108A7E4151C3B4779D8CC
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/wug50-di_jJU2fXDD4hpAtIf-cQ.roa
Signing time:             Wed 24 Jul 2024 19:09:04 +0000
ROA not before:           Wed 24 Jul 2024 19:09:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214483
IP address blocks:        2a0e:aa07:e1f0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e6:25:a3:da:35:91:08:a7:e4:15:1c:3b:47:79:d8:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jul 24 19:09:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2e839d3e762fe3254d9f5c30f886902d21ff9c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:eb:46:a8:fe:61:64:d5:37:ee:55:aa:d6:ec:
                    4e:b9:88:26:0c:1b:c7:1c:75:d3:08:c0:87:d4:a1:
                    49:a4:40:48:e8:b4:53:17:e1:aa:e1:92:30:5f:89:
                    2c:5e:2c:11:06:95:d4:fb:16:84:0a:89:07:37:1f:
                    b4:a4:c3:15:40:e5:10:ce:a9:d4:5b:7d:57:09:70:
                    ab:10:5d:fb:4e:f4:df:8a:5c:e6:a8:52:48:2f:27:
                    eb:cf:36:0e:f7:d9:8a:24:cd:87:87:46:60:b9:67:
                    e1:f2:06:44:9e:5f:cc:fb:02:70:52:d9:57:16:a2:
                    36:21:91:e2:3a:5a:c8:32:03:72:47:bd:80:e9:2b:
                    89:ce:16:a9:06:d3:49:03:88:ca:25:65:0f:00:21:
                    77:55:b8:d4:09:cb:c7:d6:3d:46:46:d1:90:08:e3:
                    12:66:22:f6:08:4b:d0:16:9f:3c:57:ac:5d:46:9e:
                    af:0f:7e:cb:af:9a:d5:43:ab:a0:fa:74:02:4c:e3:
                    c9:4e:36:13:da:10:16:57:d1:6f:c2:c7:54:f0:82:
                    5f:7d:06:dc:33:16:1b:4e:c4:d2:76:a3:2d:65:55:
                    4d:c0:7b:40:30:cd:28:af:70:92:bf:3d:06:27:a5:
                    db:bd:2b:d3:13:0c:00:6c:e5:d9:46:82:78:f1:20:
                    b6:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:E8:39:D3:E7:62:FE:32:54:D9:F5:C3:0F:88:69:02:D2:1F:F9:C4
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/wug50-di_jJU2fXDD4hpAtIf-cQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e1f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         99:8f:fb:4d:d4:fc:48:e0:c5:f9:b2:0e:09:b1:35:5f:c2:07:
         fd:86:b0:6a:da:65:4b:42:c5:69:59:f5:c8:7c:e9:38:f1:8d:
         e4:11:32:10:61:6b:9c:85:f7:ef:38:6f:2f:f4:dd:c9:a1:b7:
         86:2c:10:44:42:90:fb:33:eb:b5:20:57:6c:70:94:ff:ee:b5:
         5e:45:87:f8:bc:86:96:ec:b5:61:33:eb:09:56:bf:7b:84:9b:
         ec:f2:47:b7:7e:a0:4e:a8:fc:7c:9c:11:2d:f5:81:ae:a3:a0:
         46:a7:4c:a7:8c:bc:8f:87:ef:d4:59:70:0c:fd:04:5f:1c:9b:
         21:6f:79:f8:98:c0:f7:0b:88:34:fd:f6:b2:84:29:61:1d:65:
         61:d9:18:f1:35:40:2d:39:5e:52:a4:e6:26:1e:a3:77:ea:70:
         79:b3:6a:30:67:0b:ed:53:46:2b:88:e2:81:09:34:32:f1:a7:
         45:c8:bf:d5:92:be:44:d9:95:53:3b:eb:26:5e:d5:8e:a7:1f:
         43:11:42:55:0b:06:39:6d:08:d0:ef:e2:64:8f:97:08:0b:00:
         37:4f:98:40:d1:05:ec:c2:d2:af:f1:21:e8:2a:7e:99:c0:63:
         08:7e:05:e6:6b:bb:5f:02:cb:83:5c:e4:e4:09:65:7b:8d:e8:
         55:ea:9e:1c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZDmJaPaNZEIp+QVHDtHedjMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjQwNzI0MTkwOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmU4MzlkM2U3NjJmZTMyNTRkOWY1YzMwZjg4NjkwMmQyMWZmOWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqetGqP5hZNU37lWq1uxOuYgmDBvH
HHXTCMCH1KFJpEBI6LRTF+Gq4ZIwX4ksXiwRBpXU+xaECokHNx+0pMMVQOUQzqnU
W31XCXCrEF37TvTfilzmqFJILyfrzzYO99mKJM2Hh0ZguWfh8gZEnl/M+wJwUtlX
FqI2IZHiOlrIMgNyR72A6SuJzhapBtNJA4jKJWUPACF3VbjUCcvH1j1GRtGQCOMS
ZiL2CEvQFp88V6xdRp6vD37Lr5rVQ6ug+nQCTOPJTjYT2hAWV9FvwsdU8IJffQbc
MxYbTsTSdqMtZVVNwHtAMM0or3CSvz0GJ6XbvSvTEwwAbOXZRoJ48SC23wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMLoOdPnYv4yVNn1ww+IaQLSH/nEMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvd3VnNTAtZGlfakpVMmZYREQ0aHBBdElmLWNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+Hw
MA0GCSqGSIb3DQEBCwUAA4IBAQCZj/tN1PxI4MX5sg4JsTVfwgf9hrBq2mVLQsVp
WfXIfOk48Y3kETIQYWuchffvOG8v9N3JobeGLBBEQpD7M+u1IFdscJT/7rVeRYf4
vIaW7LVhM+sJVr97hJvs8ke3fqBOqPx8nBEt9YGuo6BGp0ynjLyPh+/UWXAM/QRf
HJshb3n4mMD3C4g0/fayhClhHWVh2RjxNUAtOV5SpOYmHqN36nB5s2owZwvtU0Yr
iOKBCTQy8adFyL/Vkr5E2ZVTO+smXtWOpx9DEUJVCwY5bQjQ7+Jkj5cICwA3T5hA
0QXswtKv8SHoKn6ZwGMIfgXma7tfAsuDXOTkCWV7jehV6p4c
-----END CERTIFICATE-----