Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/WiTa19s6dT-3IPeX-V9JuUXY4w8.roa
File:                     WiTa19s6dT-3IPeX-V9JuUXY4w8.roa (raw, json)
Hash identifier:          RhPZnDHv4W2gKsak6gnqCQYTgu6B+js4PZtUxOlk9h4=
Subject key identifier:   5A:24:DA:D7:DB:3A:75:3F:B7:20:F7:97:F9:5F:49:B9:45:D8:E3:0F
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       019425FDE86DF80E694DD722B8632C39959B
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/WiTa19s6dT-3IPeX-V9JuUXY4w8.roa
Signing time:             Thu 02 Jan 2025 07:49:44 +0000
ROA not before:           Thu 02 Jan 2025 07:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209075
IP address blocks:        2a0a:79c0:900::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:e8:6d:f8:0e:69:4d:d7:22:b8:63:2c:39:95:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 07:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a24dad7db3a753fb720f797f95f49b945d8e30f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:73:ac:f4:ee:05:d3:d2:e9:d8:e8:c4:e2:22:
                    d3:a1:04:55:bf:6f:d4:4f:cc:cc:8c:d5:f2:71:a1:
                    67:10:92:40:ff:fd:4d:7a:cf:51:bf:7d:5b:4d:bc:
                    e3:bf:91:63:0f:e1:6a:80:d6:1f:6c:fc:26:f7:e0:
                    1a:66:03:06:1c:15:79:25:38:ec:3b:ec:e3:38:56:
                    7b:9a:dc:51:66:be:84:30:71:de:e7:a4:94:dc:a6:
                    46:a5:fa:78:e5:ef:8f:49:a8:7e:55:ba:cf:43:31:
                    c2:f3:1f:34:75:8e:16:9e:92:ba:e8:b3:30:b2:32:
                    e5:a2:07:ce:9e:42:4a:27:da:51:14:11:84:40:26:
                    26:bb:de:72:27:cd:5e:cb:35:05:85:4c:5b:f1:e8:
                    90:1d:64:05:73:de:8a:69:21:99:ef:e5:0e:c6:21:
                    9f:df:20:9c:f1:62:21:5c:3f:6d:ee:fd:2e:8a:e5:
                    04:c3:85:79:ba:96:8d:d7:be:1d:cf:f0:a3:e8:d8:
                    29:1f:9b:d8:95:e8:51:1f:7d:9a:21:b0:e9:48:75:
                    d8:96:be:c7:e0:0c:26:c7:fb:c7:b9:67:05:17:72:
                    c6:05:5d:8b:e6:e2:34:2c:e8:0f:0f:65:72:b1:7b:
                    c6:f7:39:78:a3:b3:19:c5:9a:da:b6:be:84:f0:c3:
                    6e:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:24:DA:D7:DB:3A:75:3F:B7:20:F7:97:F9:5F:49:B9:45:D8:E3:0F
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/WiTa19s6dT-3IPeX-V9JuUXY4w8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:79c0:900::/44

    Signature Algorithm: sha256WithRSAEncryption
         90:ea:65:84:e5:96:1d:aa:0d:c9:0e:37:54:4a:99:10:01:72:
         4c:15:a4:8f:91:01:9d:42:d9:00:34:90:37:19:a5:f1:91:09:
         d6:37:84:63:3e:3a:3e:bd:2c:97:a5:df:da:32:64:0a:34:c3:
         47:a0:1f:48:eb:e4:be:70:e0:55:bb:a5:9a:9e:16:a7:2e:64:
         0e:f9:ec:d8:4b:ac:70:32:af:d6:72:02:12:06:78:bb:90:9d:
         08:8e:3d:0c:25:96:36:e7:e3:c5:6e:48:d0:6f:76:9d:fb:e4:
         21:45:10:53:08:f5:2e:6c:11:ba:6d:aa:24:3a:a0:4e:68:3c:
         99:96:00:8c:99:94:fd:c8:85:43:8d:b1:ca:d2:b9:62:55:f8:
         58:00:85:d7:da:e1:5c:13:72:c7:26:8a:26:bd:36:c7:30:74:
         0e:a0:9d:96:64:33:94:4e:56:8a:51:20:99:f9:93:3e:25:9e:
         38:af:1d:20:bf:40:0b:27:9c:f9:c4:0e:0e:75:0b:d7:7c:92:
         16:d6:32:c2:20:e1:2d:f7:a9:8a:d1:ec:94:ca:e5:e7:e1:0a:
         ff:50:f5:2f:1e:10:18:eb:b0:6d:fc:7e:48:74:3f:78:19:54:
         ec:78:80:4c:41:e7:52:83:3c:8e:7f:c9:89:31:23:aa:a8:38:
         19:7d:cf:19
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQl/eht+A5pTdciuGMsOZWbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjUwMTAyMDc0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTI0ZGFkN2RiM2E3NTNmYjcyMGY3OTdmOTVmNDliOTQ1ZDhlMzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3Os9O4F09Lp2OjE4iLToQRVv2/U
T8zMjNXycaFnEJJA//1Nes9Rv31bTbzjv5FjD+FqgNYfbPwm9+AaZgMGHBV5JTjs
O+zjOFZ7mtxRZr6EMHHe56SU3KZGpfp45e+PSah+VbrPQzHC8x80dY4WnpK66LMw
sjLlogfOnkJKJ9pRFBGEQCYmu95yJ81eyzUFhUxb8eiQHWQFc96KaSGZ7+UOxiGf
3yCc8WIhXD9t7v0uiuUEw4V5upaN174dz/Cj6NgpH5vYlehRH32aIbDpSHXYlr7H
4Awmx/vHuWcFF3LGBV2L5uI0LOgPD2VysXvG9zl4o7MZxZratr6E8MNuzwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFok2tfbOnU/tyD3l/lfSblF2OMPMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvV2lUYTE5czZkVC0zSVBlWC1WOUp1VVhZNHc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgp5wAkA
MA0GCSqGSIb3DQEBCwUAA4IBAQCQ6mWE5ZYdqg3JDjdUSpkQAXJMFaSPkQGdQtkA
NJA3GaXxkQnWN4RjPjo+vSyXpd/aMmQKNMNHoB9I6+S+cOBVu6WanhanLmQO+ezY
S6xwMq/WcgISBni7kJ0Ijj0MJZY25+PFbkjQb3ad++QhRRBTCPUubBG6baokOqBO
aDyZlgCMmZT9yIVDjbHK0rliVfhYAIXX2uFcE3LHJoomvTbHMHQOoJ2WZDOUTlaK
USCZ+ZM+JZ44rx0gv0ALJ5z5xA4OdQvXfJIW1jLCIOEt96mK0eyUyuXn4Qr/UPUv
HhAY67Bt/H5IdD94GVTseIBMQedSgzyOf8mJMSOqqDgZfc8Z
-----END CERTIFICATE-----