Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/DyVGy6S4RCX2ePp4f1I1_wwroPA.roa
File:                     DyVGy6S4RCX2ePp4f1I1_wwroPA.roa (raw, json)
Hash identifier:          aIj7o4l9AbQ8veAcsoCk83Abry61r4yOxi4cHP5vfRs=
Subject key identifier:   0F:25:46:CB:A4:B8:44:25:F6:78:FA:78:7F:52:35:FF:0C:2B:A0:F0
Certificate issuer:       /CN=49f7c1a4677eb7826dae69de01a699b6201d6244
Certificate serial:       018CC4247E4CD7A7DB8B663AFB082F089ED7
Authority key identifier: 49:F7:C1:A4:67:7E:B7:82:6D:AE:69:DE:01:A6:99:B6:20:1D:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SffBpGd-t4JtrmneAaaZtiAdYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/DyVGy6S4RCX2ePp4f1I1_wwroPA.roa
Signing time:             Mon 01 Jan 2024 08:29:35 +0000
ROA not before:           Mon 01 Jan 2024 08:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     680
IP address blocks:        2a02:d480::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/SffBpGd-t4JtrmneAaaZtiAdYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/SffBpGd-t4JtrmneAaaZtiAdYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SffBpGd-t4JtrmneAaaZtiAdYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:7e:4c:d7:a7:db:8b:66:3a:fb:08:2f:08:9e:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49f7c1a4677eb7826dae69de01a699b6201d6244
        Validity
            Not Before: Jan  1 08:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0f2546cba4b84425f678fa787f5235ff0c2ba0f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ee:bb:8e:f7:da:70:7b:e0:59:39:2f:36:e1:
                    f7:d6:38:ec:d6:09:78:cc:bc:d3:86:54:5c:8e:e6:
                    eb:e1:0e:ff:1e:2c:9a:ee:36:37:51:61:e8:41:9b:
                    84:c4:73:d5:b6:05:42:a6:15:f9:3c:78:21:76:d8:
                    36:24:16:d6:b3:fa:91:8c:4b:92:32:b6:79:66:40:
                    22:eb:2d:68:8f:e3:34:18:e2:4b:9e:a5:2c:a4:cb:
                    9f:ef:18:a9:4c:ab:8f:a9:86:97:6c:9b:0b:53:f2:
                    08:b3:4f:1c:98:3e:95:35:62:a7:ce:a0:f4:3a:1f:
                    1a:75:bb:44:c7:46:63:6e:42:b0:53:1b:fb:d3:a8:
                    06:4b:01:68:12:15:e3:67:f6:8a:58:f0:5d:ce:af:
                    55:44:d8:0c:ba:eb:ae:df:20:5f:86:26:9e:18:73:
                    aa:a5:16:97:4b:9f:78:01:ed:97:7d:bf:c0:bc:8c:
                    ff:2f:00:fe:ee:fc:5f:b2:be:66:f5:76:26:bb:fc:
                    2c:57:8e:16:66:3c:70:4e:fb:48:8c:d8:54:64:65:
                    36:e4:68:cd:22:27:2c:03:1f:2c:9e:8e:87:52:bf:
                    f5:81:1f:6d:c9:40:ac:0d:cb:df:73:69:53:b8:1c:
                    58:64:e0:7c:7c:b7:65:43:05:41:fe:78:02:a1:bd:
                    65:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:25:46:CB:A4:B8:44:25:F6:78:FA:78:7F:52:35:FF:0C:2B:A0:F0
            X509v3 Authority Key Identifier:
                keyid:49:F7:C1:A4:67:7E:B7:82:6D:AE:69:DE:01:A6:99:B6:20:1D:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SffBpGd-t4JtrmneAaaZtiAdYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/DyVGy6S4RCX2ePp4f1I1_wwroPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/SffBpGd-t4JtrmneAaaZtiAdYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:d480::/32

    Signature Algorithm: sha256WithRSAEncryption
         00:20:2d:09:27:f2:ab:a4:c5:8d:4f:1d:3d:c9:ec:7a:55:25:
         50:33:73:41:87:dc:c7:f9:33:fb:27:c9:92:1f:8b:e6:94:69:
         a0:93:b9:20:ee:e3:ab:3e:da:ac:4f:12:9a:12:27:ce:ff:81:
         15:21:bb:87:51:44:f0:18:01:da:08:ee:fc:23:1a:c0:6a:89:
         62:76:c7:be:5a:c7:15:61:82:11:5d:34:5f:8e:9c:7c:4f:9b:
         22:80:43:bd:81:69:18:19:1c:bb:d6:29:c9:12:40:e8:3c:f8:
         f2:ab:c2:12:20:df:00:a9:a1:8f:6c:70:38:e9:7a:00:fc:5a:
         96:2f:a8:04:07:71:e5:c9:d1:9d:3e:8a:3f:f8:c3:ed:47:6a:
         c4:6c:22:2a:59:47:3a:b8:d0:f2:98:8b:bc:3a:8d:7d:ed:0e:
         16:fd:34:e0:05:71:5b:d4:ad:95:3c:4d:db:4d:20:ea:f5:67:
         d1:b6:c2:e9:aa:28:d9:06:e9:65:11:fe:26:1d:4d:c0:b4:e1:
         89:7a:f7:74:76:bd:f5:42:ab:1b:9a:9a:f3:58:43:f5:8f:b1:
         ad:5d:8e:45:5e:54:7b:98:e4:6b:1b:3d:3c:14:54:5a:bd:7f:
         b1:36:a1:7b:33:88:2d:3f:ed:e3:28:f2:88:18:df:6f:db:86:
         5b:0e:28:4d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEJH5M16fbi2Y6+wgvCJ7XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZjdjMWE0Njc3ZWI3ODI2ZGFlNjlkZTAxYTY5OWI2MjAx
ZDYyNDQwHhcNMjQwMTAxMDgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjI1NDZjYmE0Yjg0NDI1ZjY3OGZhNzg3ZjUyMzVmZjBjMmJhMGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAie67jvfacHvgWTkvNuH31jjs1gl4
zLzThlRcjubr4Q7/Hiya7jY3UWHoQZuExHPVtgVCphX5PHghdtg2JBbWs/qRjEuS
MrZ5ZkAi6y1oj+M0GOJLnqUspMuf7xipTKuPqYaXbJsLU/IIs08cmD6VNWKnzqD0
Oh8adbtEx0ZjbkKwUxv706gGSwFoEhXjZ/aKWPBdzq9VRNgMuuuu3yBfhiaeGHOq
pRaXS594Ae2Xfb/AvIz/LwD+7vxfsr5m9XYmu/wsV44WZjxwTvtIjNhUZGU25GjN
IicsAx8sno6HUr/1gR9tyUCsDcvfc2lTuBxYZOB8fLdlQwVB/ngCob1lbQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFA8lRsukuEQl9nj6eH9SNf8MK6DwMB8GA1UdIwQY
MBaAFEn3waRnfreCba5p3gGmmbYgHWJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2ZmQnBHZC10NEp0cm1uZUFhYVp0aUFkWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS80ZGJkNjMtNzZiMS00YjAzLTlkZWEt
NTBjMTZiZGQ1YzI0LzEvRHlWR3k2UzRSQ1gyZVBwNGYxSTFfd3dyb1BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS80ZGJkNjMtNzZiMS00YjAzLTlkZWEtNTBjMTZiZGQ1YzI0
LzEvU2ZmQnBHZC10NEp0cm1uZUFhYVp0aUFkWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgLUgDAN
BgkqhkiG9w0BAQsFAAOCAQEAACAtCSfyq6TFjU8dPcnselUlUDNzQYfcx/kz+yfJ
kh+L5pRpoJO5IO7jqz7arE8SmhInzv+BFSG7h1FE8BgB2gju/CMawGqJYnbHvlrH
FWGCEV00X46cfE+bIoBDvYFpGBkcu9YpyRJA6Dz48qvCEiDfAKmhj2xwOOl6APxa
li+oBAdx5cnRnT6KP/jD7UdqxGwiKllHOrjQ8piLvDqNfe0OFv004AVxW9StlTxN
200g6vVn0bbC6aoo2QbpZRH+Jh1NwLThiXr3dHa99UKrG5qa81hD9Y+xrV2ORV5U
e5jkaxs9PBRUWr1/sTahezOILT/t4yjyiBjfb9uGWw4oTQ==
-----END CERTIFICATE-----