Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/wz_TvTU1xF0eJ_9EwkVCuufFGFo.roa
File:                     wz_TvTU1xF0eJ_9EwkVCuufFGFo.roa (raw, json)
Hash identifier:          Vtdi4r4GuCz7NyZSMqwPceN5sJkZoRY3YKYSc4S4CjI=
Subject key identifier:   C3:3F:D3:BD:35:35:C4:5D:1E:27:FF:44:C2:45:42:BA:E7:C5:18:5A
Certificate issuer:       /CN=b2e448b4a08f0e4c58a283d80735a8a803e10d4e
Certificate serial:       01942143E128A12C599404EAB1A00AC34D0A
Authority key identifier: B2:E4:48:B4:A0:8F:0E:4C:58:A2:83:D8:07:35:A8:A8:03:E1:0D:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/suRItKCPDkxYooPYBzWoqAPhDU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/wz_TvTU1xF0eJ_9EwkVCuufFGFo.roa
Signing time:             Wed 01 Jan 2025 09:48:04 +0000
ROA not before:           Wed 01 Jan 2025 09:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44921
IP address blocks:        2a00:1908:e100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/suRItKCPDkxYooPYBzWoqAPhDU4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/suRItKCPDkxYooPYBzWoqAPhDU4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/suRItKCPDkxYooPYBzWoqAPhDU4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:e1:28:a1:2c:59:94:04:ea:b1:a0:0a:c3:4d:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2e448b4a08f0e4c58a283d80735a8a803e10d4e
        Validity
            Not Before: Jan  1 09:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c33fd3bd3535c45d1e27ff44c24542bae7c5185a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:66:99:77:1a:74:36:3c:ad:1c:f0:95:f0:ea:
                    c4:a3:f9:81:53:c6:ce:15:db:1d:6d:bb:8f:9d:12:
                    ce:06:2f:55:02:5a:08:b2:35:85:91:07:4c:02:97:
                    e2:8a:57:7a:e4:c2:f2:19:9f:7d:74:8e:6a:34:9c:
                    d1:e8:67:b6:10:cb:36:23:59:2c:31:09:82:6f:eb:
                    fb:0d:21:1e:eb:2d:46:6d:60:8d:60:f5:b4:45:be:
                    1f:d3:80:48:5c:1e:b0:2c:9a:99:48:3c:0c:ca:c1:
                    52:d5:74:ec:9b:ca:a0:1b:a5:13:4f:ce:99:47:e5:
                    03:7d:a9:6c:39:8d:95:22:15:25:eb:7d:23:de:a5:
                    26:92:6f:e0:2b:a9:aa:fe:72:60:45:d0:3d:58:0b:
                    ad:00:30:52:7e:43:a3:5e:d7:e3:fe:e6:4b:04:62:
                    ab:ae:b6:90:60:a8:bb:dd:09:91:e3:6c:af:ad:84:
                    0a:0b:a4:6a:ee:ce:d9:da:af:30:6e:58:d5:8f:b1:
                    b1:c0:76:c4:5c:b3:8f:c9:f0:bd:e8:f2:44:da:3b:
                    1d:a6:11:9a:41:87:c1:8e:ca:2b:d6:4f:9b:1c:7c:
                    56:28:be:d1:00:f5:43:e0:f5:3c:16:55:d5:73:a5:
                    e6:f1:2b:21:22:42:f8:8b:de:5f:17:d4:97:f9:09:
                    8c:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:3F:D3:BD:35:35:C4:5D:1E:27:FF:44:C2:45:42:BA:E7:C5:18:5A
            X509v3 Authority Key Identifier:
