Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/WZzVmK_vnHnl-o4XvYrhg0Wmx_M.roa
File:                     WZzVmK_vnHnl-o4XvYrhg0Wmx_M.roa (raw, json)
Hash identifier:          5p97U/2CgZmUMwU08DUSF9RsUCJV+Z+Yp2zRU+UcXGQ=
Subject key identifier:   59:9C:D5:98:AF:EF:9C:79:E5:FA:8E:17:BD:8A:E1:83:45:A6:C7:F3
Certificate issuer:       /CN=e5bf3a72cad6f4b3dc305b4cbe31087051d983f6
Certificate serial:       018CCA287DDA506A96989F0F694CF8F8FD7C
Authority key identifier: E5:BF:3A:72:CA:D6:F4:B3:DC:30:5B:4C:BE:31:08:70:51:D9:83:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5b86csrW9LPcMFtMvjEIcFHZg_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/WZzVmK_vnHnl-o4XvYrhg0Wmx_M.roa
Signing time:             Tue 02 Jan 2024 12:31:40 +0000
ROA not before:           Tue 02 Jan 2024 12:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41281
IP address blocks:        2a0e:1c80:9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/5b86csrW9LPcMFtMvjEIcFHZg_Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/5b86csrW9LPcMFtMvjEIcFHZg_Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5b86csrW9LPcMFtMvjEIcFHZg_Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:7d:da:50:6a:96:98:9f:0f:69:4c:f8:f8:fd:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5bf3a72cad6f4b3dc305b4cbe31087051d983f6
        Validity
            Not Before: Jan  2 12:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=599cd598afef9c79e5fa8e17bd8ae18345a6c7f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:83:b9:7a:42:49:12:7f:dd:b2:72:d4:47:b8:
                    cd:11:5c:de:3a:02:9b:ab:c6:4e:24:1a:c8:58:da:
                    51:93:da:b1:2d:73:92:25:9a:da:71:0c:ba:74:80:
                    4c:67:de:71:ae:d3:14:a7:55:df:7f:7b:e7:48:ff:
                    61:68:79:f7:c7:9d:86:cc:04:fb:db:e1:0d:38:62:
                    cf:3f:ea:67:c7:ca:f9:11:1a:b6:b5:fa:60:0b:24:
                    4f:b2:fb:50:8e:08:92:7c:c6:b5:07:0d:90:8b:3e:
                    c4:a2:7a:00:1f:5b:d7:3e:78:d5:91:c3:39:6e:d1:
                    11:4f:06:52:e4:9f:ad:aa:24:30:79:49:9a:26:79:
                    b7:06:e4:ab:d6:15:bb:a3:4c:cc:fc:66:14:fe:84:
                    0b:51:09:46:cc:f7:87:a0:3f:f3:72:9e:60:e5:31:
                    04:aa:2a:31:cc:d0:83:bf:a8:b2:f9:b0:61:0a:24:
                    b9:e2:07:2d:48:64:5e:55:b3:a0:8e:10:28:b4:76:
                    56:41:fa:0e:f0:0f:9b:5b:96:3b:fd:0f:f2:3d:22:
                    84:c2:b2:a9:08:82:f3:f4:41:d9:c3:cf:30:b1:2a:
                    da:7a:1f:00:17:cf:20:cf:53:81:72:3d:15:90:85:
                    ea:34:44:f8:ab:9e:33:5d:e9:cb:76:df:6c:4a:7f:
                    59:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:9C:D5:98:AF:EF:9C:79:E5:FA:8E:17:BD:8A:E1:83:45:A6:C7:F3
            X509v3 Authority Key Identifier:
