Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/5f8881-8a44-4842-8009-1165d1d1564f/1/WehumHEM9PpHc6BNU5sQnqsEG_E.roa
File:                     WehumHEM9PpHc6BNU5sQnqsEG_E.roa (raw, json)
Hash identifier:          PP9QcXtZAIEHIkJBPMw/reuU/snCN+NCjPgHRtEm9Ss=
Subject key identifier:   59:E8:6E:98:71:0C:F4:FA:47:73:A0:4D:53:9B:10:9E:AB:04:1B:F1
Certificate issuer:       /CN=e4cc76e3b5477ffd42a0fe4b8c783aad2f96fe70
Certificate serial:       018CC9BBDBFB4F451771F797EEA89D1828D2
Authority key identifier: E4:CC:76:E3:B5:47:7F:FD:42:A0:FE:4B:8C:78:3A:AD:2F:96:FE:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5Mx247VHf_1CoP5LjHg6rS-W_nA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/5f8881-8a44-4842-8009-1165d1d1564f/1/WehumHEM9PpHc6BNU5sQnqsEG_E.roa
Signing time:             Tue 02 Jan 2024 10:33:01 +0000
ROA not before:           Tue 02 Jan 2024 10:33:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52000
IP address blocks:        2a0b:9080:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/5f8881-8a44-4842-8009-1165d1d1564f/1/5Mx247VHf_1CoP5LjHg6rS-W_nA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/5f8881-8a44-4842-8009-1165d1d1564f/1/5Mx247VHf_1CoP5LjHg6rS-W_nA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5Mx247VHf_1CoP5LjHg6rS-W_nA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:db:fb:4f:45:17:71:f7:97:ee:a8:9d:18:28:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4cc76e3b5477ffd42a0fe4b8c783aad2f96fe70
        Validity
            Not Before: Jan  2 10:33:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59e86e98710cf4fa4773a04d539b109eab041bf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:73:9c:0a:9d:84:76:78:ee:81:4c:04:35:d3:
                    b4:db:db:79:d1:e9:ea:91:fa:98:ab:5e:7c:8e:7d:
                    fc:34:17:7a:ef:65:c1:ee:96:c2:37:57:b6:44:e2:
                    5e:ae:4c:8d:77:5b:cb:d4:f7:9c:e4:12:d4:c4:05:
                    1c:6e:06:7e:1a:42:02:66:43:78:09:9d:67:42:b6:
                    60:7d:a9:6f:37:c3:27:8d:ba:31:56:f8:dd:48:b2:
                    39:c4:42:10:ac:77:d3:c5:41:c2:08:fc:8c:1e:66:
                    1b:99:2e:a3:f8:da:fd:b1:18:fa:72:1d:84:40:7c:
                    4f:7c:c4:58:8f:df:c0:1c:00:a3:bb:ad:4a:c6:b1:
                    ef:1d:f8:0b:4c:b6:02:7e:ad:d7:04:5b:a7:e6:a9:
                    45:98:be:7c:bd:64:04:21:f7:86:e3:9e:d0:f7:be:
                    18:56:8c:aa:83:13:95:f4:fc:5d:63:1e:1c:9b:dd:
                    97:6b:ca:af:08:c2:3c:eb:54:98:dd:68:cd:1b:c2:
                    d9:45:5c:d0:55:1f:06:c5:87:91:9f:9f:0e:35:17:
                    7f:87:60:9d:16:a3:72:50:43:9f:a2:35:7f:b2:86:
                    64:e6:40:65:22:2c:30:5b:2c:e2:22:4c:a5:df:51:
                    28:2d:1e:ac:f7:f2:4f:33:c9:27:ba:17:5a:2a:f1:
                    79:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:E8:6E:98:71:0C:F4:FA:47:73:A0:4D:53:9B:10:9E:AB:04:1B:F1
            X509v3 Authority Key Identifier:
