Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/WymygCcy2Cth2XCvGhpRvzNvm8U.roa
File:                     WymygCcy2Cth2XCvGhpRvzNvm8U.roa (raw, json)
Hash identifier:          saRq3HRvr89AG4wdqhPbp/MCJcv27U/aycPomon4sMw=
Subject key identifier:   5B:29:B2:80:27:32:D8:2B:61:D9:70:AF:1A:1A:51:BF:33:6F:9B:C5
Certificate issuer:       /CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
Certificate serial:       018CC5DCFB40A24962A11BC1ED69FE0F9B6A
Authority key identifier: 0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/WymygCcy2Cth2XCvGhpRvzNvm8U.roa
Signing time:             Mon 01 Jan 2024 16:30:42 +0000
ROA not before:           Mon 01 Jan 2024 16:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212359
IP address blocks:        2a0f:607:1024::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:fb:40:a2:49:62:a1:1b:c1:ed:69:fe:0f:9b:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c21b925b4c4bcc30f77c9c41ba8d040ac95dfc6
        Validity
            Not Before: Jan  1 16:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b29b2802732d82b61d970af1a1a51bf336f9bc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:2b:02:08:2a:68:3b:8f:58:a4:f1:00:1b:0e:
                    f9:87:c5:90:0b:6d:22:c4:0f:00:3c:cc:a1:19:b1:
                    2f:54:cc:70:71:84:c6:6a:4f:5f:6c:9e:73:51:be:
                    60:f6:2f:26:0a:6a:96:58:9f:20:45:e5:33:85:51:
                    87:d0:c2:80:39:fb:ed:8c:94:cd:02:66:17:d3:fa:
                    ce:67:a7:0d:2a:1f:89:55:bd:54:50:88:5a:a0:b0:
                    99:36:bf:e0:8b:28:30:b1:a3:9a:d1:59:b3:88:6a:
                    86:b9:f7:e3:3e:62:53:2a:02:58:2d:93:79:a5:24:
                    47:c8:bb:49:ae:53:44:27:3d:d1:a7:f2:50:df:10:
                    c6:01:e0:43:5b:4a:19:5b:da:f0:81:1e:97:d5:e1:
                    87:04:ef:84:3e:82:d3:59:49:3f:78:ff:75:d7:03:
                    e0:8c:08:6f:ec:89:0e:9a:29:df:55:53:be:f3:2d:
                    eb:f6:24:cd:72:33:4a:cd:c4:81:6c:73:19:6a:e4:
                    a6:29:4d:65:07:e8:34:58:cb:3e:30:b8:e7:a9:df:
                    92:29:63:dd:8d:4b:ed:4d:50:7c:d9:ba:9b:d2:77:
                    91:fb:a4:4d:86:56:3a:b4:58:02:ba:a1:01:4c:69:
                    84:67:11:3d:c9:df:32:69:71:da:13:a2:7d:6b:a6:
                    c8:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:29:B2:80:27:32:D8:2B:61:D9:70:AF:1A:1A:51:BF:33:6F:9B:C5
            X509v3 Authority Key Identifier:
