Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/twmga9_E_KzkAm9sOwBfykbdGZk.roa
File:                     twmga9_E_KzkAm9sOwBfykbdGZk.roa (raw, json)
Hash identifier:          BS47sv4rbsHbtLhVm7asDcUh2pqMrmQZsTAWkFmOWjE=
Subject key identifier:   B7:09:A0:6B:DF:C4:FC:AC:E4:02:6F:6C:3B:00:5F:CA:46:DD:19:99
Certificate issuer:       /CN=c1eb076d16702c7dbea972e2972ef576a1f2c873
Certificate serial:       019425FC1F4C66D69D7F5A5A7B6E44E17C1A
Authority key identifier: C1:EB:07:6D:16:70:2C:7D:BE:A9:72:E2:97:2E:F5:76:A1:F2:C8:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wesHbRZwLH2-qXLily71dqHyyHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/twmga9_E_KzkAm9sOwBfykbdGZk.roa
Signing time:             Thu 02 Jan 2025 07:47:47 +0000
ROA not before:           Thu 02 Jan 2025 07:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16140
IP address blocks:        2a03:d280:1f00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/wesHbRZwLH2-qXLily71dqHyyHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/wesHbRZwLH2-qXLily71dqHyyHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wesHbRZwLH2-qXLily71dqHyyHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:1f:4c:66:d6:9d:7f:5a:5a:7b:6e:44:e1:7c:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1eb076d16702c7dbea972e2972ef576a1f2c873
        Validity
            Not Before: Jan  2 07:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b709a06bdfc4fcace4026f6c3b005fca46dd1999
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:1c:72:64:6d:1d:91:0d:08:d2:8d:e9:5d:98:
                    94:c2:5d:41:62:c1:41:60:d0:06:11:79:5f:15:ff:
                    41:0e:80:4c:72:67:10:bd:de:eb:07:8f:d1:b6:d5:
                    db:df:a5:a4:4e:25:9c:6f:09:83:ac:e4:a3:14:ae:
                    49:32:08:55:21:05:e9:a4:90:59:0f:22:09:7c:62:
                    25:d2:86:44:db:fc:01:9d:58:d1:f0:67:51:f6:cb:
                    9c:e3:9b:23:af:ba:d1:7d:67:bb:bd:1e:64:29:cb:
                    95:4c:7a:d7:22:9e:fe:83:5e:94:ee:82:39:77:fa:
                    b1:b5:a2:c0:80:19:58:da:94:5c:45:e4:23:f8:46:
                    5e:35:5e:9d:f8:5d:dd:3c:1e:5b:33:b0:c7:96:36:
                    e8:4c:4c:05:76:63:b3:4c:56:0a:51:35:9e:d8:5f:
                    ab:9d:42:49:a5:49:17:2e:fc:61:c6:2c:2d:e0:24:
                    30:88:ce:62:68:7b:52:7c:a9:5e:c7:23:ff:b5:73:
                    70:ae:d6:f9:88:63:13:2c:33:42:14:b1:d0:d4:5c:
                    69:d4:b5:16:f4:6b:dd:f7:fd:06:3f:75:00:f4:f5:
                    fe:e8:a8:0c:94:50:dc:fe:36:e8:9c:ff:fc:92:ef:
                    ec:47:63:32:9a:f6:11:0c:da:80:03:b3:67:da:a0:
                    88:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:09:A0:6B:DF:C4:FC:AC:E4:02:6F:6C:3B:00:5F:CA:46:DD:19:99
            X509v3 Authority Key Identifier:
                keyid:C1:EB:07:6D:16:70:2C:7D:BE:A9:72:E2:97:2E:F5:76:A1:F2:C8:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wesHbRZwLH2-qXLily71dqHyyHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/twmga9_E_KzkAm9sOwBfykbdGZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/wesHbRZwLH2-qXLily71dqHyyHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:d280:1f00::/40

    Signature Algorithm: sha256WithRSAEncryption
         56:6c:7c:a8:5a:22:5a:b2:17:e9:e7:eb:1f:97:02:a9:d9:53:
         56:ab:70:15:68:da:a6:3e:89:b3:97:66:6f:d7:63:51:d8:24:
         f4:55:11:42:d6:db:10:33:5a:c3:95:df:69:90:7f:b9:05:fa:
         1a:ec:6a:6b:cd:54:eb:9b:f5:a8:4f:bf:7e:99:fe:21:77:79:
         4b:96:61:ec:f6:79:8c:5a:6f:95:ec:4a:b5:59:ae:64:80:f9:
         91:da:f9:32:0c:24:a0:a8:fa:95:62:86:7f:74:cc:f5:c7:87:
         e2:b7:e1:dc:86:8b:67:5c:93:06:9d:cd:58:37:44:90:df:be:
         e9:9c:74:fd:4e:13:09:21:77:31:7b:95:12:ea:3e:f2:5f:6f:
         ad:26:1b:a7:c6:da:a6:b2:c7:74:77:ff:37:4d:b9:ac:ba:58:
         55:51:45:fa:2f:79:c0:61:d1:6f:a1:6e:9f:da:88:ec:21:f9:
         a8:bb:ba:6d:45:31:d4:34:0e:17:0b:52:02:93:3f:b2:e3:bc:
         9d:45:a1:33:29:3f:6e:6f:f7:77:04:93:f6:f0:df:35:88:94:
         7e:13:75:15:3f:4b:f6:9e:f4:4b:d4:67:2e:8a:14:81:03:87:
         fa:40:04:e4:2c:19:19:e9:72:a8:76:06:26:ff:e5:33:63:9e:
         30:e3:e9:7d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQl/B9MZtadf1pae25E4XwaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZWIwNzZkMTY3MDJjN2RiZWE5NzJlMjk3MmVmNTc2YTFm
MmM4NzMwHhcNMjUwMTAyMDc0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzA5YTA2YmRmYzRmY2FjZTQwMjZmNmMzYjAwNWZjYTQ2ZGQxOTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxxyZG0dkQ0I0o3pXZiUwl1BYsFB
YNAGEXlfFf9BDoBMcmcQvd7rB4/RttXb36WkTiWcbwmDrOSjFK5JMghVIQXppJBZ
DyIJfGIl0oZE2/wBnVjR8GdR9suc45sjr7rRfWe7vR5kKcuVTHrXIp7+g16U7oI5
d/qxtaLAgBlY2pRcReQj+EZeNV6d+F3dPB5bM7DHljboTEwFdmOzTFYKUTWe2F+r
nUJJpUkXLvxhxiwt4CQwiM5iaHtSfKlexyP/tXNwrtb5iGMTLDNCFLHQ1Fxp1LUW
9Gvd9/0GP3UA9PX+6KgMlFDc/jbonP/8ku/sR2MymvYRDNqAA7Nn2qCIQQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLcJoGvfxPys5AJvbDsAX8pG3RmZMB8GA1UdIwQY
MBaAFMHrB20WcCx9vqly4pcu9Xah8shzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2VzSGJSWndMSDItcVhMaWx5NzFkcUh5eUhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9hNDNjNmUtMzQ5Yy00OTE0LThkYTMt
NmMzMmE2YWIxZWYyLzEvdHdtZ2E5X0VfS3prQW05c093QmZ5a2JkR1prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9hNDNjNmUtMzQ5Yy00OTE0LThkYTMtNmMzMmE2YWIxZWYy
LzEvd2VzSGJSWndMSDItcVhMaWx5NzFkcUh5eUhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgPSgB8w
DQYJKoZIhvcNAQELBQADggEBAFZsfKhaIlqyF+nn6x+XAqnZU1arcBVo2qY+ibOX
Zm/XY1HYJPRVEULW2xAzWsOV32mQf7kF+hrsamvNVOub9ahPv36Z/iF3eUuWYez2
eYxab5XsSrVZrmSA+ZHa+TIMJKCo+pVihn90zPXHh+K34dyGi2dckwadzVg3RJDf
vumcdP1OEwkhdzF7lRLqPvJfb60mG6fG2qayx3R3/zdNuay6WFVRRfovecBh0W+h
bp/aiOwh+ai7um1FMdQ0DhcLUgKTP7LjvJ1FoTMpP25v93cEk/bw3zWIlH4TdRU/
S/ae9EvUZy6KFIEDh/pABOQsGRnpcqh2Bib/5TNjnjDj6X0=
-----END CERTIFICATE-----