Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/wkTUByEYgORXfkOKCtsdZb4pIf8.roa
File:                     wkTUByEYgORXfkOKCtsdZb4pIf8.roa (raw, json)
Hash identifier:          A3YOb2ZKWDOQJc5JV5v2A/VMfneyh3ZfYhub254uGMM=
Subject key identifier:   C2:44:D4:07:21:18:80:E4:57:7E:43:8A:0A:DB:1D:65:BE:29:21:FF
Certificate issuer:       /CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
Certificate serial:       018CC7265FDE9E299517CE9F7126D2BEB38E
Authority key identifier: FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/wkTUByEYgORXfkOKCtsdZb4pIf8.roa
Signing time:             Mon 01 Jan 2024 22:30:30 +0000
ROA not before:           Mon 01 Jan 2024 22:30:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64474
IP address blocks:        2a0d:7440:22::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:5f:de:9e:29:95:17:ce:9f:71:26:d2:be:b3:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd37cc8f16b3c6cbd3346aa3ed61771f3e83ac97
        Validity
            Not Before: Jan  1 22:30:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c244d407211880e4577e438a0adb1d65be2921ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e8:66:a4:23:69:79:7b:d3:a0:5f:2b:76:0a:
                    83:29:95:5b:06:e6:a8:7b:f7:f2:15:ce:14:bd:32:
                    a0:4f:14:ba:7b:0d:40:29:8d:51:2a:91:6b:ac:4e:
                    ec:c9:d7:6a:48:0b:b4:cc:6c:05:ec:dc:be:1a:8d:
                    47:2b:3f:76:46:28:71:9a:b1:2b:2f:a2:d2:db:89:
                    99:fe:a1:1c:dd:70:5b:f4:ed:b5:8a:dc:60:78:7c:
                    d6:0d:74:1d:46:f1:8b:19:c4:f3:79:3c:a7:11:47:
                    4c:3e:b5:f3:55:22:40:a8:74:70:f3:94:80:02:60:
                    8d:2d:c4:14:f8:31:1a:14:f3:b3:53:23:a8:fd:a6:
                    d0:b9:d0:b0:84:33:18:58:90:97:98:23:fa:91:cf:
                    37:62:a7:b9:06:7e:3b:ef:c8:18:dc:73:62:bc:02:
                    03:d1:44:a0:17:78:60:9f:f8:d2:6d:e9:49:09:64:
                    81:26:ee:b5:25:16:20:67:d9:1a:18:84:38:89:08:
                    df:42:9e:0b:3d:16:ac:45:dc:d2:07:9b:99:88:e2:
                    a2:f2:ef:a2:c7:30:41:fb:11:d6:96:5c:e0:e7:a4:
                    fd:39:80:b0:1f:56:17:b1:7c:74:91:28:53:21:c8:
                    39:0c:57:36:85:39:52:fc:47:6e:3e:b0:74:95:0b:
                    fd:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:44:D4:07:21:18:80:E4:57:7E:43:8A:0A:DB:1D:65:BE:29:21:FF
            X509v3 Authority Key Identifier:
                keyid:FD:37:CC:8F:16:B3:C6:CB:D3:34:6A:A3:ED:61:77:1F:3E:83:AC:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_TfMjxazxsvTNGqj7WF3Hz6DrJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/wkTUByEYgORXfkOKCtsdZb4pIf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/05e17f-d31f-431f-a8bc-7e05ab41b6e4/1/_TfMjxazxsvTNGqj7WF3Hz6DrJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:7440:22::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:d3:73:20:76:9c:c2:f6:ea:fb:5b:c1:db:13:fc:a4:9d:b7:
         c9:4c:74:3c:ef:6b:64:61:39:1f:78:d1:b3:52:5e:df:51:c3:
         9e:ec:6a:58:34:41:40:f7:b6:01:4d:cb:0a:f6:2f:71:6f:c0:
         d7:fb:da:8d:4f:6d:94:c6:83:22:58:a3:b3:0a:5b:50:77:8e:
         3e:b1:cd:d9:cf:d8:0f:a8:99:76:c3:80:8c:3b:a9:1a:9c:1a:
         4a:29:e7:f5:eb:ce:6f:16:ed:4a:72:66:f3:3b:92:0f:eb:a0:
         46:85:84:6e:bc:da:e6:a9:5b:2f:08:09:37:b1:88:15:36:3d:
         c9:a6:a9:71:5f:00:08:f5:44:82:8b:eb:5d:ce:9f:ff:4a:65:
         0d:89:20:22:14:9e:d5:ba:84:90:85:5e:9d:81:43:f9:0f:b9:
         8e:ed:50:bf:d7:30:8f:40:c8:62:bf:bf:57:59:72:4c:77:67:
         c9:19:17:38:e9:4c:66:02:33:a2:06:b3:67:1d:8f:7b:ff:40:
         51:9d:85:1b:a1:6a:f3:61:79:2e:6d:d2:a0:76:23:ae:6a:44:
         89:14:af:b9:74:3e:15:61:eb:d5:0d:3a:38:43:bb:bc:d8:fa:
         75:81:df:9b:55:e9:89:a8:5f:4d:86:b9:e1:1c:08:b4:02:39:
         d2:6b:92:20
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzHJl/enimVF86fcSbSvrOOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMzdjYzhmMTZiM2M2Y2JkMzM0NmFhM2VkNjE3NzFmM2U4
M2FjOTcwHhcNMjQwMTAxMjIzMDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjQ0ZDQwNzIxMTg4MGU0NTc3ZTQzOGEwYWRiMWQ2NWJlMjkyMWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuhmpCNpeXvToF8rdgqDKZVbBuao
e/fyFc4UvTKgTxS6ew1AKY1RKpFrrE7syddqSAu0zGwF7Ny+Go1HKz92RihxmrEr
L6LS24mZ/qEc3XBb9O21itxgeHzWDXQdRvGLGcTzeTynEUdMPrXzVSJAqHRw85SA
AmCNLcQU+DEaFPOzUyOo/abQudCwhDMYWJCXmCP6kc83Yqe5Bn4778gY3HNivAID
0USgF3hgn/jSbelJCWSBJu61JRYgZ9kaGIQ4iQjfQp4LPRasRdzSB5uZiOKi8u+i
xzBB+xHWllzg56T9OYCwH1YXsXx0kShTIcg5DFc2hTlS/EduPrB0lQv9nwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMJE1AchGIDkV35DigrbHWW+KSH/MB8GA1UdIwQY
MBaAFP03zI8Ws8bL0zRqo+1hdx8+g6yXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMt
N2UwNWFiNDFiNmU0LzEvd2tUVUJ5RVlnT1JYZmtPS0N0c2RaYjRwSWY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8wNWUxN2YtZDMxZi00MzFmLWE4YmMtN2UwNWFiNDFiNmU0
LzEvX1RmTWp4YXp4c3ZUTkdxajdXRjNIejZEckpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg10QAAi
MA0GCSqGSIb3DQEBCwUAA4IBAQAm03MgdpzC9ur7W8HbE/yknbfJTHQ872tkYTkf
eNGzUl7fUcOe7GpYNEFA97YBTcsK9i9xb8DX+9qNT22UxoMiWKOzCltQd44+sc3Z
z9gPqJl2w4CMO6kanBpKKef1685vFu1KcmbzO5IP66BGhYRuvNrmqVsvCAk3sYgV
Nj3JpqlxXwAI9USCi+tdzp//SmUNiSAiFJ7VuoSQhV6dgUP5D7mO7VC/1zCPQMhi
v79XWXJMd2fJGRc46UxmAjOiBrNnHY97/0BRnYUboWrzYXkubdKgdiOuakSJFK+5
dD4VYevVDTo4Q7u82Pp1gd+bVemJqF9NhrnhHAi0AjnSa5Ig
-----END CERTIFICATE-----