                keyid:0C:21:B9:25:B4:C4:BC:C3:0F:77:C9:C4:1B:A8:D0:40:AC:95:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DCG5JbTEvMMPd8nEG6jQQKyV38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/WymygCcy2Cth2XCvGhpRvzNvm8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/c0bd67-f7dd-4ce2-ab7e-a347564158f8/1/DCG5JbTEvMMPd8nEG6jQQKyV38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:607:1024::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:13:a8:60:76:dd:1e:01:97:30:e7:9d:b1:39:b8:0f:c3:6c:
         52:e7:73:fa:8d:66:ab:bd:b3:c6:38:85:d3:b9:38:49:a6:91:
         62:c9:c0:de:aa:af:27:3b:9b:a9:4a:ea:92:da:23:b3:70:f6:
         71:98:48:eb:c3:b2:c9:d3:15:b7:0c:40:33:82:c7:98:30:fc:
         85:1f:c2:9e:15:15:58:86:3e:c6:cb:db:19:1f:81:dc:e0:9d:
         91:f1:62:23:3f:0c:bf:15:83:8c:60:1f:ef:9b:a3:0d:82:2f:
         36:35:3d:07:5f:bf:63:cc:ac:1a:6a:f4:75:59:b2:04:a9:c0:
         1b:a9:3c:d4:2d:aa:48:75:2e:d2:c2:8a:0d:b8:5a:25:7e:43:
         9f:1a:89:d6:d5:90:be:24:d3:60:84:17:b0:aa:2a:79:8f:1f:
         c2:0f:06:cb:4a:45:b6:49:b2:e0:b5:5d:11:c2:e6:55:28:b5:
         3c:00:8b:78:54:d6:aa:88:bd:3e:52:fd:7a:77:14:df:2c:5f:
         22:2e:76:94:24:2f:c2:ee:4b:79:14:95:b9:46:a3:40:8a:af:
         3d:14:83:de:ce:90:64:4f:ca:02:43:ac:bb:d2:6d:de:e7:8d:
         d6:a0:64:32:25:dc:3a:c6:b7:e7:54:3f:a5:b3:b9:13:a4:ae:
         c0:94:79:0e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzF3PtAoklioRvB7Wn+D5tqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMjFiOTI1YjRjNGJjYzMwZjc3YzljNDFiYThkMDQwYWM5
NWRmYzYwHhcNMjQwMTAxMTYzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjI5YjI4MDI3MzJkODJiNjFkOTcwYWYxYTFhNTFiZjMzNmY5YmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSsCCCpoO49YpPEAGw75h8WQC20i
xA8APMyhGbEvVMxwcYTGak9fbJ5zUb5g9i8mCmqWWJ8gReUzhVGH0MKAOfvtjJTN
AmYX0/rOZ6cNKh+JVb1UUIhaoLCZNr/giygwsaOa0VmziGqGuffjPmJTKgJYLZN5
pSRHyLtJrlNEJz3Rp/JQ3xDGAeBDW0oZW9rwgR6X1eGHBO+EPoLTWUk/eP911wPg
jAhv7IkOminfVVO+8y3r9iTNcjNKzcSBbHMZauSmKU1lB+g0WMs+MLjnqd+SKWPd
jUvtTVB82bqb0neR+6RNhlY6tFgCuqEBTGmEZxE9yd8yaXHaE6J9a6bIXwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFspsoAnMtgrYdlwrxoaUb8zb5vFMB8GA1UdIwQY
MBaAFAwhuSW0xLzDD3fJxBuo0ECsld/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2Ut
YTM0NzU2NDE1OGY4LzEvV3lteWdDY3kyQ3RoMlhDdkdocFJ2ek52bThVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jMGJkNjctZjdkZC00Y2UyLWFiN2UtYTM0NzU2NDE1OGY4
LzEvRENHNUpiVEV2TU1QZDhuRUc2alFRS3lWMzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg8GBxAk
MA0GCSqGSIb3DQEBCwUAA4IBAQCHE6hgdt0eAZcw552xObgPw2xS53P6jWarvbPG
OIXTuThJppFiycDeqq8nO5upSuqS2iOzcPZxmEjrw7LJ0xW3DEAzgseYMPyFH8Ke
FRVYhj7Gy9sZH4Hc4J2R8WIjPwy/FYOMYB/vm6MNgi82NT0HX79jzKwaavR1WbIE
qcAbqTzULapIdS7SwooNuFolfkOfGonW1ZC+JNNghBewqip5jx/CDwbLSkW2SbLg
tV0RwuZVKLU8AIt4VNaqiL0+Uv16dxTfLF8iLnaUJC/C7kt5FJW5RqNAiq89FIPe
zpBkT8oCQ6y70m3e543WoGQyJdw6xrfnVD+ls7kTpK7AlHkO
-----END CERTIFICATE-----