Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/ENWj7CGbdi-VCnxODu_CpLGCWEo.roa
File:                     ENWj7CGbdi-VCnxODu_CpLGCWEo.roa (raw, json)
Hash identifier:          QXx5DrE8ywc/+EeCOaJbUuZMvrWU3cVeZ6lk0teLFrE=
Subject key identifier:   10:D5:A3:EC:21:9B:76:2F:95:0A:7C:4E:0E:EF:C2:A4:B1:82:58:4A
Certificate issuer:       /CN=c2d82ccf0c8dea7d7f6ad72e8e62462d7be20d56
Certificate serial:       018CC86F4FB498B947C38CF604F5F0FB2CA4
Authority key identifier: C2:D8:2C:CF:0C:8D:EA:7D:7F:6A:D7:2E:8E:62:46:2D:7B:E2:0D:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wtgszwyN6n1_atcujmJGLXviDVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/ENWj7CGbdi-VCnxODu_CpLGCWEo.roa
Signing time:             Tue 02 Jan 2024 04:29:47 +0000
ROA not before:           Tue 02 Jan 2024 04:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39912
IP address blocks:        2a04:d200:211::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/wtgszwyN6n1_atcujmJGLXviDVY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/wtgszwyN6n1_atcujmJGLXviDVY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wtgszwyN6n1_atcujmJGLXviDVY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:4f:b4:98:b9:47:c3:8c:f6:04:f5:f0:fb:2c:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2d82ccf0c8dea7d7f6ad72e8e62462d7be20d56
        Validity
            Not Before: Jan  2 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10d5a3ec219b762f950a7c4e0eefc2a4b182584a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0c:f3:c7:d0:79:06:0e:53:37:30:16:0f:40:
                    b3:83:33:00:6d:74:64:dc:ea:09:55:2b:ed:3c:c5:
                    bf:0e:94:dc:6b:fa:12:89:4f:a3:d2:70:8b:b7:87:
                    cc:87:7c:eb:c0:ba:d2:a1:2a:b3:e4:e9:1b:ce:ab:
                    ee:c6:b6:ef:d5:4a:e6:6d:9e:1a:6b:21:0a:6f:6f:
                    60:e6:6b:0c:bf:32:fe:89:e7:8c:3a:59:cd:dd:94:
                    4b:fb:df:f1:b0:18:55:ee:04:62:5d:98:91:ef:9a:
                    a6:e6:bb:43:92:78:03:e1:ee:e2:0c:34:18:85:10:
                    7c:0e:c9:55:4b:fa:0a:57:eb:f7:ce:2c:89:8f:6c:
                    eb:7d:0c:6e:c0:75:ee:70:5c:2d:85:ea:61:81:1e:
                    c8:78:85:a3:ff:32:dc:88:9c:e4:c4:bc:88:d2:5e:
                    9a:71:92:ae:f7:de:2b:df:e6:11:99:4b:0a:6a:d7:
                    c4:1f:3d:9b:77:82:a8:58:cd:55:fa:fa:f9:2e:c4:
                    14:81:8f:76:87:05:5a:54:9d:63:a6:21:fd:cb:7c:
                    07:ba:91:19:94:44:7c:3f:91:87:33:59:3f:09:07:
                    bf:50:87:ee:a1:63:63:e4:f6:26:2f:23:1e:27:e8:
                    6f:94:4d:4d:d6:f4:79:01:fe:2e:c6:69:2f:a2:e6:
                    bb:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:D5:A3:EC:21:9B:76:2F:95:0A:7C:4E:0E:EF:C2:A4:B1:82:58:4A
            X509v3 Authority Key Identifier:
                keyid:C2:D8:2C:CF:0C:8D:EA:7D:7F:6A:D7:2E:8E:62:46:2D:7B:E2:0D:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtgszwyN6n1_atcujmJGLXviDVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/ENWj7CGbdi-VCnxODu_CpLGCWEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/wtgszwyN6n1_atcujmJGLXviDVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:d200:211::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:1a:66:65:c8:14:e4:34:d2:64:35:ea:c3:7a:05:1c:96:46:
         42:97:54:6a:f3:4b:a7:e1:c5:6a:48:9e:b2:4b:63:a9:79:fd:
         f2:ea:b7:7c:35:21:66:04:84:d4:5a:19:2e:f5:e7:91:71:e3:
         15:af:c6:29:94:ea:ff:4a:95:ca:bd:eb:ec:33:49:db:4f:50:
         2e:66:c3:7e:d3:5e:44:6c:b3:9a:b3:19:c9:d5:15:27:a9:59:
         72:1b:3e:26:74:fd:de:c0:76:59:a9:5a:c8:9c:ba:a4:2c:97:
         e0:1b:5d:c2:92:d1:d7:0d:fb:8c:97:f5:b4:e9:71:7f:96:2b:
         a5:6a:84:77:ea:a4:05:bc:de:ab:7b:31:5e:04:d2:1b:0d:b2:
         01:2f:55:96:6b:c0:9b:72:fa:a4:26:b6:92:30:5c:be:f0:18:
         42:70:0f:f5:5d:e4:1c:7a:ff:f9:9a:1b:1a:62:d4:c6:b3:db:
         9b:d8:54:4f:34:ca:5a:c9:b3:1c:80:fe:79:04:b8:4a:c1:6f:
         c4:af:fd:38:62:42:3b:0d:ca:f6:db:90:21:cd:66:a4:80:60:
         f9:ac:e5:92:03:74:fb:73:87:8c:3d:98:ad:2d:df:44:cd:c1:
         de:2e:39:c0:5d:5f:92:2b:b0:b2:52:11:02:e9:36:6c:0c:b9:
         9d:e6:27:1c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb0+0mLlHw4z2BPXw+yykMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDgyY2NmMGM4ZGVhN2Q3ZjZhZDcyZThlNjI0NjJkN2Jl
MjBkNTYwHhcNMjQwMTAyMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGQ1YTNlYzIxOWI3NjJmOTUwYTdjNGUwZWVmYzJhNGIxODI1ODRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwzzx9B5Bg5TNzAWD0CzgzMAbXRk
3OoJVSvtPMW/DpTca/oSiU+j0nCLt4fMh3zrwLrSoSqz5Okbzqvuxrbv1UrmbZ4a
ayEKb29g5msMvzL+ieeMOlnN3ZRL+9/xsBhV7gRiXZiR75qm5rtDkngD4e7iDDQY
hRB8DslVS/oKV+v3ziyJj2zrfQxuwHXucFwthephgR7IeIWj/zLciJzkxLyI0l6a
cZKu994r3+YRmUsKatfEHz2bd4KoWM1V+vr5LsQUgY92hwVaVJ1jpiH9y3wHupEZ
lER8P5GHM1k/CQe/UIfuoWNj5PYmLyMeJ+hvlE1N1vR5Af4uxmkvoua7JwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBDVo+whm3YvlQp8Tg7vwqSxglhKMB8GA1UdIwQY
MBaAFMLYLM8Mjep9f2rXLo5iRi174g1WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3Rnc3p3eU42bjFfYXRjdWptSkdMWHZpRFZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zMjc5NTItNGM2Ni00Yjk1LWI2ZGUt
NDMxMThlNDk2ZDQwLzEvRU5XajdDR2JkaS1WQ254T0R1X0NwTEdDV0VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zMjc5NTItNGM2Ni00Yjk1LWI2ZGUtNDMxMThlNDk2ZDQw
LzEvd3Rnc3p3eU42bjFfYXRjdWptSkdMWHZpRFZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgTSAAIR
MA0GCSqGSIb3DQEBCwUAA4IBAQC/GmZlyBTkNNJkNerDegUclkZCl1Rq80un4cVq
SJ6yS2Opef3y6rd8NSFmBITUWhku9eeRceMVr8YplOr/SpXKvevsM0nbT1AuZsN+
015EbLOasxnJ1RUnqVlyGz4mdP3ewHZZqVrInLqkLJfgG13CktHXDfuMl/W06XF/
liulaoR36qQFvN6rezFeBNIbDbIBL1WWa8CbcvqkJraSMFy+8BhCcA/1XeQcev/5
mhsaYtTGs9ub2FRPNMpaybMcgP55BLhKwW/Er/04YkI7Dcr225AhzWakgGD5rOWS
A3T7c4eMPZitLd9EzcHeLjnAXV+SK7CyUhEC6TZsDLmd5icc
-----END CERTIFICATE-----