Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/Ww7atMqbyQGDmkp-uCqlL1ESzcs.roa
File:                     Ww7atMqbyQGDmkp-uCqlL1ESzcs.roa (raw, json)
Hash identifier:          LZmYGM40JUENNY9D7XmeWEQf9+U8gqDrLEDWfSqv5so=
Subject key identifier:   5B:0E:DA:B4:CA:9B:C9:01:83:9A:4A:7E:B8:2A:A5:2F:51:12:CD:CB
Certificate issuer:       /CN=49f7c1a4677eb7826dae69de01a699b6201d6244
Certificate serial:       018CC4247E88BD8E6D5F9C34C9EBB7637718
Authority key identifier: 49:F7:C1:A4:67:7E:B7:82:6D:AE:69:DE:01:A6:99:B6:20:1D:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SffBpGd-t4JtrmneAaaZtiAdYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/Ww7atMqbyQGDmkp-uCqlL1ESzcs.roa
Signing time:             Mon 01 Jan 2024 08:29:35 +0000
ROA not before:           Mon 01 Jan 2024 08:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42873
IP address blocks:        2a02:d480:240::/42 maxlen: 42

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/SffBpGd-t4JtrmneAaaZtiAdYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/SffBpGd-t4JtrmneAaaZtiAdYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SffBpGd-t4JtrmneAaaZtiAdYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:7e:88:bd:8e:6d:5f:9c:34:c9:eb:b7:63:77:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49f7c1a4677eb7826dae69de01a699b6201d6244
        Validity
            Not Before: Jan  1 08:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b0edab4ca9bc901839a4a7eb82aa52f5112cdcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b5:94:2c:46:44:73:b4:da:85:bd:bf:b4:30:
                    c6:2d:af:1c:17:f5:f0:04:03:1e:e5:d7:49:fa:e9:
                    ad:6f:d3:92:25:6a:0e:09:d2:d6:79:c9:14:d5:f1:
                    42:61:87:bd:50:1b:59:d8:0d:c0:1b:a2:6a:93:b8:
                    a5:ac:e2:f9:9b:fb:34:95:19:af:5e:15:fc:fd:30:
                    6c:5f:c6:b6:07:21:47:9e:35:1f:6f:ae:73:f0:a7:
                    5a:cb:96:9f:98:b8:97:d6:ed:cd:c5:3d:85:bb:b1:
                    7d:86:9e:3e:14:68:fd:c1:c9:89:41:19:56:89:6f:
                    ae:fc:c4:28:7b:59:ab:8a:3d:65:c6:5b:24:aa:e0:
                    5a:e3:b2:bb:34:a3:af:45:57:1c:96:50:8b:66:61:
                    66:ff:4d:85:d3:c4:e7:b9:de:0a:c1:57:a0:a3:82:
                    5e:a8:14:a4:ad:08:58:89:b8:89:05:f5:28:61:9e:
                    56:9b:ac:a8:dc:3f:68:bc:2c:3f:3a:5e:8d:68:ca:
                    95:c6:00:9d:0b:eb:bd:02:74:57:7c:4f:95:10:61:
                    fa:60:62:82:36:33:05:a1:de:eb:8a:6a:c4:ce:d1:
                    38:6e:83:4a:c5:43:83:65:3d:3a:22:c4:59:36:eb:
                    85:40:29:d7:f1:2c:23:d9:39:47:1b:61:a1:a0:3d:
                    d0:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:0E:DA:B4:CA:9B:C9:01:83:9A:4A:7E:B8:2A:A5:2F:51:12:CD:CB
            X509v3 Authority Key Identifier:
                keyid:49:F7:C1:A4:67:7E:B7:82:6D:AE:69:DE:01:A6:99:B6:20:1D:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SffBpGd-t4JtrmneAaaZtiAdYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/Ww7atMqbyQGDmkp-uCqlL1ESzcs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/4dbd63-76b1-4b03-9dea-50c16bdd5c24/1/SffBpGd-t4JtrmneAaaZtiAdYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:d480:240::/42

    Signature Algorithm: sha256WithRSAEncryption
         07:bf:52:87:93:c5:c0:61:e9:25:ff:53:02:81:21:8c:66:4b:
         01:0a:a6:db:8a:ec:4d:e5:22:d1:c5:db:94:2a:c0:c9:6e:ae:
         31:e7:64:93:e6:21:b2:02:8f:68:46:2c:d2:47:b6:ec:ef:9e:
         13:cc:1f:e0:8e:59:a1:77:cd:77:2e:b1:03:01:80:1e:12:ae:
         9d:40:7c:cf:ac:3a:64:32:52:ed:f1:4a:03:18:90:37:e4:fb:
         a6:36:29:de:28:ed:0b:1f:bb:b9:22:86:52:48:a4:dd:bc:68:
         2a:41:12:31:bb:10:1c:d0:92:1f:c1:d2:ad:24:1f:22:73:97:
         5e:e5:e7:a1:81:99:97:46:78:3f:7e:95:4a:0d:1c:d3:a4:d3:
         c6:44:14:7b:6a:02:be:91:18:cf:1a:da:66:58:5a:a6:9b:dd:
         b0:92:45:bd:6c:b3:af:96:6e:59:c4:9b:b9:f5:6c:ac:b2:9c:
         23:83:35:2a:43:98:41:95:8e:52:a9:f5:fd:1f:12:57:5d:02:
         de:d1:d7:4e:22:8d:33:d5:72:44:d5:a7:f0:f7:2d:2a:95:ab:
         d5:21:66:81:9a:83:87:6c:d1:3e:93:b0:11:6c:13:be:05:5a:
         11:27:18:d1:33:67:e0:18:55:ac:8d:18:b9:3f:ba:1a:ee:11:
         39:8a:15:a0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJH6IvY5tX5w0yeu3Y3cYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZjdjMWE0Njc3ZWI3ODI2ZGFlNjlkZTAxYTY5OWI2MjAx
ZDYyNDQwHhcNMjQwMTAxMDgyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjBlZGFiNGNhOWJjOTAxODM5YTRhN2ViODJhYTUyZjUxMTJjZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLWULEZEc7Tahb2/tDDGLa8cF/Xw
BAMe5ddJ+umtb9OSJWoOCdLWeckU1fFCYYe9UBtZ2A3AG6Jqk7ilrOL5m/s0lRmv
XhX8/TBsX8a2ByFHnjUfb65z8Kday5afmLiX1u3NxT2Fu7F9hp4+FGj9wcmJQRlW
iW+u/MQoe1mrij1lxlskquBa47K7NKOvRVccllCLZmFm/02F08Tnud4KwVego4Je
qBSkrQhYibiJBfUoYZ5Wm6yo3D9ovCw/Ol6NaMqVxgCdC+u9AnRXfE+VEGH6YGKC
NjMFod7rimrEztE4boNKxUODZT06IsRZNuuFQCnX8Swj2TlHG2GhoD3QBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFsO2rTKm8kBg5pKfrgqpS9REs3LMB8GA1UdIwQY
MBaAFEn3waRnfreCba5p3gGmmbYgHWJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2ZmQnBHZC10NEp0cm1uZUFhYVp0aUFkWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS80ZGJkNjMtNzZiMS00YjAzLTlkZWEt
NTBjMTZiZGQ1YzI0LzEvV3c3YXRNcWJ5UUdEbWtwLXVDcWxMMUVTemNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS80ZGJkNjMtNzZiMS00YjAzLTlkZWEtNTBjMTZiZGQ1YzI0
LzEvU2ZmQnBHZC10NEp0cm1uZUFhYVp0aUFkWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcGKgLUgAJA
MA0GCSqGSIb3DQEBCwUAA4IBAQAHv1KHk8XAYekl/1MCgSGMZksBCqbbiuxN5SLR
xduUKsDJbq4x52ST5iGyAo9oRizSR7bs754TzB/gjlmhd813LrEDAYAeEq6dQHzP
rDpkMlLt8UoDGJA35PumNineKO0LH7u5IoZSSKTdvGgqQRIxuxAc0JIfwdKtJB8i
c5de5eehgZmXRng/fpVKDRzTpNPGRBR7agK+kRjPGtpmWFqmm92wkkW9bLOvlm5Z
xJu59WysspwjgzUqQ5hBlY5SqfX9HxJXXQLe0ddOIo0z1XJE1afw9y0qlavVIWaB
moOHbNE+k7ARbBO+BVoRJxjRM2fgGFWsjRi5P7oa7hE5ihWg
-----END CERTIFICATE-----