Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/W4o4ps3Eh-rYPKzjgr7IjIokSI0.roa
File:                     W4o4ps3Eh-rYPKzjgr7IjIokSI0.roa (raw, json)
Hash identifier:          1CH+bluYNGmqwLaZbVSVa3RvtqQjRE9BnYdQJQdHOh0=
Subject key identifier:   5B:8A:38:A6:CD:C4:87:EA:D8:3C:AC:E3:82:BE:C8:8C:8A:24:48:8D
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       018E6C0BEF9FF88EC194054DFD21B27C9101
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/W4o4ps3Eh-rYPKzjgr7IjIokSI0.roa
Signing time:             Sat 23 Mar 2024 16:01:45 +0000
ROA not before:           Sat 23 Mar 2024 16:01:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39126
IP address blocks:        2a0a:6500::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:6c:0b:ef:9f:f8:8e:c1:94:05:4d:fd:21:b2:7c:91:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Mar 23 16:01:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b8a38a6cdc487ead83cace382bec88c8a24488d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:bd:a5:d9:ed:de:0f:a5:87:6c:b3:cc:d4:7e:
                    6f:73:32:5f:d7:5f:6b:ef:53:b0:de:04:a4:68:d2:
                    6f:90:14:c8:25:64:cc:15:0b:0c:48:d3:8d:87:d4:
                    ee:11:60:54:78:93:aa:82:b4:4b:7f:0d:9a:c5:b5:
                    5d:ea:90:e7:42:f8:71:f2:32:b3:2a:65:8a:4a:2b:
                    b1:fd:88:e8:c0:90:89:4d:ea:dd:50:bd:d0:3b:db:
                    03:02:60:2e:0f:fa:e1:01:8b:6f:2d:7c:38:f5:ab:
                    2b:8d:d0:02:a4:09:10:c5:7a:cc:78:9b:f1:3c:40:
                    47:83:c7:ff:3f:b0:b6:d8:16:bc:09:0e:d3:07:23:
                    cd:ef:6e:00:8d:d4:4e:cb:37:a3:3b:67:b5:ba:c7:
                    c8:a1:48:fb:16:41:d9:90:1b:4a:7a:e5:1d:53:f0:
                    d8:d3:77:a5:55:f0:43:71:bd:bc:0b:05:ed:39:4b:
                    81:eb:1c:91:32:1d:42:32:ad:6a:20:ef:c9:07:cb:
                    db:fa:7d:88:89:07:c0:da:13:13:8f:e0:2f:29:e2:
                    bf:e6:52:6f:1d:4c:06:e6:8e:36:40:39:30:7b:cb:
                    ee:f0:7a:aa:1e:bd:c1:4e:08:14:dc:b5:76:ce:3c:
                    be:8b:bf:7e:93:ff:d0:52:9b:78:48:97:9c:b9:0c:
                    45:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:8A:38:A6:CD:C4:87:EA:D8:3C:AC:E3:82:BE:C8:8C:8A:24:48:8D
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/W4o4ps3Eh-rYPKzjgr7IjIokSI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:6500::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:78:e2:24:4d:6a:87:3c:b0:a8:53:8c:3b:8b:a8:b9:fd:9d:
         8c:9e:ac:65:75:f7:17:49:aa:1a:ec:dc:e6:95:70:37:2f:73:
         9d:e1:a1:44:22:a0:c9:e8:1b:3e:98:67:9c:70:f6:91:86:2e:
         2d:82:19:fb:69:6a:46:dd:f8:9d:12:36:6c:35:0b:c0:0d:e2:
         64:bd:88:1d:ab:06:c7:34:11:96:ae:ab:ca:b9:54:e3:81:c1:
         25:c4:b6:8e:76:0b:e3:2a:f5:b2:aa:e9:43:19:65:9f:1d:12:
         02:08:e8:74:07:bd:a9:fd:27:a2:e6:04:9b:94:a6:fd:ee:00:
         9a:ed:44:06:86:77:80:ce:fb:97:83:5e:0f:ef:13:ec:07:a0:
         ed:44:10:c8:97:c1:28:e1:59:47:2c:90:0f:d3:f3:36:0a:5e:
         bd:13:22:42:13:ef:51:89:2d:be:3f:9a:e6:37:ae:e6:2d:31:
         45:ff:58:b7:46:6c:1b:fe:85:40:0b:af:74:2e:cc:d2:d4:44:
         6c:d7:00:ec:dc:f8:84:a2:37:09:2f:1d:da:fa:39:9a:35:43:
         0a:e0:7a:e7:65:ea:ce:7c:fe:2f:bd:6d:7f:9b:f7:7e:c0:be:
         04:43:f7:bf:f0:1c:13:1c:49:9d:39:5a:81:8a:4d:74:84:46:
         ea:83:2e:dd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY5sC++f+I7BlAVN/SGyfJEBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQwMzIzMTYwMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjhhMzhhNmNkYzQ4N2VhZDgzY2FjZTM4MmJlYzg4YzhhMjQ0ODhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3b2l2e3eD6WHbLPM1H5vczJf119r
71Ow3gSkaNJvkBTIJWTMFQsMSNONh9TuEWBUeJOqgrRLfw2axbVd6pDnQvhx8jKz
KmWKSiux/YjowJCJTerdUL3QO9sDAmAuD/rhAYtvLXw49asrjdACpAkQxXrMeJvx
PEBHg8f/P7C22Ba8CQ7TByPN724AjdROyzejO2e1usfIoUj7FkHZkBtKeuUdU/DY
03elVfBDcb28CwXtOUuB6xyRMh1CMq1qIO/JB8vb+n2IiQfA2hMTj+AvKeK/5lJv
HUwG5o42QDkwe8vu8HqqHr3BTggU3LV2zjy+i79+k//QUpt4SJecuQxFIwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFuKOKbNxIfq2Dys44K+yIyKJEiNMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvVzRvNHBzM0VoLXJZUEt6amdyN0lqSW9rU0kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgplAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBseOIkTWqHPLCoU4w7i6i5/Z2MnqxldfcXSaoa
7NzmlXA3L3Od4aFEIqDJ6Bs+mGeccPaRhi4tghn7aWpG3fidEjZsNQvADeJkvYgd
qwbHNBGWrqvKuVTjgcElxLaOdgvjKvWyqulDGWWfHRICCOh0B72p/Sei5gSblKb9
7gCa7UQGhneAzvuXg14P7xPsB6DtRBDIl8Eo4VlHLJAP0/M2Cl69EyJCE+9RiS2+
P5rmN67mLTFF/1i3Rmwb/oVAC690LszS1ERs1wDs3PiEojcJLx3a+jmaNUMK4Hrn
ZerOfP4vvW1/m/d+wL4EQ/e/8BwTHEmdOVqBik10hEbqgy7d
-----END CERTIFICATE-----