Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/wcOPaMKgISoMM6-EgvTaeKeoF-E.roa
File:                     wcOPaMKgISoMM6-EgvTaeKeoF-E.roa (raw, json)
Hash identifier:          5wFOVb8mWFnQWaMGSR5EN1FJygp04W6mr7X0KnySqE0=
Subject key identifier:   C1:C3:8F:68:C2:A0:21:2A:0C:33:AF:84:82:F4:DA:78:A7:A8:17:E1
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0192CDE8C519A7C4B302D4F68946EB3034B9
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/wcOPaMKgISoMM6-EgvTaeKeoF-E.roa
Signing time:             Sun 27 Oct 2024 12:17:16 +0000
ROA not before:           Sun 27 Oct 2024 12:17:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214481
IP address blocks:        2a0e:15c4::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:cd:e8:c5:19:a7:c4:b3:02:d4:f6:89:46:eb:30:34:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Oct 27 12:17:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1c38f68c2a0212a0c33af8482f4da78a7a817e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:01:ab:fa:4c:ac:dc:3e:49:68:f8:9e:50:92:
                    dd:aa:1b:9b:d2:68:b1:a8:80:98:63:96:46:64:f2:
                    6b:5b:8f:60:a3:8f:fd:33:40:68:61:dd:80:97:d3:
                    02:16:6a:48:59:69:da:f8:6d:4a:4d:02:71:c0:cc:
                    0e:76:37:e0:e6:ab:f5:f2:ed:0f:46:63:6a:43:97:
                    3c:e1:28:f9:f4:ae:6c:65:17:e7:1e:6f:72:66:e6:
                    2d:6d:20:bf:6b:28:59:a5:b9:3e:a0:79:ec:a2:0f:
                    22:c7:83:0d:50:57:20:64:66:48:1b:f0:db:03:5a:
                    b6:fe:9e:c3:d5:5b:b5:f6:b6:ef:43:22:5f:9e:d1:
                    45:e2:a1:55:18:63:8a:e2:76:db:17:f8:8e:b2:8b:
                    0d:ec:aa:9f:02:c2:8f:db:84:12:76:00:82:7e:30:
                    5c:fb:b9:e7:b1:06:2d:c8:16:a0:18:c8:b0:5c:88:
                    39:f0:67:10:52:2b:76:b5:a0:be:63:0a:38:93:e6:
                    ce:60:62:68:c9:3a:1d:a4:4b:c5:a6:c1:76:51:1f:
                    26:f9:b9:f2:8d:5e:1b:23:1c:a0:02:fd:46:42:4f:
                    0c:a4:06:c7:22:2b:45:5f:ff:f1:22:89:51:52:e4:
                    83:dd:e9:ec:48:4f:c9:b5:62:5b:00:41:10:eb:93:
                    10:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:C3:8F:68:C2:A0:21:2A:0C:33:AF:84:82:F4:DA:78:A7:A8:17:E1
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/wcOPaMKgISoMM6-EgvTaeKeoF-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:15c4::/32

    Signature Algorithm: sha256WithRSAEncryption
         b7:b4:0d:0c:3c:e4:e2:52:fb:21:24:a8:8a:fd:5d:cb:04:3a:
         ab:13:b3:4e:2b:52:12:89:00:ec:59:23:ff:dd:b0:6f:06:fa:
         10:48:00:cd:70:a5:5a:33:ae:89:33:e0:26:fc:e3:d9:62:6b:
         9d:8a:e3:6d:d8:ab:53:db:31:c4:c6:01:59:04:9e:9f:dc:04:
         d3:25:9b:9a:08:e0:f1:f7:f0:fb:d1:79:92:95:ed:70:80:5c:
         83:fd:a2:76:18:23:21:65:1e:83:f8:b6:1e:37:71:0b:cc:24:
         4c:6e:5b:ff:c4:64:81:05:e0:59:9b:de:5c:84:33:f2:fb:b7:
         b3:e4:fe:d8:9e:05:ed:17:93:4f:56:c4:80:14:c8:31:a5:05:
         1a:94:d1:a4:bf:f4:9b:26:1c:e5:f4:72:86:12:fb:ef:c8:48:
         be:2d:54:9c:d7:dd:63:f4:b0:54:ed:fd:c2:88:73:07:e1:29:
         18:46:1b:c1:8d:98:3f:7d:c7:15:3d:f8:d2:d8:63:52:3e:45:
         60:df:57:87:51:d2:55:d2:cf:35:32:7d:97:81:c9:26:e2:aa:
         16:66:0e:69:1b:b0:7f:30:a1:bc:a8:cc:7d:1c:33:69:30:11:
         d8:25:3f:28:b7:ce:0f:d9:49:77:bd:4b:4b:5a:5e:03:74:3d:
         4d:f4:68:8c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZLN6MUZp8SzAtT2iUbrMDS5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQxMDI3MTIxNzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWMzOGY2OGMyYTAyMTJhMGMzM2FmODQ4MmY0ZGE3OGE3YTgxN2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAGr+kys3D5JaPieUJLdqhub0mix
qICYY5ZGZPJrW49go4/9M0BoYd2Al9MCFmpIWWna+G1KTQJxwMwOdjfg5qv18u0P
RmNqQ5c84Sj59K5sZRfnHm9yZuYtbSC/ayhZpbk+oHnsog8ix4MNUFcgZGZIG/Db
A1q2/p7D1Vu19rbvQyJfntFF4qFVGGOK4nbbF/iOsosN7KqfAsKP24QSdgCCfjBc
+7nnsQYtyBagGMiwXIg58GcQUit2taC+Ywo4k+bOYGJoyTodpEvFpsF2UR8m+bny
jV4bIxygAv1GQk8MpAbHIitFX//xIolRUuSD3ensSE/JtWJbAEEQ65MQJQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMHDj2jCoCEqDDOvhIL02ninqBfhMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvd2NPUGFNS2dJU29NTTYtRWd2VGFlS2VvRi1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg4VxDAN
BgkqhkiG9w0BAQsFAAOCAQEAt7QNDDzk4lL7ISSoiv1dywQ6qxOzTitSEokA7Fkj
/92wbwb6EEgAzXClWjOuiTPgJvzj2WJrnYrjbdirU9sxxMYBWQSen9wE0yWbmgjg
8ffw+9F5kpXtcIBcg/2idhgjIWUeg/i2HjdxC8wkTG5b/8RkgQXgWZveXIQz8vu3
s+T+2J4F7ReTT1bEgBTIMaUFGpTRpL/0myYc5fRyhhL778hIvi1UnNfdY/SwVO39
wohzB+EpGEYbwY2YP33HFT340thjUj5FYN9Xh1HSVdLPNTJ9l4HJJuKqFmYOaRuw
fzChvKjMfRwzaTAR2CU/KLfOD9lJd71LS1peA3Q9TfRojA==
-----END CERTIFICATE-----