Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/wxZfOX-812YEeU4kQIZrWQeC9NA.roa
File:                     wxZfOX-812YEeU4kQIZrWQeC9NA.roa (raw, json)
Hash identifier:          UTpQ6KujJ7fw2bPMOMj2k5F3hSRKis0GTOt1ogm4YFM=
Subject key identifier:   C3:16:5F:39:7F:BC:D7:66:04:79:4E:24:40:86:6B:59:07:82:F4:D0
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       01973AC54C6D31249DBDE189CF61E1E6FE1E
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/wxZfOX-812YEeU4kQIZrWQeC9NA.roa
Signing time:             Wed 04 Jun 2025 11:48:17 +0000
ROA not before:           Wed 04 Jun 2025 11:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62251
IP address blocks:        2a0d:8341::/32 maxlen: 32
                          2a0d:8342::/32 maxlen: 32
                          2a0d:8343::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3a:c5:4c:6d:31:24:9d:bd:e1:89:cf:61:e1:e6:fe:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jun  4 11:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c3165f397fbcd76604794e2440866b590782f4d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a6:16:8e:76:53:a8:34:b9:d0:9b:a2:f9:b6:
                    a7:5e:83:49:f3:9c:e8:39:bb:73:02:ba:73:45:24:
                    0c:18:75:5a:d1:f4:40:4d:23:5d:95:0b:0d:4c:64:
                    fa:86:fb:b0:46:08:48:60:28:84:fa:57:6b:a7:55:
                    4f:e7:1a:03:70:ee:6f:a9:da:ae:18:6a:52:40:73:
                    22:14:25:2c:40:be:bb:3e:7b:64:70:63:6c:db:8b:
                    11:dd:0b:ac:60:24:07:05:ff:a2:59:88:83:05:48:
                    f5:98:11:93:51:df:3b:7b:68:cc:8a:d0:40:89:c8:
                    f1:69:3b:af:ed:d1:d1:b8:86:d8:ea:1c:5d:69:45:
                    02:dc:79:db:4f:ba:de:53:ca:6e:c8:de:8f:17:e0:
                    0e:e7:be:bd:bd:99:f9:5e:ef:14:ab:13:37:37:42:
                    35:56:02:c4:c4:cc:14:95:ce:b5:44:b6:82:44:d4:
                    44:2a:3d:54:53:38:46:a9:54:e7:7a:5d:4b:41:62:
                    f3:97:26:07:7e:9b:a4:80:12:2e:00:b0:36:ca:ac:
                    0d:e5:4f:6a:42:39:5e:08:06:77:0d:cf:8b:78:7c:
                    f6:a0:60:74:7d:ae:66:0c:05:a2:a0:b4:12:ed:cb:
                    fc:31:7e:76:82:0e:ed:c7:dd:d5:b8:a0:76:9b:56:
                    95:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:16:5F:39:7F:BC:D7:66:04:79:4E:24:40:86:6B:59:07:82:F4:D0
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/wxZfOX-812YEeU4kQIZrWQeC9NA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:8341::-2a0d:8343:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         47:18:f9:ba:8f:c6:83:98:c2:ab:25:b8:25:2c:40:57:e9:29:
         3a:b9:de:90:41:c9:8d:49:f0:2d:7f:3c:f3:d0:8d:d8:96:6c:
         78:b7:9c:a0:03:4f:ae:e6:c4:f9:db:77:e4:0b:59:2a:b7:ae:
         3f:40:eb:10:f7:d4:05:1c:49:31:1b:dc:95:26:0b:f1:97:94:
         33:1a:85:02:9b:bf:b4:ad:57:33:ad:6e:eb:3b:d1:32:e3:64:
         4e:cd:6c:77:43:1f:de:e7:1d:32:c2:28:8d:25:9e:ac:51:b3:
         2e:0c:ac:f9:bb:ad:8c:89:9b:86:0f:d3:9c:dd:8c:62:73:a2:
         3f:53:81:15:32:b0:ae:da:4a:e0:b9:55:2f:8b:cb:d4:8e:46:
         29:34:6c:1b:71:d2:8e:9a:d5:d7:42:bf:a3:f4:d3:71:76:98:
         2b:87:ae:f3:d7:4e:4f:0a:3a:d3:5c:d3:27:40:8b:f2:3e:5a:
         1a:85:1a:a1:a5:ea:19:ab:54:16:0e:c9:27:7e:23:0d:4b:3d:
         6c:cd:ed:9c:53:38:2c:92:ca:f1:be:60:10:22:c8:6c:9f:1e:
         ed:2f:cb:59:b9:06:88:40:19:54:8a:38:c2:dd:67:32:8e:6c:
         de:fd:1e:cd:ef:31:b8:12:40:bf:03:a1:7c:b2:79:cb:01:18:
         85:9c:1f:52
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZc6xUxtMSSdveGJz2Hh5v4eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwNjA0MTE0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzE2NWYzOTdmYmNkNzY2MDQ3OTRlMjQ0MDg2NmI1OTA3ODJmNGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6YWjnZTqDS50Jui+banXoNJ85zo
ObtzArpzRSQMGHVa0fRATSNdlQsNTGT6hvuwRghIYCiE+ldrp1VP5xoDcO5vqdqu
GGpSQHMiFCUsQL67PntkcGNs24sR3QusYCQHBf+iWYiDBUj1mBGTUd87e2jMitBA
icjxaTuv7dHRuIbY6hxdaUUC3HnbT7reU8puyN6PF+AO5769vZn5Xu8UqxM3N0I1
VgLExMwUlc61RLaCRNREKj1UUzhGqVTnel1LQWLzlyYHfpukgBIuALA2yqwN5U9q
QjleCAZ3Dc+LeHz2oGB0fa5mDAWioLQS7cv8MX52gg7tx93VuKB2m1aV8QIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFMMWXzl/vNdmBHlOJECGa1kHgvTQMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvd3haZk9YLTgxMllFZVU0a1FJWnJXUWVDOU5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQMA4DBQAqDYNB
AwUCKg2DQDANBgkqhkiG9w0BAQsFAAOCAQEARxj5uo/Gg5jCqyW4JSxAV+kpOrne
kEHJjUnwLX8889CN2JZseLecoANPrubE+dt35AtZKreuP0DrEPfUBRxJMRvclSYL
8ZeUMxqFApu/tK1XM61u6zvRMuNkTs1sd0Mf3ucdMsIojSWerFGzLgys+butjImb
hg/TnN2MYnOiP1OBFTKwrtpK4LlVL4vL1I5GKTRsG3HSjprV10K/o/TTcXaYK4eu
89dOTwo601zTJ0CL8j5aGoUaoaXqGatUFg7JJ34jDUs9bM3tnFM4LJLK8b5gECLI
bJ8e7S/LWbkGiEAZVIo4wt1nMo5s3v0eze8xuBJAvwOhfLJ5ywEYhZwfUg==
-----END CERTIFICATE-----