Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/Wjq_4qXKFYAsS4mylcmPnSrL1r8.roa
File:                     Wjq_4qXKFYAsS4mylcmPnSrL1r8.roa (raw, json)
Hash identifier:          MNdU4J5fI/RQ2VtFXgCXw2IgLZapIkhAKksl6Pauonc=
Subject key identifier:   5A:3A:BF:E2:A5:CA:15:80:2C:4B:89:B2:95:C9:8F:9D:2A:CB:D6:BF
Certificate issuer:       /CN=f0e729a54cc76b889c832e0d1395894af7c0e5fe
Certificate serial:       018CC9BC2F0E6151EA85600EC00B6FCBFEB9
Authority key identifier: F0:E7:29:A5:4C:C7:6B:88:9C:83:2E:0D:13:95:89:4A:F7:C0:E5:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8OcppUzHa4icgy4NE5WJSvfA5f4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/Wjq_4qXKFYAsS4mylcmPnSrL1r8.roa
Signing time:             Tue 02 Jan 2024 10:33:22 +0000
ROA not before:           Tue 02 Jan 2024 10:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        2a12:5343:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/8OcppUzHa4icgy4NE5WJSvfA5f4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/8OcppUzHa4icgy4NE5WJSvfA5f4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8OcppUzHa4icgy4NE5WJSvfA5f4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 23:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:2f:0e:61:51:ea:85:60:0e:c0:0b:6f:cb:fe:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0e729a54cc76b889c832e0d1395894af7c0e5fe
        Validity
            Not Before: Jan  2 10:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5a3abfe2a5ca15802c4b89b295c98f9d2acbd6bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:80:de:14:21:47:da:07:83:c4:59:4e:a4:81:
                    f8:e3:dd:70:16:b9:bb:28:d6:81:f6:7c:ec:90:b6:
                    35:f6:70:c7:cf:01:7b:d5:36:42:98:0a:8c:a1:8d:
                    a0:a5:6f:11:3b:ef:81:d9:c8:57:d4:e8:8a:6b:89:
                    2a:86:56:e3:c4:35:f3:88:4a:71:ea:b5:7f:bc:55:
                    a7:cd:d6:06:7d:10:fa:59:e8:e1:7d:cf:d2:ea:a5:
                    7c:0f:43:a9:c5:b8:5c:b4:b1:55:c1:6c:65:38:7b:
                    f5:a1:cc:f5:05:6f:9e:21:90:e7:cc:51:dc:81:e5:
                    3f:9d:f3:a8:91:6e:c1:83:82:5d:69:f1:27:0e:4e:
                    38:3a:a4:8c:dd:c0:d3:a7:a2:d2:48:53:27:a9:82:
                    04:15:9e:51:08:a4:80:0e:8f:66:a9:ac:69:9b:50:
                    93:8b:78:8d:9d:08:b8:bc:4e:12:39:aa:d3:d2:43:
                    22:65:a3:67:ce:b6:74:45:15:c3:ad:7d:1e:94:86:
                    72:e1:2a:d0:77:23:55:20:53:2f:89:4a:26:aa:d4:
                    28:2e:67:f4:fa:d9:9d:f0:eb:5c:16:d0:c9:e5:07:
                    89:09:23:7e:bf:f7:7a:9b:0f:0a:cf:7d:98:d2:aa:
                    59:43:fc:e7:1e:9f:05:5b:1e:b3:c5:2d:0d:75:c7:
                    db:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:3A:BF:E2:A5:CA:15:80:2C:4B:89:B2:95:C9:8F:9D:2A:CB:D6:BF
            X509v3 Authority Key Identifier:
                keyid:F0:E7:29:A5:4C:C7:6B:88:9C:83:2E:0D:13:95:89:4A:F7:C0:E5:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8OcppUzHa4icgy4NE5WJSvfA5f4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/Wjq_4qXKFYAsS4mylcmPnSrL1r8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/360de7-6fdc-4067-8f4d-676b52096cf8/1/8OcppUzHa4icgy4NE5WJSvfA5f4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:5343:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:99:2d:9b:88:f7:1b:8c:9c:49:00:3a:80:da:6a:3e:8a:dc:
         15:15:41:91:e6:9c:a9:ee:4e:62:b9:93:b2:15:2b:d6:79:60:
         1b:40:25:a1:58:84:01:b1:ca:a5:6d:ca:e9:24:7d:52:38:01:
         52:28:20:9a:9d:b9:89:54:94:09:88:09:13:b5:5f:ad:09:d8:
         aa:e8:eb:85:78:2f:38:f8:09:07:67:51:c9:ed:0d:28:32:f9:
         a7:c6:ba:0e:d5:e4:50:81:55:31:44:8b:0a:25:29:95:db:27:
         41:87:0a:50:8b:05:f9:50:27:7a:68:f1:b3:05:70:52:d2:a2:
         cc:0c:16:96:c1:38:b4:81:64:1a:11:d6:6f:7b:d6:da:19:28:
         d1:e7:d7:8f:e6:aa:9f:e0:1a:87:94:93:bf:8a:f2:9d:f9:fb:
         f0:e3:a4:65:e3:d9:20:32:b5:36:6a:b7:ac:25:01:1a:08:be:
         a6:d1:c0:86:f3:9b:1d:f6:18:5d:97:f0:89:c9:3f:77:f0:81:
         67:ae:3a:44:24:af:6b:ca:af:60:7c:a3:80:a2:55:81:19:c3:
         00:21:d1:31:8d:2c:e5:1a:f2:73:17:ae:03:41:76:c2:25:1d:
         87:d9:d9:b7:bf:90:01:3b:62:7a:f0:e6:26:f7:95:5c:ed:1f:
         d6:9e:a0:a9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvC8OYVHqhWAOwAtvy/65MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZTcyOWE1NGNjNzZiODg5YzgzMmUwZDEzOTU4OTRhZjdj
MGU1ZmUwHhcNMjQwMTAyMTAzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTNhYmZlMmE1Y2ExNTgwMmM0Yjg5YjI5NWM5OGY5ZDJhY2JkNmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiYDeFCFH2geDxFlOpIH4491wFrm7
KNaB9nzskLY19nDHzwF71TZCmAqMoY2gpW8RO++B2chX1OiKa4kqhlbjxDXziEpx
6rV/vFWnzdYGfRD6Wejhfc/S6qV8D0OpxbhctLFVwWxlOHv1ocz1BW+eIZDnzFHc
geU/nfOokW7Bg4JdafEnDk44OqSM3cDTp6LSSFMnqYIEFZ5RCKSADo9mqaxpm1CT
i3iNnQi4vE4SOarT0kMiZaNnzrZ0RRXDrX0elIZy4SrQdyNVIFMviUomqtQoLmf0
+tmd8OtcFtDJ5QeJCSN+v/d6mw8Kz32Y0qpZQ/znHp8FWx6zxS0Ndcfb+wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFo6v+KlyhWALEuJspXJj50qy9a/MB8GA1UdIwQY
MBaAFPDnKaVMx2uInIMuDROViUr3wOX+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE9jcHBVekhhNGljZ3k0TkU1V0pTdmZBNWY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC8zNjBkZTctNmZkYy00MDY3LThmNGQt
Njc2YjUyMDk2Y2Y4LzEvV2pxXzRxWEtGWUFzUzRteWxjbVBuU3JMMXI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC8zNjBkZTctNmZkYy00MDY3LThmNGQtNjc2YjUyMDk2Y2Y4
LzEvOE9jcHBVekhhNGljZ3k0TkU1V0pTdmZBNWY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhJTQwAB
MA0GCSqGSIb3DQEBCwUAA4IBAQBjmS2biPcbjJxJADqA2mo+itwVFUGR5pyp7k5i
uZOyFSvWeWAbQCWhWIQBscqlbcrpJH1SOAFSKCCanbmJVJQJiAkTtV+tCdiq6OuF
eC84+AkHZ1HJ7Q0oMvmnxroO1eRQgVUxRIsKJSmV2ydBhwpQiwX5UCd6aPGzBXBS
0qLMDBaWwTi0gWQaEdZve9baGSjR59eP5qqf4BqHlJO/ivKd+fvw46Rl49kgMrU2
aresJQEaCL6m0cCG85sd9hhdl/CJyT938IFnrjpEJK9ryq9gfKOAolWBGcMAIdEx
jSzlGvJzF64DQXbCJR2H2dm3v5ABO2J68OYm95Vc7R/WnqCp
-----END CERTIFICATE-----