                keyid:B2:E4:48:B4:A0:8F:0E:4C:58:A2:83:D8:07:35:A8:A8:03:E1:0D:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/suRItKCPDkxYooPYBzWoqAPhDU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/wz_TvTU1xF0eJ_9EwkVCuufFGFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/suRItKCPDkxYooPYBzWoqAPhDU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1908:e100::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:d4:fd:b9:13:28:7c:60:75:3f:b4:85:14:7c:a2:f3:81:51:
         64:4f:41:8f:95:bc:93:bb:b5:10:6b:0a:72:9c:58:ef:d3:4f:
         88:64:01:14:6e:fd:46:94:b0:e8:21:d5:e6:45:19:a5:f6:22:
         54:91:d2:32:c3:6b:18:40:ff:60:e0:ec:31:9d:ed:8c:79:b2:
         33:98:40:e1:0f:a9:e9:c3:d1:cb:60:ec:3b:e4:0a:c7:6d:9c:
         2f:c9:ae:ab:a6:bb:ee:d0:9d:51:0d:c2:53:1f:cb:12:ba:d2:
         68:e4:ed:b0:b0:47:8b:5c:80:c9:75:5c:af:8c:4a:b8:a9:e8:
         77:a0:60:ee:41:6a:a1:be:e3:f8:bb:b0:00:4c:48:6b:b4:7d:
         2f:30:95:56:34:15:1a:55:74:3a:32:94:33:03:d5:7b:9d:ce:
         cf:a6:91:9d:d0:fd:44:f5:e0:c8:65:af:ca:5f:6f:f6:99:f9:
         3a:ec:bd:13:a6:b5:28:e7:b9:39:d1:7c:d0:e6:a3:05:3c:e8:
         9c:f3:49:f8:84:fc:1d:8e:b0:23:aa:8d:d8:66:11:f1:47:b5:
         8f:44:6c:82:5b:8b:1c:64:90:0d:bc:94:8f:56:b1:0d:64:55:
         7b:0b:76:03:b9:28:e6:8f:d9:aa:f1:83:8d:c6:92:7f:32:59:
         14:87:15:ea
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQhQ+EooSxZlATqsaAKw00KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZTQ0OGI0YTA4ZjBlNGM1OGEyODNkODA3MzVhOGE4MDNl
MTBkNGUwHhcNMjUwMTAxMDk0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzNmZDNiZDM1MzVjNDVkMWUyN2ZmNDRjMjQ1NDJiYWU3YzUxODVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8maZdxp0NjytHPCV8OrEo/mBU8bO
FdsdbbuPnRLOBi9VAloIsjWFkQdMApfiild65MLyGZ99dI5qNJzR6Ge2EMs2I1ks
MQmCb+v7DSEe6y1GbWCNYPW0Rb4f04BIXB6wLJqZSDwMysFS1XTsm8qgG6UTT86Z
R+UDfalsOY2VIhUl630j3qUmkm/gK6mq/nJgRdA9WAutADBSfkOjXtfj/uZLBGKr
rraQYKi73QmR42yvrYQKC6Rq7s7Z2q8wbljVj7GxwHbEXLOPyfC96PJE2jsdphGa
QYfBjsor1k+bHHxWKL7RAPVD4PU8FlXVc6Xm8SshIkL4i95fF9SX+QmMiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMM/0701NcRdHif/RMJFQrrnxRhaMB8GA1UdIwQY
MBaAFLLkSLSgjw5MWKKD2Ac1qKgD4Q1OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3VSSXRLQ1BEa3hZb29QWUJ6V29xQVBoRFU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9hNzA2OGEtOTJiYS00MmVhLTk5NjYt
MjA1NGQ0ZTkwM2JjLzEvd3pfVHZUVTF4RjBlSl85RXdrVkN1dWZGR0ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9hNzA2OGEtOTJiYS00MmVhLTk5NjYtMjA1NGQ0ZTkwM2Jj
LzEvc3VSSXRLQ1BEa3hZb29QWUJ6V29xQVBoRFU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgAZCOEA
MA0GCSqGSIb3DQEBCwUAA4IBAQBA1P25Eyh8YHU/tIUUfKLzgVFkT0GPlbyTu7UQ
awpynFjv00+IZAEUbv1GlLDoIdXmRRml9iJUkdIyw2sYQP9g4Owxne2MebIzmEDh
D6npw9HLYOw75ArHbZwvya6rprvu0J1RDcJTH8sSutJo5O2wsEeLXIDJdVyvjEq4
qeh3oGDuQWqhvuP4u7AATEhrtH0vMJVWNBUaVXQ6MpQzA9V7nc7PppGd0P1E9eDI
Za/KX2/2mfk67L0TprUo57k50XzQ5qMFPOic80n4hPwdjrAjqo3YZhHxR7WPRGyC
W4scZJANvJSPVrENZFV7C3YDuSjmj9mq8YONxpJ/MlkUhxXq
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:39:09 2025 by rpki-client