Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/2fdd56-ba2c-46fb-9882-9b257f4fea8d/1/woJWXVstFHUtgq-D2T_zRArE0Kw.roa
File:                     woJWXVstFHUtgq-D2T_zRArE0Kw.roa (raw, json)
Hash identifier:          2XfR6tG9YgDM6agozB+JbYxXmDDwuxeYkASQOzjtCLU=
Subject key identifier:   C2:82:56:5D:5B:2D:14:75:2D:82:AF:83:D9:3F:F3:44:0A:C4:D0:AC
Certificate issuer:       /CN=77bc534ba44e9d3cba2f2446d4a3dd6eea9b8f61
Certificate serial:       018CC6B8192546E26332676E6380D6920DCC
Authority key identifier: 77:BC:53:4B:A4:4E:9D:3C:BA:2F:24:46:D4:A3:DD:6E:EA:9B:8F:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d7xTS6ROnTy6LyRG1KPdbuqbj2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/2fdd56-ba2c-46fb-9882-9b257f4fea8d/1/woJWXVstFHUtgq-D2T_zRArE0Kw.roa
Signing time:             Mon 01 Jan 2024 20:30:02 +0000
ROA not before:           Mon 01 Jan 2024 20:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        2a11:60c0:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/2fdd56-ba2c-46fb-9882-9b257f4fea8d/1/d7xTS6ROnTy6LyRG1KPdbuqbj2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/2fdd56-ba2c-46fb-9882-9b257f4fea8d/1/d7xTS6ROnTy6LyRG1KPdbuqbj2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d7xTS6ROnTy6LyRG1KPdbuqbj2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 07:02:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:19:25:46:e2:63:32:67:6e:63:80:d6:92:0d:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77bc534ba44e9d3cba2f2446d4a3dd6eea9b8f61
        Validity
            Not Before: Jan  1 20:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c282565d5b2d14752d82af83d93ff3440ac4d0ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e4:78:ff:e0:2a:04:df:87:1e:d9:d4:89:99:
                    45:59:51:74:e3:c1:cc:0d:5d:e7:5c:58:cc:0f:1b:
                    5f:89:18:e1:b4:24:28:1b:19:0a:79:fc:ca:da:20:
                    fb:8f:2b:73:22:b8:0d:94:39:66:90:d7:c0:5f:af:
                    95:5d:28:51:33:e1:f2:60:31:98:5c:3d:6b:41:86:
                    d6:3f:e9:d9:13:ed:6d:48:f1:45:30:56:0f:24:33:
                    3b:75:9f:ba:ff:94:df:70:81:05:80:2a:4f:d6:40:
                    02:1b:de:c3:5e:c2:01:61:59:ab:0e:27:5a:68:3b:
                    db:9b:12:e8:96:b9:81:e8:c4:ff:54:82:37:3d:43:
                    66:03:aa:be:63:2a:63:f0:78:49:69:e0:59:d6:f0:
                    2d:5a:bd:bd:6b:09:3d:c2:77:0b:c4:d5:fd:9f:a7:
                    90:24:a1:19:91:8f:06:e4:be:b6:fb:b4:df:a2:ae:
                    e5:ae:3e:78:a9:03:e7:73:87:c7:7d:e9:46:a8:2d:
                    55:59:80:a0:43:48:ab:f1:eb:e5:ca:0d:92:50:1d:
                    46:16:9d:cd:f2:3c:f6:1f:42:ed:98:79:e1:69:e8:
                    b6:94:57:e6:e5:d5:6e:16:a5:27:9e:9e:75:23:0f:
                    08:d7:64:a0:95:b1:f1:eb:e2:8f:72:fd:e3:80:ac:
                    c0:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:82:56:5D:5B:2D:14:75:2D:82:AF:83:D9:3F:F3:44:0A:C4:D0:AC
            X509v3 Authority Key Identifier:
                keyid:77:BC:53:4B:A4:4E:9D:3C:BA:2F:24:46:D4:A3:DD:6E:EA:9B:8F:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7xTS6ROnTy6LyRG1KPdbuqbj2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/2fdd56-ba2c-46fb-9882-9b257f4fea8d/1/woJWXVstFHUtgq-D2T_zRArE0Kw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/2fdd56-ba2c-46fb-9882-9b257f4fea8d/1/d7xTS6ROnTy6LyRG1KPdbuqbj2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:60c0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:3d:83:49:5d:5f:b7:45:ad:93:a2:5e:e2:a3:6a:53:29:61:
         3d:7e:cb:2d:88:e5:31:d5:53:b8:35:6a:d8:33:79:83:ae:54:
         61:d7:9a:c3:8d:1d:f3:df:fe:c7:b9:8f:9f:41:1c:3c:ca:4a:
         93:e0:8e:33:aa:57:fe:83:c8:16:ca:0f:81:1a:dc:1b:7a:05:
         b7:9f:ef:f8:77:b7:80:73:5f:7e:ff:2f:17:95:8f:42:42:53:
         12:dc:89:3a:2d:b1:80:52:ae:a2:0f:07:74:94:26:c8:ea:ce:
         a5:57:36:24:c6:63:e1:8c:c0:10:56:b2:b6:95:b8:51:0f:36:
         f6:35:57:92:ff:ab:bb:77:4b:08:65:22:d4:4e:e9:15:13:cd:
         c2:f4:df:d7:d5:7b:0d:f6:63:ea:1b:89:a0:ea:ce:31:11:a7:
         51:a2:c4:3b:a1:7b:21:2d:2b:c8:77:e0:24:ad:11:9e:ac:18:
         0a:4a:3e:65:d9:ec:21:55:12:76:c7:2f:eb:f3:47:4f:58:e6:
         6b:f3:01:24:e8:79:9d:89:6f:e7:c0:15:78:38:56:85:33:17:
         cb:84:62:37:4d:62:06:af:74:e4:29:4d:a2:19:cc:3a:61:74:
         3b:b9:37:e1:b7:ef:f0:92:61:3b:08:f7:cb:0c:8d:ee:86:84:
         3b:72:2a:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGuBklRuJjMmduY4DWkg3MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3YmM1MzRiYTQ0ZTlkM2NiYTJmMjQ0NmQ0YTNkZDZlZWE5
YjhmNjEwHhcNMjQwMTAxMjAzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjgyNTY1ZDViMmQxNDc1MmQ4MmFmODNkOTNmZjM0NDBhYzRkMGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+R4/+AqBN+HHtnUiZlFWVF048HM
DV3nXFjMDxtfiRjhtCQoGxkKefzK2iD7jytzIrgNlDlmkNfAX6+VXShRM+HyYDGY
XD1rQYbWP+nZE+1tSPFFMFYPJDM7dZ+6/5TfcIEFgCpP1kACG97DXsIBYVmrDida
aDvbmxLolrmB6MT/VII3PUNmA6q+Yypj8HhJaeBZ1vAtWr29awk9wncLxNX9n6eQ
JKEZkY8G5L62+7Tfoq7lrj54qQPnc4fHfelGqC1VWYCgQ0ir8evlyg2SUB1GFp3N
8jz2H0LtmHnhaei2lFfm5dVuFqUnnp51Iw8I12SglbHx6+KPcv3jgKzAdQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMKCVl1bLRR1LYKvg9k/80QKxNCsMB8GA1UdIwQY
MBaAFHe8U0ukTp08ui8kRtSj3W7qm49hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDd4VFM2Uk9uVHk2THlSRzFLUGRidXFiajJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi8yZmRkNTYtYmEyYy00NmZiLTk4ODIt
OWIyNTdmNGZlYThkLzEvd29KV1hWc3RGSFV0Z3EtRDJUX3pSQXJFMEt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi8yZmRkNTYtYmEyYy00NmZiLTk4ODItOWIyNTdmNGZlYThk
LzEvZDd4VFM2Uk9uVHk2THlSRzFLUGRidXFiajJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhFgwAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQBbPYNJXV+3Ra2Tol7io2pTKWE9fsstiOUx1VO4
NWrYM3mDrlRh15rDjR3z3/7HuY+fQRw8ykqT4I4zqlf+g8gWyg+BGtwbegW3n+/4
d7eAc19+/y8XlY9CQlMS3Ik6LbGAUq6iDwd0lCbI6s6lVzYkxmPhjMAQVrK2lbhR
Dzb2NVeS/6u7d0sIZSLUTukVE83C9N/X1XsN9mPqG4mg6s4xEadRosQ7oXshLSvI
d+AkrRGerBgKSj5l2ewhVRJ2xy/r80dPWOZr8wEk6HmdiW/nwBV4OFaFMxfLhGI3
TWIGr3TkKU2iGcw6YXQ7uTfht+/wkmE7CPfLDI3uhoQ7cioT
-----END CERTIFICATE-----