Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/70b504-c2d4-4387-9b75-f45b8dbe2f97/1/wgJ7T8AQs2H25r46HMkqeo3d_74.roa
File:                     wgJ7T8AQs2H25r46HMkqeo3d_74.roa (raw, json)
Hash identifier:          XCTHlnY4cJd2CEBJ6FdccipBHcBm3QzvnHmgWXUepDU=
Subject key identifier:   C2:02:7B:4F:C0:10:B3:61:F6:E6:BE:3A:1C:C9:2A:7A:8D:DD:FF:BE
Certificate issuer:       /CN=d895fa70e3f7df361151d55379d4d9b85dadfd3d
Certificate serial:       018CC8DF5CCACF0075EE7BCA281B02B005F4
Authority key identifier: D8:95:FA:70:E3:F7:DF:36:11:51:D5:53:79:D4:D9:B8:5D:AD:FD:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2JX6cOP33zYRUdVTedTZuF2t_T0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/70b504-c2d4-4387-9b75-f45b8dbe2f97/1/wgJ7T8AQs2H25r46HMkqeo3d_74.roa
Signing time:             Tue 02 Jan 2024 06:32:10 +0000
ROA not before:           Tue 02 Jan 2024 06:32:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208436
IP address blocks:        2a0e:9f40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/70b504-c2d4-4387-9b75-f45b8dbe2f97/1/2JX6cOP33zYRUdVTedTZuF2t_T0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/70b504-c2d4-4387-9b75-f45b8dbe2f97/1/2JX6cOP33zYRUdVTedTZuF2t_T0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2JX6cOP33zYRUdVTedTZuF2t_T0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:5c:ca:cf:00:75:ee:7b:ca:28:1b:02:b0:05:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d895fa70e3f7df361151d55379d4d9b85dadfd3d
        Validity
            Not Before: Jan  2 06:32:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2027b4fc010b361f6e6be3a1cc92a7a8dddffbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:7a:39:09:0c:a9:8a:8e:5e:1b:89:58:10:76:
                    eb:04:fb:78:39:dc:33:31:95:b9:97:28:b7:0b:f1:
                    86:bb:bb:77:35:7b:ed:ff:1a:52:55:f2:c6:0e:a6:
                    be:ab:ee:9a:c8:90:50:94:28:d3:67:4c:c1:d6:66:
                    ca:23:46:5c:13:a3:a9:fd:04:2c:a1:68:43:2c:72:
                    fc:cd:b7:c2:48:23:36:39:71:01:0d:ed:e7:a9:5f:
                    c3:2c:91:65:0b:00:01:99:d6:4e:2c:6f:25:61:82:
                    3c:ae:39:f4:4b:46:31:c5:4a:db:fd:9f:e7:e0:5a:
                    4d:92:d4:25:21:dd:7d:f0:1f:69:02:ff:05:9a:4c:
                    89:98:77:6c:d8:16:90:fc:a1:a5:04:97:ec:64:48:
                    3a:a4:fe:d4:27:89:c0:cf:ab:f3:c8:11:88:1f:ce:
                    1c:81:fe:1b:01:0c:c9:3a:e2:a4:4f:fd:1f:5c:bb:
                    f3:e3:c7:8d:db:1f:7e:98:f8:29:88:0e:0b:49:f5:
                    f7:a1:b9:12:bb:83:7c:47:90:3c:dc:ce:66:ea:78:
                    22:b8:0f:1e:e3:d2:92:c1:e4:4a:25:14:50:a7:8e:
                    33:00:8b:90:75:96:40:e5:3c:a4:95:60:41:17:9e:
                    6a:15:25:6f:46:e8:5e:f8:83:46:fc:db:ca:f1:1d:
                    25:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:02:7B:4F:C0:10:B3:61:F6:E6:BE:3A:1C:C9:2A:7A:8D:DD:FF:BE
            X509v3 Authority Key Identifier:
                keyid:D8:95:FA:70:E3:F7:DF:36:11:51:D5:53:79:D4:D9:B8:5D:AD:FD:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2JX6cOP33zYRUdVTedTZuF2t_T0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/70b504-c2d4-4387-9b75-f45b8dbe2f97/1/wgJ7T8AQs2H25r46HMkqeo3d_74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/70b504-c2d4-4387-9b75-f45b8dbe2f97/1/2JX6cOP33zYRUdVTedTZuF2t_T0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:9f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         6b:b5:5a:38:1a:5d:d9:a3:de:d8:92:e1:fd:e9:8c:2a:4e:c1:
         85:0a:2c:ae:d3:e0:f5:91:07:d7:6a:7e:c5:5f:08:f5:46:37:
         27:19:10:51:35:30:db:bb:ea:d1:00:3f:c5:ec:78:19:b2:63:
         08:35:19:39:ec:a0:6f:af:38:b7:da:94:52:8e:30:be:df:0b:
         c2:f3:09:35:5d:23:25:cc:fd:b3:49:21:0f:c6:31:8e:7a:cf:
         18:9c:93:cc:ab:32:bc:dc:c2:13:f2:9f:e5:99:9e:e6:37:f6:
         77:3a:d9:7d:56:ec:63:40:e8:fe:e6:fe:49:a8:7d:9f:93:b6:
         2f:1f:2e:f5:d3:88:f0:22:51:de:44:8e:31:38:67:f3:23:90:
         c7:ec:4a:ce:ac:70:9b:0a:26:60:fa:28:a9:27:48:85:02:2c:
         44:38:6a:af:93:db:ab:73:59:5a:1c:e9:8a:da:25:cf:6d:96:
         c7:2e:bc:87:55:20:b2:a1:9f:03:7d:cf:12:2b:26:24:33:51:
         59:7a:7b:a7:11:55:d1:7c:be:fd:03:b8:73:f5:4e:d1:23:81:
         01:bb:7f:8b:88:cf:6d:93:b5:86:d1:e0:37:30:1f:b2:7c:8c:
         48:dd:eb:dc:07:aa:f6:03:d2:cd:49:f6:d2:c2:02:f6:03:42:
         79:81:31:fd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzI31zKzwB17nvKKBsCsAX0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4OTVmYTcwZTNmN2RmMzYxMTUxZDU1Mzc5ZDRkOWI4NWRh
ZGZkM2QwHhcNMjQwMTAyMDYzMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjAyN2I0ZmMwMTBiMzYxZjZlNmJlM2ExY2M5MmE3YThkZGRmZmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3o5CQypio5eG4lYEHbrBPt4Odwz
MZW5lyi3C/GGu7t3NXvt/xpSVfLGDqa+q+6ayJBQlCjTZ0zB1mbKI0ZcE6Op/QQs
oWhDLHL8zbfCSCM2OXEBDe3nqV/DLJFlCwABmdZOLG8lYYI8rjn0S0YxxUrb/Z/n
4FpNktQlId198B9pAv8FmkyJmHds2BaQ/KGlBJfsZEg6pP7UJ4nAz6vzyBGIH84c
gf4bAQzJOuKkT/0fXLvz48eN2x9+mPgpiA4LSfX3obkSu4N8R5A83M5m6ngiuA8e
49KSweRKJRRQp44zAIuQdZZA5TyklWBBF55qFSVvRuhe+ING/NvK8R0lIwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMICe0/AELNh9ua+OhzJKnqN3f++MB8GA1UdIwQY
MBaAFNiV+nDj9982EVHVU3nU2bhdrf09MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkpYNmNPUDMzellSVWRWVGVkVFp1RjJ0X1QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi83MGI1MDQtYzJkNC00Mzg3LTliNzUt
ZjQ1YjhkYmUyZjk3LzEvd2dKN1Q4QVFzMkgyNXI0NkhNa3FlbzNkXzc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi83MGI1MDQtYzJkNC00Mzg3LTliNzUtZjQ1YjhkYmUyZjk3
LzEvMkpYNmNPUDMzellSVWRWVGVkVFp1RjJ0X1QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg6fQDAN
BgkqhkiG9w0BAQsFAAOCAQEAa7VaOBpd2aPe2JLh/emMKk7BhQosrtPg9ZEH12p+
xV8I9UY3JxkQUTUw27vq0QA/xex4GbJjCDUZOeygb684t9qUUo4wvt8LwvMJNV0j
Jcz9s0khD8YxjnrPGJyTzKsyvNzCE/Kf5Zme5jf2dzrZfVbsY0Do/ub+Sah9n5O2
Lx8u9dOI8CJR3kSOMThn8yOQx+xKzqxwmwomYPooqSdIhQIsRDhqr5Pbq3NZWhzp
itolz22Wxy68h1UgsqGfA33PEismJDNRWXp7pxFV0Xy+/QO4c/VO0SOBAbt/i4jP
bZO1htHgNzAfsnyMSN3r3Aeq9gPSzUn20sIC9gNCeYEx/Q==
-----END CERTIFICATE-----