                keyid:E5:BF:3A:72:CA:D6:F4:B3:DC:30:5B:4C:BE:31:08:70:51:D9:83:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b86csrW9LPcMFtMvjEIcFHZg_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/WZzVmK_vnHnl-o4XvYrhg0Wmx_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/2313b8-de02-4228-900a-09be9db11f66/1/5b86csrW9LPcMFtMvjEIcFHZg_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:1c80:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:69:92:61:dc:56:29:40:22:12:e7:05:ab:72:37:26:c8:6c:
         8c:db:25:dc:79:c2:ed:e6:c1:6d:1b:5b:64:e6:36:bc:34:7f:
         2f:14:f1:99:58:1c:19:e6:7d:c3:87:e0:f5:1c:51:e0:32:e8:
         1f:88:83:e9:51:4d:5d:00:97:3e:93:c7:bb:65:ad:5c:f0:bd:
         38:1e:7c:04:d6:48:6f:31:25:55:86:c5:7b:92:35:37:3a:cc:
         66:c7:d9:3b:92:5d:96:f3:d8:a8:91:f2:3b:0d:96:a2:2a:e3:
         59:1d:48:69:1a:95:23:0e:b3:7d:21:98:6b:03:96:4f:67:a6:
         16:cf:bd:57:b4:34:f9:92:a8:28:8f:43:ee:ee:81:06:c6:54:
         8f:94:2f:f7:d7:37:d7:41:e5:bc:9f:2e:05:fc:f3:5a:c1:c4:
         bf:6c:7b:5c:50:2f:81:60:28:6b:36:ad:57:fa:85:00:28:6d:
         44:48:25:a0:7e:f9:71:4b:9c:a4:ae:49:b1:b8:cd:5e:3f:07:
         ef:db:bc:08:f3:1a:65:b4:8e:4c:83:c6:eb:1a:50:86:f4:dd:
         1f:9c:c9:16:cc:e1:a0:17:31:9e:9d:f7:ec:3f:e2:6e:ac:00:
         cc:18:0d:0b:9c:a1:fc:0c:39:86:80:ca:d7:dc:4d:9e:6a:0a:
         1d:d1:b8:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKH3aUGqWmJ8PaUz4+P18MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YmYzYTcyY2FkNmY0YjNkYzMwNWI0Y2JlMzEwODcwNTFk
OTgzZjYwHhcNMjQwMTAyMTIzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTljZDU5OGFmZWY5Yzc5ZTVmYThlMTdiZDhhZTE4MzQ1YTZjN2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk4O5ekJJEn/dsnLUR7jNEVzeOgKb
q8ZOJBrIWNpRk9qxLXOSJZracQy6dIBMZ95xrtMUp1Xff3vnSP9haHn3x52GzAT7
2+ENOGLPP+pnx8r5ERq2tfpgCyRPsvtQjgiSfMa1Bw2Qiz7EonoAH1vXPnjVkcM5
btERTwZS5J+tqiQweUmaJnm3BuSr1hW7o0zM/GYU/oQLUQlGzPeHoD/zcp5g5TEE
qioxzNCDv6iy+bBhCiS54gctSGReVbOgjhAotHZWQfoO8A+bW5Y7/Q/yPSKEwrKp
CILz9EHZw88wsSraeh8AF88gz1OBcj0VkIXqNET4q54zXenLdt9sSn9ZbQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFmc1Ziv75x55fqOF72K4YNFpsfzMB8GA1UdIwQY
MBaAFOW/OnLK1vSz3DBbTL4xCHBR2YP2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWI4NmNzclc5TFBjTUZ0TXZqRUljRkhaZ19ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8yMzEzYjgtZGUwMi00MjI4LTkwMGEt
MDliZTlkYjExZjY2LzEvV1p6Vm1LX3ZuSG5sLW80WHZZcmhnMFdteF9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8yMzEzYjgtZGUwMi00MjI4LTkwMGEtMDliZTlkYjExZjY2
LzEvNWI4NmNzclc5TFBjTUZ0TXZqRUljRkhaZ19ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg4cgAAJ
MA0GCSqGSIb3DQEBCwUAA4IBAQBwaZJh3FYpQCIS5wWrcjcmyGyM2yXcecLt5sFt
G1tk5ja8NH8vFPGZWBwZ5n3Dh+D1HFHgMugfiIPpUU1dAJc+k8e7Za1c8L04HnwE
1khvMSVVhsV7kjU3Osxmx9k7kl2W89iokfI7DZaiKuNZHUhpGpUjDrN9IZhrA5ZP
Z6YWz71XtDT5kqgoj0Pu7oEGxlSPlC/31zfXQeW8ny4F/PNawcS/bHtcUC+BYChr
Nq1X+oUAKG1ESCWgfvlxS5ykrkmxuM1ePwfv27wI8xpltI5Mg8brGlCG9N0fnMkW
zOGgFzGenffsP+JurADMGA0LnKH8DDmGgMrX3E2eagod0bjt
-----END CERTIFICATE-----