Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/Ww3QFrBBPhpwAl7mRt-Itp0xrdE.roa
File:                     Ww3QFrBBPhpwAl7mRt-Itp0xrdE.roa (raw, json)
Hash identifier:          sog2kRkfH6oiAs3g2Z8X0J+7kikKM+3VZnFZGtK1Mj0=
Subject key identifier:   5B:0D:D0:16:B0:41:3E:1A:70:02:5E:E6:46:DF:88:B6:9D:31:AD:D1
Certificate issuer:       /CN=5776d9a0b55bd495a1be3c5c03fa251d3de8b8c5
Certificate serial:       019427B549CE0467B15D3006F7C36050B6A0
Authority key identifier: 57:76:D9:A0:B5:5B:D4:95:A1:BE:3C:5C:03:FA:25:1D:3D:E8:B8:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V3bZoLVb1JWhvjxcA_olHT3ouMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/Ww3QFrBBPhpwAl7mRt-Itp0xrdE.roa
Signing time:             Thu 02 Jan 2025 15:49:39 +0000
ROA not before:           Thu 02 Jan 2025 15:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211767
IP address blocks:        2a10:a642::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/V3bZoLVb1JWhvjxcA_olHT3ouMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/V3bZoLVb1JWhvjxcA_olHT3ouMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V3bZoLVb1JWhvjxcA_olHT3ouMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:49:ce:04:67:b1:5d:30:06:f7:c3:60:50:b6:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5776d9a0b55bd495a1be3c5c03fa251d3de8b8c5
        Validity
            Not Before: Jan  2 15:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b0dd016b0413e1a70025ee646df88b69d31add1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:84:04:21:62:d5:b7:27:3e:0c:82:5a:e8:f6:
                    fb:df:bb:b2:68:f3:c0:d9:de:2b:d4:a1:d9:e7:a8:
                    e2:42:4f:0b:bb:b6:ca:b3:9c:b2:e0:30:32:df:85:
                    f0:35:29:70:81:18:c6:24:8d:63:89:63:55:10:1d:
                    7c:56:bc:a2:4d:66:96:4e:2f:f8:b6:92:1d:62:8b:
                    8c:bd:41:3a:fa:b0:69:2b:90:24:5a:7d:1c:e7:15:
                    b0:6f:5f:27:20:91:94:2f:c4:e9:f7:a7:7c:f2:71:
                    d2:9d:09:f8:15:42:e5:a0:92:9d:7a:fb:f6:0f:2f:
                    42:df:3b:ec:62:03:4d:5c:59:00:6a:bc:3d:e4:93:
                    cd:46:24:4a:f3:97:85:3a:f5:1c:70:b5:5f:0d:32:
                    ed:5b:e7:80:ea:c5:21:cf:1f:74:41:75:02:38:9f:
                    bc:43:3e:ed:b2:95:42:a0:87:38:02:8b:6e:b3:1b:
                    66:33:a4:2b:f7:3d:07:27:90:f6:b0:2d:bf:51:81:
                    33:24:da:81:26:ff:3f:82:04:34:d7:b2:8c:d8:34:
                    db:43:9c:9d:c6:81:c3:8b:e6:7f:81:14:1d:74:cc:
                    8c:ad:88:4e:4c:dc:2a:3c:91:59:be:45:2f:17:c4:
                    b1:9b:0f:20:39:f3:e3:e7:15:29:19:68:80:87:c0:
                    fc:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:0D:D0:16:B0:41:3E:1A:70:02:5E:E6:46:DF:88:B6:9D:31:AD:D1
            X509v3 Authority Key Identifier:
                keyid:57:76:D9:A0:B5:5B:D4:95:A1:BE:3C:5C:03:FA:25:1D:3D:E8:B8:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V3bZoLVb1JWhvjxcA_olHT3ouMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/Ww3QFrBBPhpwAl7mRt-Itp0xrdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/5b21e3-3944-4ce6-aaf5-c0ba2f3fc72a/1/V3bZoLVb1JWhvjxcA_olHT3ouMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:a642::/40

    Signature Algorithm: sha256WithRSAEncryption
         0c:e2:40:62:62:69:e6:bd:c6:20:29:6e:fa:c4:1e:14:80:5d:
         ba:90:b9:04:43:d1:97:8d:48:ae:48:ce:ef:1a:3b:e5:04:bf:
         02:47:db:c9:9f:3c:77:7a:95:06:1e:f5:b7:52:e3:72:76:e0:
         88:67:7f:21:ee:1f:2a:49:ab:69:d6:6d:1c:96:78:29:76:a6:
         24:b1:65:f5:4f:38:45:e0:a2:46:00:6d:b8:b9:e8:c1:42:d7:
         2b:2b:37:eb:a7:7a:e2:b3:e2:70:3e:b3:61:82:f8:29:1f:e0:
         ad:02:fc:29:46:fd:53:20:cb:8b:f7:2d:99:43:bc:26:24:36:
         bc:08:a6:26:92:2e:2e:37:93:71:94:16:fd:50:73:95:51:4b:
         24:a5:5a:f0:74:eb:2e:fd:8a:f3:be:1d:ca:13:9e:02:5e:70:
         3f:e0:a2:eb:77:e1:ed:23:ec:e2:66:c3:2c:62:12:79:11:84:
         68:f3:c6:6d:b1:a3:8f:f7:f6:d4:3a:70:d1:c5:3f:f5:55:e8:
         02:40:55:6f:a6:52:cd:68:8f:bd:a5:4f:3b:fd:07:59:32:3a:
         73:c7:ab:b8:02:89:2a:77:46:bd:23:f5:ce:a0:23:9c:f2:dd:
         86:a4:35:ed:7a:0b:9d:c9:d6:de:15:18:4e:45:31:e1:4f:78:
         af:83:24:6b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQntUnOBGexXTAG98NgULagMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NzZkOWEwYjU1YmQ0OTVhMWJlM2M1YzAzZmEyNTFkM2Rl
OGI4YzUwHhcNMjUwMTAyMTU0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjBkZDAxNmIwNDEzZTFhNzAwMjVlZTY0NmRmODhiNjlkMzFhZGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4QEIWLVtyc+DIJa6Pb737uyaPPA
2d4r1KHZ56jiQk8Lu7bKs5yy4DAy34XwNSlwgRjGJI1jiWNVEB18VryiTWaWTi/4
tpIdYouMvUE6+rBpK5AkWn0c5xWwb18nIJGUL8Tp96d88nHSnQn4FULloJKdevv2
Dy9C3zvsYgNNXFkAarw95JPNRiRK85eFOvUccLVfDTLtW+eA6sUhzx90QXUCOJ+8
Qz7tspVCoIc4AotusxtmM6Qr9z0HJ5D2sC2/UYEzJNqBJv8/ggQ017KM2DTbQ5yd
xoHDi+Z/gRQddMyMrYhOTNwqPJFZvkUvF8Sxmw8gOfPj5xUpGWiAh8D8NQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFsN0BawQT4acAJe5kbfiLadMa3RMB8GA1UdIwQY
MBaAFFd22aC1W9SVob48XAP6JR096LjFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjNiWm9MVmIxSldodmp4Y0Ffb2xIVDNvdU1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS81YjIxZTMtMzk0NC00Y2U2LWFhZjUt
YzBiYTJmM2ZjNzJhLzEvV3czUUZyQkJQaHB3QWw3bVJ0LUl0cDB4cmRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS81YjIxZTMtMzk0NC00Y2U2LWFhZjUtYzBiYTJmM2ZjNzJh
LzEvVjNiWm9MVmIxSldodmp4Y0Ffb2xIVDNvdU1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhCmQgAw
DQYJKoZIhvcNAQELBQADggEBAAziQGJiaea9xiApbvrEHhSAXbqQuQRD0ZeNSK5I
zu8aO+UEvwJH28mfPHd6lQYe9bdS43J24IhnfyHuHypJq2nWbRyWeCl2piSxZfVP
OEXgokYAbbi56MFC1ysrN+uneuKz4nA+s2GC+Ckf4K0C/ClG/VMgy4v3LZlDvCYk
NrwIpiaSLi43k3GUFv1Qc5VRSySlWvB06y79ivO+HcoTngJecD/gout34e0j7OJm
wyxiEnkRhGjzxm2xo4/39tQ6cNHFP/VV6AJAVW+mUs1oj72lTzv9B1kyOnPHq7gC
iSp3Rr0j9c6gI5zy3YakNe16C53J1t4VGE5FMeFPeK+DJGs=
-----END CERTIFICATE-----