Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/1WNYYNS7RX-CeZ_6JxRjUdD-q2A.roa
File:                     1WNYYNS7RX-CeZ_6JxRjUdD-q2A.roa (raw, json)
Hash identifier:          wxMlsJGdNKU4KY3gfHml6end/i1xs49sClefHW/FEbI=
Subject key identifier:   D5:63:58:60:D4:BB:45:7F:82:79:9F:FA:27:14:63:51:D0:FE:AB:60
Certificate issuer:       /CN=505127723ea0cfd0724713b291734caa353e20ea
Certificate serial:       01979CE724CE3B3AE09E7C72603202B16A31
Authority key identifier: 50:51:27:72:3E:A0:CF:D0:72:47:13:B2:91:73:4C:AA:35:3E:20:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UFEncj6gz9ByRxOykXNMqjU-IOo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/1WNYYNS7RX-CeZ_6JxRjUdD-q2A.roa
Signing time:             Mon 23 Jun 2025 13:08:03 +0000
ROA not before:           Mon 23 Jun 2025 13:08:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        2a07:4584::/30 maxlen: 32
                          2a07:a900::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/UFEncj6gz9ByRxOykXNMqjU-IOo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/UFEncj6gz9ByRxOykXNMqjU-IOo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UFEncj6gz9ByRxOykXNMqjU-IOo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9c:e7:24:ce:3b:3a:e0:9e:7c:72:60:32:02:b1:6a:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=505127723ea0cfd0724713b291734caa353e20ea
        Validity
            Not Before: Jun 23 13:08:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5635860d4bb457f82799ffa27146351d0feab60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:12:e5:38:49:ba:78:43:00:a3:13:76:d1:79:
                    2f:40:9d:5a:78:f7:1b:6a:8f:89:4a:cf:17:8a:e8:
                    75:04:6e:84:a0:f3:0a:1d:16:d9:9e:70:cb:8c:8f:
                    dd:f4:ee:ef:fb:b6:42:f2:b0:57:a9:a1:b1:49:9d:
                    66:4e:79:eb:d5:cf:43:0c:56:f1:70:4c:ca:d4:f1:
                    ef:96:74:d0:23:71:1f:75:de:1c:29:02:a1:f2:e3:
                    47:11:8c:ad:e5:7d:75:50:95:7c:cf:73:1b:95:7a:
                    bb:10:07:79:1c:92:9a:09:b1:9c:6e:7c:df:69:8b:
                    76:b1:05:d0:40:38:b1:57:e7:4e:80:6b:60:73:ae:
                    b9:77:34:c6:9b:a7:0d:3a:3c:da:c6:b1:94:6a:a5:
                    c1:9e:4f:2f:c2:e4:7e:ce:24:9a:1f:cd:27:b5:73:
                    25:ba:6d:8e:61:c8:98:b3:4a:49:d0:97:e7:9e:58:
                    f9:41:c6:3d:40:2a:36:af:d5:56:a6:10:79:3b:28:
                    70:50:d8:fb:c3:f2:e9:26:af:9d:1a:ab:71:be:b7:
                    d5:8c:9b:70:5d:7c:9d:a3:51:d7:eb:89:84:d8:0c:
                    75:60:fd:ee:08:98:1e:06:4a:1a:44:b6:e5:70:6a:
                    6c:a4:f3:72:2a:74:7a:b1:2d:e2:b0:3c:ce:e5:ff:
                    be:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:63:58:60:D4:BB:45:7F:82:79:9F:FA:27:14:63:51:D0:FE:AB:60
            X509v3 Authority Key Identifier:
                keyid:50:51:27:72:3E:A0:CF:D0:72:47:13:B2:91:73:4C:AA:35:3E:20:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UFEncj6gz9ByRxOykXNMqjU-IOo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/1WNYYNS7RX-CeZ_6JxRjUdD-q2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/a90423-0b4b-499f-be66-55608b694456/1/UFEncj6gz9ByRxOykXNMqjU-IOo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:4584::/30
                  2a07:a900::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:ba:0b:fa:62:86:51:8a:0d:ee:7e:ed:79:f2:bb:ae:c5:0a:
         a4:9e:b7:c8:01:33:82:61:89:7d:e9:1a:7f:c3:22:0d:14:bf:
         de:45:48:8a:54:b4:fe:f3:51:3f:61:47:20:57:61:72:9b:1f:
         8d:a1:74:13:39:fb:df:a0:fb:6f:01:28:01:a6:a9:ac:d9:cd:
         f9:61:bf:fd:58:42:39:b1:18:e5:d9:e0:b3:d9:cd:7f:ee:74:
         bc:4d:df:62:80:b8:89:d4:1f:54:9c:c0:a2:3c:74:6b:d5:e2:
         00:57:3d:e2:cb:64:f3:35:59:cf:51:0a:33:4f:35:17:4f:bd:
         2a:33:9f:12:27:72:95:0b:bc:b5:2d:39:57:65:cd:5d:ec:97:
         88:0d:d6:2a:92:13:47:36:b7:80:fb:89:1b:95:47:cd:7e:87:
         70:88:bc:8b:bd:c1:3a:d7:cd:78:3d:ab:0f:c8:a1:50:05:cf:
         53:c4:c7:d4:d1:4b:74:48:84:34:58:32:8e:5f:b1:f1:95:c7:
         3c:3d:8c:78:99:ed:d6:24:6b:fb:d6:ac:43:3f:65:1a:98:9d:
         39:63:54:63:93:94:fe:45:c4:cc:0b:d2:ce:cf:5c:4f:2d:87:
         c7:25:67:40:d0:a4:71:7b:29:3e:6b:66:44:aa:9d:e1:f6:7a:
         0e:36:8c:60
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZec5yTOOzrgnnxyYDICsWoxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwNTEyNzcyM2VhMGNmZDA3MjQ3MTNiMjkxNzM0Y2FhMzUz
ZTIwZWEwHhcNMjUwNjIzMTMwODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTYzNTg2MGQ0YmI0NTdmODI3OTlmZmEyNzE0NjM1MWQwZmVhYjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxLlOEm6eEMAoxN20XkvQJ1aePcb
ao+JSs8Xiuh1BG6EoPMKHRbZnnDLjI/d9O7v+7ZC8rBXqaGxSZ1mTnnr1c9DDFbx
cEzK1PHvlnTQI3Efdd4cKQKh8uNHEYyt5X11UJV8z3MblXq7EAd5HJKaCbGcbnzf
aYt2sQXQQDixV+dOgGtgc665dzTGm6cNOjzaxrGUaqXBnk8vwuR+ziSaH80ntXMl
um2OYciYs0pJ0Jfnnlj5QcY9QCo2r9VWphB5OyhwUNj7w/LpJq+dGqtxvrfVjJtw
XXydo1HX64mE2Ax1YP3uCJgeBkoaRLblcGpspPNyKnR6sS3isDzO5f++hwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNVjWGDUu0V/gnmf+icUY1HQ/qtgMB8GA1UdIwQY
MBaAFFBRJ3I+oM/QckcTspFzTKo1PiDqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUZFbmNqNmd6OUJ5UnhPeWtYTk1xalUtSU9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9hOTA0MjMtMGI0Yi00OTlmLWJlNjYt
NTU2MDhiNjk0NDU2LzEvMVdOWVlOUzdSWC1DZVpfNkp4UmpVZEQtcTJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9hOTA0MjMtMGI0Yi00OTlmLWJlNjYtNTU2MDhiNjk0NDU2
LzEvVUZFbmNqNmd6OUJ5UnhPeWtYTk1xalUtSU9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUCKgdFhAMF
AyoHqQAwDQYJKoZIhvcNAQELBQADggEBAEO6C/pihlGKDe5+7Xnyu67FCqSet8gB
M4JhiX3pGn/DIg0Uv95FSIpUtP7zUT9hRyBXYXKbH42hdBM5+9+g+28BKAGmqazZ
zflhv/1YQjmxGOXZ4LPZzX/udLxN32KAuInUH1ScwKI8dGvV4gBXPeLLZPM1Wc9R
CjNPNRdPvSoznxIncpULvLUtOVdlzV3sl4gN1iqSE0c2t4D7iRuVR81+h3CIvIu9
wTrXzXg9qw/IoVAFz1PEx9TRS3RIhDRYMo5fsfGVxzw9jHiZ7dYka/vWrEM/ZRqY
nTljVGOTlP5FxMwL0s7PXE8th8clZ0DQpHF7KT5rZkSqneH2eg42jGA=
-----END CERTIFICATE-----