Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/DwAcDj-IXHAFcEv5XXMkajL9h_M.roa
File:                     DwAcDj-IXHAFcEv5XXMkajL9h_M.roa (raw, json)
Hash identifier:          giM03R2ZX/0WviE9+Tst7cosBZ0vjKalaAEo/Q9BXjI=
Subject key identifier:   0F:00:1C:0E:3F:88:5C:70:05:70:4B:F9:5D:73:24:6A:32:FD:87:F3
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       018CC9BC701CC13444D69378C2F8959C8463
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/DwAcDj-IXHAFcEv5XXMkajL9h_M.roa
Signing time:             Tue 02 Jan 2024 10:33:39 +0000
ROA not before:           Tue 02 Jan 2024 10:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206275
IP address blocks:        2a0d:f407:1034::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:70:1c:c1:34:44:d6:93:78:c2:f8:95:9c:84:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  2 10:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f001c0e3f885c7005704bf95d73246a32fd87f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:7d:68:99:90:df:98:99:d0:0b:43:d8:fa:bc:
                    d3:4a:18:6a:92:bc:d5:2f:9d:1e:e1:4b:9f:c2:ef:
                    ad:12:52:c5:07:2e:97:1d:98:c1:15:cc:7a:a7:46:
                    05:a7:d0:89:c2:f7:c4:32:f1:00:ac:61:8f:9a:6d:
                    64:67:54:b0:58:0f:c5:5b:b7:1b:a9:12:da:82:f6:
                    77:5b:5c:0b:a8:53:83:e3:af:a1:3e:9e:c4:68:90:
                    89:e3:c9:e4:a1:fe:74:d5:8c:ba:00:6c:3a:f0:60:
                    2f:92:87:ff:dc:c6:f8:94:cd:57:17:52:b4:02:b9:
                    63:80:a7:da:53:4d:f6:48:e9:78:be:c5:ef:b7:b5:
                    63:1d:e1:b9:92:1b:d3:32:49:f5:f0:41:11:63:ff:
                    c8:2d:d5:91:af:bb:ce:23:43:5d:97:1a:4f:cf:c8:
                    aa:d7:10:1a:0f:68:03:c8:42:18:59:c8:71:53:e2:
                    ce:4e:e0:d3:ac:a3:cc:c8:39:44:d7:5f:cd:18:42:
                    30:30:c8:a7:e2:51:16:91:d4:94:af:28:a9:a4:49:
                    6d:97:6c:bc:a9:f8:5d:39:54:e9:78:0b:94:dc:53:
                    c4:da:11:5a:b2:8d:45:ec:5d:56:16:b0:ef:83:09:
                    01:83:1c:c0:7f:10:77:2f:6a:3c:b9:cc:5c:26:94:
                    51:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:00:1C:0E:3F:88:5C:70:05:70:4B:F9:5D:73:24:6A:32:FD:87:F3
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/DwAcDj-IXHAFcEv5XXMkajL9h_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:f407:1034::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:90:a4:84:d0:b6:f6:9c:04:f5:a8:79:cc:84:61:a9:1c:41:
         e2:0e:ae:32:b0:b0:18:5e:45:77:42:23:c2:76:a9:0f:72:5d:
         02:f3:75:15:63:7c:5c:0e:7e:72:c9:66:f0:1f:fd:14:be:57:
         51:71:93:8b:ef:81:06:7b:7c:d2:41:84:04:ac:ab:be:09:ce:
         9a:8f:cd:77:36:42:45:6a:ee:11:e1:dd:4a:91:60:c2:fa:b8:
         83:b4:1a:62:e2:a0:09:9e:e8:f4:12:c4:c1:e2:ee:0d:9a:0d:
         7f:9d:f6:c8:7a:22:b3:df:ce:a1:75:2f:54:dc:96:51:1c:3e:
         ce:d9:c1:b4:03:0e:ef:90:e2:a1:fb:3a:7e:64:e1:8f:c3:bd:
         96:83:66:76:07:08:03:e0:d4:21:d0:3b:22:93:71:9c:92:63:
         5f:00:ea:b9:c5:c7:90:69:eb:97:0d:7e:27:7f:0f:66:7c:4e:
         59:a7:f4:ed:da:dc:e3:52:f5:35:8d:12:d4:62:8c:d2:f7:17:
         3c:e4:72:96:68:80:07:a8:48:07:71:35:3e:0f:bb:5f:25:86:
         28:c0:d7:86:f5:67:09:52:9c:d4:e4:c1:0d:07:ed:cb:23:84:
         f9:2f:a3:53:f1:69:cf:a1:f7:be:5f:a9:f0:ef:52:22:6c:7d:
         85:6a:b5:c1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvHAcwTRE1pN4wviVnIRjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQwMTAyMTAzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjAwMWMwZTNmODg1YzcwMDU3MDRiZjk1ZDczMjQ2YTMyZmQ4N2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlH1omZDfmJnQC0PY+rzTShhqkrzV
L50e4Uufwu+tElLFBy6XHZjBFcx6p0YFp9CJwvfEMvEArGGPmm1kZ1SwWA/FW7cb
qRLagvZ3W1wLqFOD46+hPp7EaJCJ48nkof501Yy6AGw68GAvkof/3Mb4lM1XF1K0
ArljgKfaU032SOl4vsXvt7VjHeG5khvTMkn18EERY//ILdWRr7vOI0NdlxpPz8iq
1xAaD2gDyEIYWchxU+LOTuDTrKPMyDlE11/NGEIwMMin4lEWkdSUryippEltl2y8
qfhdOVTpeAuU3FPE2hFaso1F7F1WFrDvgwkBgxzAfxB3L2o8ucxcJpRR+wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA8AHA4/iFxwBXBL+V1zJGoy/YfzMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvRHdBY0RqLUlYSEFGY0V2NVhYTWthakw5aF9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg30BxA0
MA0GCSqGSIb3DQEBCwUAA4IBAQASkKSE0Lb2nAT1qHnMhGGpHEHiDq4ysLAYXkV3
QiPCdqkPcl0C83UVY3xcDn5yyWbwH/0UvldRcZOL74EGe3zSQYQErKu+Cc6aj813
NkJFau4R4d1KkWDC+riDtBpi4qAJnuj0EsTB4u4Nmg1/nfbIeiKz386hdS9U3JZR
HD7O2cG0Aw7vkOKh+zp+ZOGPw72Wg2Z2BwgD4NQh0Dsik3GckmNfAOq5xceQaeuX
DX4nfw9mfE5Zp/Tt2tzjUvU1jRLUYozS9xc85HKWaIAHqEgHcTU+D7tfJYYowNeG
9WcJUpzU5MENB+3LI4T5L6NT8WnPofe+X6nw71IibH2FarXB
-----END CERTIFICATE-----