                keyid:E4:CC:76:E3:B5:47:7F:FD:42:A0:FE:4B:8C:78:3A:AD:2F:96:FE:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5Mx247VHf_1CoP5LjHg6rS-W_nA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/5f8881-8a44-4842-8009-1165d1d1564f/1/WehumHEM9PpHc6BNU5sQnqsEG_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/5f8881-8a44-4842-8009-1165d1d1564f/1/5Mx247VHf_1CoP5LjHg6rS-W_nA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:9080:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:f8:63:df:95:25:d2:0b:8b:8b:7c:68:e7:4c:8c:4c:a3:ad:
         c2:ca:54:4c:83:47:38:ec:ca:c0:82:db:b8:48:69:82:8d:47:
         c9:bf:5d:14:4a:d3:32:f7:0a:0f:bf:0e:6f:56:fd:68:c2:13:
         4d:22:1a:1f:da:7f:66:27:9e:25:a7:e6:1f:eb:7f:e8:9b:fe:
         76:8f:90:eb:d0:a2:e8:12:ce:dd:cc:d6:bc:17:08:ff:7c:4c:
         8c:72:75:db:d0:4c:35:af:01:fc:fd:29:fc:20:80:50:52:c9:
         9d:40:75:a9:60:cd:94:3a:1f:ba:ff:3e:24:0c:60:04:a9:10:
         92:cf:f8:76:3f:21:1c:e7:52:b6:65:72:10:40:96:01:e6:53:
         c1:3e:17:b6:b7:68:0c:5c:d0:3a:b5:7b:79:ff:43:38:dd:ad:
         42:2d:b5:d5:24:47:ef:a8:e1:4b:42:81:07:46:93:a9:c5:d2:
         31:44:0f:f0:ed:1c:a8:f7:92:39:b0:bc:03:73:df:b7:1d:2d:
         99:8e:d6:94:a4:76:cc:e9:5c:f7:e2:37:ba:28:cf:78:34:8c:
         0a:e7:b5:db:c4:96:e1:ab:cc:62:57:00:97:4c:2b:8d:e0:53:
         a6:2d:4b:99:33:a3:9b:79:40:4c:6c:20:85:e4:4a:49:37:65:
         e1:60:94:27
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJu9v7T0UXcfeX7qidGCjSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Y2M3NmUzYjU0NzdmZmQ0MmEwZmU0YjhjNzgzYWFkMmY5
NmZlNzAwHhcNMjQwMTAyMTAzMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWU4NmU5ODcxMGNmNGZhNDc3M2EwNGQ1MzliMTA5ZWFiMDQxYmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5XOcCp2EdnjugUwENdO029t50enq
kfqYq158jn38NBd672XB7pbCN1e2ROJerkyNd1vL1Pec5BLUxAUcbgZ+GkICZkN4
CZ1nQrZgfalvN8MnjboxVvjdSLI5xEIQrHfTxUHCCPyMHmYbmS6j+Nr9sRj6ch2E
QHxPfMRYj9/AHACju61KxrHvHfgLTLYCfq3XBFun5qlFmL58vWQEIfeG457Q974Y
VoyqgxOV9PxdYx4cm92Xa8qvCMI861SY3WjNG8LZRVzQVR8GxYeRn58ONRd/h2Cd
FqNyUEOfojV/soZk5kBlIiwwWyziIkyl31EoLR6s9/JPM8knuhdaKvF5fQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFnobphxDPT6R3OgTVObEJ6rBBvxMB8GA1UdIwQY
MBaAFOTMduO1R3/9QqD+S4x4Oq0vlv5wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNU14MjQ3VkhmXzFDb1A1TGpIZzZyUy1XX25BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi81Zjg4ODEtOGE0NC00ODQyLTgwMDkt
MTE2NWQxZDE1NjRmLzEvV2VodW1IRU05UHBIYzZCTlU1c1FucXNFR19FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi81Zjg4ODEtOGE0NC00ODQyLTgwMDktMTE2NWQxZDE1NjRm
LzEvNU14MjQ3VkhmXzFDb1A1TGpIZzZyUy1XX25BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKguQgAAD
MA0GCSqGSIb3DQEBCwUAA4IBAQBd+GPflSXSC4uLfGjnTIxMo63CylRMg0c47MrA
gtu4SGmCjUfJv10UStMy9woPvw5vVv1owhNNIhof2n9mJ54lp+Yf63/om/52j5Dr
0KLoEs7dzNa8Fwj/fEyMcnXb0Ew1rwH8/Sn8IIBQUsmdQHWpYM2UOh+6/z4kDGAE
qRCSz/h2PyEc51K2ZXIQQJYB5lPBPhe2t2gMXNA6tXt5/0M43a1CLbXVJEfvqOFL
QoEHRpOpxdIxRA/w7Ryo95I5sLwDc9+3HS2ZjtaUpHbM6Vz34je6KM94NIwK57Xb
xJbhq8xiVwCXTCuN4FOmLUuZM6ObeUBMbCCF5EpJN2XhYJQn
-----END CERTIFICATE-----