Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/lw03x0VV4w9TErZ3ApShPtM9qMk.roa
File:                     lw03x0VV4w9TErZ3ApShPtM9qMk.roa (raw, json)
Hash identifier:          zwHgR2c7YnxtJcTULBvoEILwLVnI4Wcw/ebep+e+31E=
Subject key identifier:   97:0D:37:C7:45:55:E3:0F:53:12:B6:77:02:94:A1:3E:D3:3D:A8:C9
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019349EF27A5E58FB41563E3FB6336D038E0
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/lw03x0VV4w9TErZ3ApShPtM9qMk.roa
Signing time:             Wed 20 Nov 2024 14:17:10 +0000
ROA not before:           Wed 20 Nov 2024 14:17:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0a:2d02::/32 maxlen: 48
                          2a0f:1586::/32 maxlen: 32
                          2a0f:3d80:123::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 17:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:49:ef:27:a5:e5:8f:b4:15:63:e3:fb:63:36:d0:38:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Nov 20 14:17:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=970d37c74555e30f5312b6770294a13ed33da8c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:81:6a:99:8b:2e:9e:a9:62:07:0d:0c:5b:55:
                    a4:f5:6a:ac:5c:bc:62:df:48:28:1c:49:6a:04:0e:
                    f5:cb:bf:da:8e:7b:c7:ea:d5:1d:03:cb:b1:e3:42:
                    eb:c0:b0:21:f6:6e:a8:87:5b:df:a6:6a:ef:8c:50:
                    88:8e:bb:4e:f8:d1:14:ec:e7:d4:44:3d:f5:54:9f:
                    49:7b:d6:70:24:e1:3e:2e:5a:57:3d:96:15:85:cc:
                    29:6c:c7:00:88:3f:1e:7a:dc:07:d3:5a:03:78:57:
                    4d:39:1c:7e:42:bb:ed:b8:a4:1a:6b:8a:2e:04:cc:
                    0b:87:d7:cb:1b:88:23:a0:ff:61:0e:50:ac:0f:a0:
                    73:6e:bd:05:fd:64:ef:cb:4a:f9:36:b5:9a:8b:ca:
                    44:6d:1b:ac:e5:39:83:ae:e6:e6:f5:60:7f:d4:95:
                    ad:de:6b:6a:68:f3:4b:1f:53:3f:2f:e4:7d:30:91:
                    bc:8d:62:96:a2:b3:6d:dd:fe:b1:ee:f5:c2:2b:c5:
                    ae:4e:a0:9e:4f:7d:63:e6:fc:72:5f:98:2c:e8:bf:
                    b9:c1:98:f0:36:3a:6d:68:06:47:e2:f3:33:a2:56:
                    15:e8:33:c8:da:9d:c4:fc:80:8f:af:6c:f7:9d:18:
                    28:e4:fc:82:66:ad:ba:03:01:86:e8:68:76:02:78:
                    ef:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:0D:37:C7:45:55:E3:0F:53:12:B6:77:02:94:A1:3E:D3:3D:A8:C9
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/lw03x0VV4w9TErZ3ApShPtM9qMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2d02::/32
                  2a0f:1586::/32
                  2a0f:3d80:123::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:68:b9:67:76:ba:d3:d8:02:9d:bd:d9:34:1c:98:34:6a:82:
         55:66:ef:d1:40:77:cc:7f:47:f7:8e:28:ce:52:1e:04:b9:96:
         4d:d5:96:a5:e1:f1:02:92:ce:82:59:c4:ac:c7:4e:3f:d7:c3:
         43:fe:40:cd:19:25:39:8a:aa:94:07:34:5d:b3:41:6d:2f:c7:
         4c:43:41:3b:4d:e9:00:7a:da:9d:f6:26:e8:59:53:0d:0b:68:
         9a:90:88:c4:63:0e:32:d3:c2:89:f6:ff:c8:0d:b3:5c:8b:c0:
         bc:c7:4f:83:c0:52:5d:d0:e5:c2:ec:16:3f:0e:bd:15:53:f9:
         80:5b:70:5e:5b:c5:c3:ec:71:cb:39:fb:b8:f3:c0:83:d0:c8:
         06:4d:78:5b:ea:33:1c:a6:fc:1b:28:cb:fc:26:92:a6:6f:90:
         47:ce:40:bf:86:28:4d:91:76:2d:45:7c:3d:7c:e4:2a:97:83:
         a6:04:62:b0:b3:02:d5:3f:14:4c:bd:64:aa:cc:d9:0b:3d:9f:
         0c:42:b9:7d:52:1a:11:f6:11:46:c3:9c:cd:1e:e6:5d:f4:75:
         56:47:7f:32:97:89:bb:2f:41:3b:65:2a:e1:8a:39:8a:16:9b:
         f5:00:ea:02:63:ba:ee:34:d9:2a:ff:0f:99:46:93:96:58:28:
         bd:b0:e3:f8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZNJ7yel5Y+0FWPj+2M20DjgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQxMTIwMTQxNzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzBkMzdjNzQ1NTVlMzBmNTMxMmI2NzcwMjk0YTEzZWQzM2RhOGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4FqmYsunqliBw0MW1Wk9WqsXLxi
30goHElqBA71y7/ajnvH6tUdA8ux40LrwLAh9m6oh1vfpmrvjFCIjrtO+NEU7OfU
RD31VJ9Je9ZwJOE+LlpXPZYVhcwpbMcAiD8eetwH01oDeFdNORx+QrvtuKQaa4ou
BMwLh9fLG4gjoP9hDlCsD6Bzbr0F/WTvy0r5NrWai8pEbRus5TmDrubm9WB/1JWt
3mtqaPNLH1M/L+R9MJG8jWKWorNt3f6x7vXCK8WuTqCeT31j5vxyX5gs6L+5wZjw
NjptaAZH4vMzolYV6DPI2p3E/ICPr2z3nRgo5PyCZq26AwGG6Gh2Anjv6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJcNN8dFVeMPUxK2dwKUoT7TPajJMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvbHcwM3gwVlY0dzlURXJaM0FwU2hQdE05cU1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAAjAXAwUAKgotAgMF
ACoPFYYDBwAqDz2AASMwDQYJKoZIhvcNAQELBQADggEBAIZouWd2utPYAp292TQc
mDRqglVm79FAd8x/R/eOKM5SHgS5lk3VlqXh8QKSzoJZxKzHTj/Xw0P+QM0ZJTmK
qpQHNF2zQW0vx0xDQTtN6QB62p32JuhZUw0LaJqQiMRjDjLTwon2/8gNs1yLwLzH
T4PAUl3Q5cLsFj8OvRVT+YBbcF5bxcPsccs5+7jzwIPQyAZNeFvqMxym/Bsoy/wm
kqZvkEfOQL+GKE2Rdi1FfD185CqXg6YEYrCzAtU/FEy9ZKrM2Qs9nwxCuX1SGhH2
EUbDnM0e5l30dVZHfzKXibsvQTtlKuGKOYoWm/UA6gJjuu402Sr/D5lGk5ZYKL2w
4/g=
-----END CERTIFICATE-----