Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/ece2eb-83fa-476b-ab98-688762bb985e/1/WLSJNsKtp7tRpU1OJgVstTs_lJ8.roa
File:                     WLSJNsKtp7tRpU1OJgVstTs_lJ8.roa (raw, json)
Hash identifier:          HTWALMbF2cmOkLXiJznP+o3iPW0wZUQzmHPHS3MTUp8=
Subject key identifier:   58:B4:89:36:C2:AD:A7:BB:51:A5:4D:4E:26:05:6C:B5:3B:3F:94:9F
Certificate issuer:       /CN=0d8fc8df84fbf2ab40412e6d4adff7c1b84a5b2f
Certificate serial:       019427B659E28AD43DD62556C00FA93D5FDA
Authority key identifier: 0D:8F:C8:DF:84:FB:F2:AB:40:41:2E:6D:4A:DF:F7:C1:B8:4A:5B:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DY_I34T78qtAQS5tSt_3wbhKWy8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/ece2eb-83fa-476b-ab98-688762bb985e/1/WLSJNsKtp7tRpU1OJgVstTs_lJ8.roa
Signing time:             Thu 02 Jan 2025 15:50:49 +0000
ROA not before:           Thu 02 Jan 2025 15:50:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208985
IP address blocks:        2001:67c:914::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/ece2eb-83fa-476b-ab98-688762bb985e/1/DY_I34T78qtAQS5tSt_3wbhKWy8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/ece2eb-83fa-476b-ab98-688762bb985e/1/DY_I34T78qtAQS5tSt_3wbhKWy8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DY_I34T78qtAQS5tSt_3wbhKWy8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:59:e2:8a:d4:3d:d6:25:56:c0:0f:a9:3d:5f:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d8fc8df84fbf2ab40412e6d4adff7c1b84a5b2f
        Validity
            Not Before: Jan  2 15:50:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58b48936c2ada7bb51a54d4e26056cb53b3f949f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:51:14:d6:06:fe:64:32:37:54:84:fa:0a:69:
                    8c:6a:f1:b6:2e:e1:cc:0c:0e:52:9b:5f:32:4d:24:
                    c9:f3:5b:22:a3:14:b6:e6:89:ab:fb:63:c1:87:65:
                    c4:93:5b:b8:cf:11:42:52:1c:86:78:e0:b9:19:c5:
                    8c:3c:24:28:1b:1f:69:83:74:a2:a2:c9:45:c1:46:
                    42:d1:08:5a:4b:67:f2:c1:01:7c:b8:cd:c7:04:ed:
                    1e:01:be:c3:a9:7f:fa:04:27:be:95:84:d2:48:da:
                    ea:4f:ed:25:4b:fa:c3:c7:bc:8f:ab:41:9d:53:41:
                    20:27:dd:c1:e8:6d:04:a7:76:51:10:bd:65:6d:ed:
                    f3:03:7b:dc:9d:a6:3d:86:d0:05:88:6e:e0:54:0d:
                    32:43:fe:89:7b:03:15:e1:a2:af:40:c9:b9:e9:70:
                    81:32:97:b5:e0:a0:94:83:a0:44:07:d1:dc:56:0b:
                    73:cc:c9:14:23:f6:5c:70:68:28:18:46:51:8e:58:
                    71:2e:65:4b:d9:79:4f:93:35:62:08:53:10:c2:9a:
                    ae:8f:66:17:67:fe:0a:b3:21:81:ce:3d:3f:f9:8f:
                    cd:8e:3d:a2:18:7c:f2:13:05:8f:79:3a:dc:c9:fa:
                    3c:81:f5:2f:b8:2e:c7:ce:f8:78:76:15:06:19:77:
                    cf:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:B4:89:36:C2:AD:A7:BB:51:A5:4D:4E:26:05:6C:B5:3B:3F:94:9F
            X509v3 Authority Key Identifier:
                keyid:0D:8F:C8:DF:84:FB:F2:AB:40:41:2E:6D:4A:DF:F7:C1:B8:4A:5B:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DY_I34T78qtAQS5tSt_3wbhKWy8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ece2eb-83fa-476b-ab98-688762bb985e/1/WLSJNsKtp7tRpU1OJgVstTs_lJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/ece2eb-83fa-476b-ab98-688762bb985e/1/DY_I34T78qtAQS5tSt_3wbhKWy8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:914::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:9a:13:93:23:10:1c:c9:da:c8:f1:01:9d:89:12:b2:ab:8d:
         69:65:a8:7e:6a:25:aa:ff:40:6f:8c:a6:03:b7:84:56:2c:2f:
         1c:7b:98:61:3f:7b:09:92:80:ce:31:a4:c2:84:01:6f:c0:bb:
         5d:78:13:ea:3e:ca:35:66:49:ab:46:6e:9e:b4:c6:fd:9d:fe:
         3c:9e:97:9e:fa:2c:28:fb:f6:96:03:0d:fc:36:b9:a1:fa:05:
         1a:19:d3:4e:76:c8:34:dc:52:ab:54:00:2a:59:b4:21:2b:1f:
         27:94:e2:b5:52:a7:22:72:f8:97:e4:6d:c4:be:4b:8c:f0:a6:
         60:db:ed:a8:da:3b:11:78:ae:c1:15:bc:98:3c:17:dd:24:96:
         a5:70:df:2e:6f:3b:9d:93:24:0b:61:3c:92:7a:22:d3:92:96:
         d4:d0:b5:69:cb:5c:6b:19:d1:f7:be:a5:71:d8:b4:a0:5c:f5:
         e6:e6:08:51:c2:df:83:7f:dc:03:96:f9:bc:f9:68:08:95:5f:
         0d:09:87:8e:20:9c:10:a8:6f:86:fb:c7:9f:d9:9e:f0:86:c7:
         2c:c3:39:c5:e7:13:30:bc:15:60:94:a6:55:f6:52:b6:51:32:
         71:e1:58:0e:51:d0:ad:c2:bb:24:9a:4b:ab:21:ae:1f:b8:f9:
         9d:0e:ef:b6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntlniitQ91iVWwA+pPV/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkOGZjOGRmODRmYmYyYWI0MDQxMmU2ZDRhZGZmN2MxYjg0
YTViMmYwHhcNMjUwMTAyMTU1MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGI0ODkzNmMyYWRhN2JiNTFhNTRkNGUyNjA1NmNiNTNiM2Y5NDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFEU1gb+ZDI3VIT6CmmMavG2LuHM
DA5Sm18yTSTJ81sioxS25omr+2PBh2XEk1u4zxFCUhyGeOC5GcWMPCQoGx9pg3Si
oslFwUZC0QhaS2fywQF8uM3HBO0eAb7DqX/6BCe+lYTSSNrqT+0lS/rDx7yPq0Gd
U0EgJ93B6G0Ep3ZREL1lbe3zA3vcnaY9htAFiG7gVA0yQ/6JewMV4aKvQMm56XCB
Mpe14KCUg6BEB9HcVgtzzMkUI/ZccGgoGEZRjlhxLmVL2XlPkzViCFMQwpquj2YX
Z/4KsyGBzj0/+Y/Njj2iGHzyEwWPeTrcyfo8gfUvuC7Hzvh4dhUGGXfPUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFi0iTbCrae7UaVNTiYFbLU7P5SfMB8GA1UdIwQY
MBaAFA2PyN+E+/KrQEEubUrf98G4SlsvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFlfSTM0VDc4cXRBUVM1dFN0XzN3YmhLV3k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9lY2UyZWItODNmYS00NzZiLWFiOTgt
Njg4NzYyYmI5ODVlLzEvV0xTSk5zS3RwN3RScFUxT0pnVnN0VHNfbEo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9lY2UyZWItODNmYS00NzZiLWFiOTgtNjg4NzYyYmI5ODVl
LzEvRFlfSTM0VDc4cXRBUVM1dFN0XzN3YmhLV3k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAkU
MA0GCSqGSIb3DQEBCwUAA4IBAQCImhOTIxAcydrI8QGdiRKyq41pZah+aiWq/0Bv
jKYDt4RWLC8ce5hhP3sJkoDOMaTChAFvwLtdeBPqPso1ZkmrRm6etMb9nf48npee
+iwo+/aWAw38Nrmh+gUaGdNOdsg03FKrVAAqWbQhKx8nlOK1UqcicviX5G3EvkuM
8KZg2+2o2jsReK7BFbyYPBfdJJalcN8ubzudkyQLYTySeiLTkpbU0LVpy1xrGdH3
vqVx2LSgXPXm5ghRwt+Df9wDlvm8+WgIlV8NCYeOIJwQqG+G+8ef2Z7whscswznF
5xMwvBVglKZV9lK2UTJx4VgOUdCtwrskmkurIa4fuPmdDu+2
-----END CERTIFICATE-----