Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/0697c0-98ae-44ab-b4ab-b615c5c60652/1/wAvxAueoqpHLtk8XQwnNyU9MpT8.roa
File:                     wAvxAueoqpHLtk8XQwnNyU9MpT8.roa (raw, json)
Hash identifier:          BRt8y2qLbXewc3lf068PubvnKUoQIDgwBq9aCv3+KLU=
Subject key identifier:   C0:0B:F1:02:E7:A8:AA:91:CB:B6:4F:17:43:09:CD:C9:4F:4C:A5:3F
Certificate issuer:       /CN=96dcebaa8cd32dc4bf1d66d0873a1b6f3d73498f
Certificate serial:       019421445C8A86B166BD936D385FF8DE6851
Authority key identifier: 96:DC:EB:AA:8C:D3:2D:C4:BF:1D:66:D0:87:3A:1B:6F:3D:73:49:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ltzrqozTLcS_HWbQhzobbz1zSY8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/0697c0-98ae-44ab-b4ab-b615c5c60652/1/wAvxAueoqpHLtk8XQwnNyU9MpT8.roa
Signing time:             Wed 01 Jan 2025 09:48:35 +0000
ROA not before:           Wed 01 Jan 2025 09:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209621
IP address blocks:        139.28.116.0/22 maxlen: 22
                          2a07:5fc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/0697c0-98ae-44ab-b4ab-b615c5c60652/1/ltzrqozTLcS_HWbQhzobbz1zSY8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/0697c0-98ae-44ab-b4ab-b615c5c60652/1/ltzrqozTLcS_HWbQhzobbz1zSY8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ltzrqozTLcS_HWbQhzobbz1zSY8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:5c:8a:86:b1:66:bd:93:6d:38:5f:f8:de:68:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96dcebaa8cd32dc4bf1d66d0873a1b6f3d73498f
        Validity
            Not Before: Jan  1 09:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c00bf102e7a8aa91cbb64f174309cdc94f4ca53f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:58:13:9b:f4:52:a9:fc:8c:d2:98:74:e1:81:
                    95:9a:45:dd:dc:44:24:bd:9a:11:54:70:7e:31:8b:
                    ab:aa:a9:da:9b:50:4e:72:43:44:1f:bc:7c:c7:0d:
                    90:30:56:ca:5c:6f:7c:d7:79:4a:58:95:69:a7:82:
                    d2:43:af:06:dd:7e:c8:9f:f9:63:9a:f7:c5:d6:d7:
                    19:c2:a5:25:4e:0d:af:85:c9:3a:9d:78:4a:fa:f9:
                    8b:e2:f1:c2:4b:b7:41:57:9b:67:fb:52:cd:99:77:
                    13:c0:53:49:93:cc:61:e9:07:98:12:d8:2a:90:0f:
                    8e:a0:b5:ed:a4:b5:73:22:42:03:63:81:9a:39:bf:
                    03:ac:42:59:ec:88:57:9c:62:87:5f:d3:5c:f1:5b:
                    14:a4:e4:47:56:15:64:60:07:fe:98:a7:25:aa:86:
                    cf:fe:2b:c2:d7:0e:f9:b9:0f:9c:3d:e4:ed:3c:0f:
                    35:a9:6f:85:c1:ec:e9:93:4c:c7:96:17:5f:23:7b:
                    6b:e9:6a:26:e5:1b:08:ec:43:17:e6:46:cb:20:20:
                    8d:3b:78:79:e7:70:36:5f:ea:8c:fd:9b:5e:4a:68:
                    2e:53:ed:0e:a2:0e:e1:bf:87:d0:6a:63:5a:39:f3:
                    fd:c7:7e:df:ad:3d:87:c0:eb:d7:e0:49:a4:3d:d8:
                    10:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:0B:F1:02:E7:A8:AA:91:CB:B6:4F:17:43:09:CD:C9:4F:4C:A5:3F
            X509v3 Authority Key Identifier:
                keyid:96:DC:EB:AA:8C:D3:2D:C4:BF:1D:66:D0:87:3A:1B:6F:3D:73:49:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ltzrqozTLcS_HWbQhzobbz1zSY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/0697c0-98ae-44ab-b4ab-b615c5c60652/1/wAvxAueoqpHLtk8XQwnNyU9MpT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/0697c0-98ae-44ab-b4ab-b615c5c60652/1/ltzrqozTLcS_HWbQhzobbz1zSY8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.116.0/22
                IPv6:
                  2a07:5fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:98:8a:fe:73:37:c0:7c:12:76:9e:f4:b1:05:3b:fc:07:b6:
         8f:33:31:75:6b:c6:82:9a:f7:f6:d2:e0:b9:ec:9b:08:b5:05:
         69:38:74:26:fb:2d:14:3a:ef:79:d0:d3:30:f2:ac:38:ac:d4:
         b6:b4:fa:51:a9:cc:9f:2e:83:71:30:a0:63:80:95:b6:46:9d:
         7a:fe:cb:42:b4:f4:24:0f:74:40:be:63:9d:bc:2d:aa:ab:18:
         c0:a0:9d:03:af:e9:c8:b0:10:0c:55:04:de:b2:b4:66:17:e7:
         9d:e2:75:77:7e:61:0e:52:07:07:d7:41:2f:f6:db:53:78:d9:
         3d:4d:1b:96:e1:d4:14:95:1e:77:7e:10:22:fe:b3:a9:83:33:
         51:05:fb:87:57:bf:83:24:0c:64:e2:3d:64:ac:6d:19:b9:54:
         00:f7:52:d5:fb:5e:8f:24:ff:fa:cb:03:99:1d:2c:8b:b8:1c:
         e0:91:93:08:a2:11:84:66:f7:36:eb:39:6c:f8:5d:ee:8c:ad:
         e4:75:e4:ed:cb:cb:4b:04:19:2d:52:79:2f:0c:b1:cd:08:f8:
         04:79:80:1e:a0:e7:33:90:8c:9d:de:21:6e:32:91:d6:83:f3:
         5e:7a:c9:d1:be:94:e2:ea:77:0a:a8:7f:cb:46:44:21:d1:8d:
         c6:de:87:37
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhRFyKhrFmvZNtOF/43mhRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZGNlYmFhOGNkMzJkYzRiZjFkNjZkMDg3M2ExYjZmM2Q3
MzQ5OGYwHhcNMjUwMTAxMDk0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDBiZjEwMmU3YThhYTkxY2JiNjRmMTc0MzA5Y2RjOTRmNGNhNTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1FgTm/RSqfyM0ph04YGVmkXd3EQk
vZoRVHB+MYurqqnam1BOckNEH7x8xw2QMFbKXG9813lKWJVpp4LSQ68G3X7In/lj
mvfF1tcZwqUlTg2vhck6nXhK+vmL4vHCS7dBV5tn+1LNmXcTwFNJk8xh6QeYEtgq
kA+OoLXtpLVzIkIDY4GaOb8DrEJZ7IhXnGKHX9Nc8VsUpORHVhVkYAf+mKclqobP
/ivC1w75uQ+cPeTtPA81qW+Fwezpk0zHlhdfI3tr6Wom5RsI7EMX5kbLICCNO3h5
53A2X+qM/ZteSmguU+0Oog7hv4fQamNaOfP9x37frT2HwOvX4EmkPdgQywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMAL8QLnqKqRy7ZPF0MJzclPTKU/MB8GA1UdIwQY
MBaAFJbc66qM0y3Evx1m0Ic6G289c0mPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHR6cnFvelRMY1NfSFdiUWh6b2JiejF6U1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC8wNjk3YzAtOThhZS00NGFiLWI0YWIt
YjYxNWM1YzYwNjUyLzEvd0F2eEF1ZW9xcEhMdGs4WFF3bk55VTlNcFQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC8wNjk3YzAtOThhZS00NGFiLWI0YWItYjYxNWM1YzYwNjUy
LzEvbHR6cnFvelRMY1NfSFdiUWh6b2JiejF6U1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCixx0MA0E
AgACMAcDBQMqB1/AMA0GCSqGSIb3DQEBCwUAA4IBAQAPmIr+czfAfBJ2nvSxBTv8
B7aPMzF1a8aCmvf20uC57JsItQVpOHQm+y0UOu950NMw8qw4rNS2tPpRqcyfLoNx
MKBjgJW2Rp16/stCtPQkD3RAvmOdvC2qqxjAoJ0Dr+nIsBAMVQTesrRmF+ed4nV3
fmEOUgcH10Ev9ttTeNk9TRuW4dQUlR53fhAi/rOpgzNRBfuHV7+DJAxk4j1krG0Z
uVQA91LV+16PJP/6ywOZHSyLuBzgkZMIohGEZvc26zls+F3ujK3kdeTty8tLBBkt
UnkvDLHNCPgEeYAeoOczkIyd3iFuMpHWg/NeesnRvpTi6ncKqH/LRkQh0Y3G3oc3
-----END CERTIFICATE-----