Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/WO4GFO2B1aEVGCxfvhl2Wz8bFU0.roa
File:                     WO4GFO2B1aEVGCxfvhl2Wz8bFU0.roa (raw, json)
Hash identifier:          grv95K4SX+/r4parzC4LaBthdm1CamJi4r36q+CwZ8Y=
Subject key identifier:   58:EE:06:14:ED:81:D5:A1:15:18:2C:5F:BE:19:76:5B:3F:1B:15:4D
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       0192CA5455000BFD4A0F041976E9538B748C
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/WO4GFO2B1aEVGCxfvhl2Wz8bFU0.roa
Signing time:             Sat 26 Oct 2024 19:36:17 +0000
ROA not before:           Sat 26 Oct 2024 19:36:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215420
IP address blocks:        2a10:3f80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ca:54:55:00:0b:fd:4a:0f:04:19:76:e9:53:8b:74:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Oct 26 19:36:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58ee0614ed81d5a115182c5fbe19765b3f1b154d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:01:1e:e2:31:cf:ef:f4:82:95:dd:55:2c:7f:
                    54:82:b6:25:17:7f:f4:02:3f:68:bc:34:13:1a:b9:
                    24:10:9a:24:73:26:bb:10:11:67:e3:15:56:c8:c2:
                    f2:0f:03:cc:18:72:fe:6a:97:d6:bc:1a:98:30:6d:
                    4c:78:98:be:c8:aa:38:5f:c2:24:40:8f:e2:95:c8:
                    62:86:b7:b2:79:f8:70:a7:2d:de:fc:ef:d0:c7:5b:
                    b4:81:c5:35:37:e0:98:e1:b2:e4:bf:88:f0:16:99:
                    09:76:5e:c7:8d:d3:f5:90:c1:df:0e:7e:7b:44:01:
                    27:6d:3a:e7:d4:57:54:7e:66:30:65:3e:5f:c5:3a:
                    ce:70:34:4e:9c:60:52:cc:7d:f3:c9:c4:23:fa:ae:
                    0d:91:40:07:51:ff:7b:70:28:72:2f:06:d9:87:1c:
                    83:f1:da:8a:ef:6a:e6:2d:1f:c8:30:6d:d5:38:76:
                    04:b6:35:ed:6e:d2:34:fa:2a:ba:43:50:ca:32:92:
                    fe:bd:52:65:ff:8f:36:74:24:3a:86:93:b5:85:bb:
                    fa:bb:13:b7:b9:04:59:25:e2:ed:ef:ff:4a:4c:ab:
                    e4:99:1a:18:1a:37:4a:ec:83:4f:e9:95:b1:e3:51:
                    39:0d:a3:bf:2e:32:e8:93:35:5e:c4:85:be:15:3f:
                    de:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:EE:06:14:ED:81:D5:A1:15:18:2C:5F:BE:19:76:5B:3F:1B:15:4D
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/WO4GFO2B1aEVGCxfvhl2Wz8bFU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:3f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         59:38:0e:a2:52:1a:75:76:24:6a:48:39:7b:7a:79:6d:34:ef:
         05:c0:0f:ef:ee:ce:1c:3c:c7:ce:f3:fe:64:62:9d:17:6c:92:
         6f:d3:8d:6a:c5:35:37:16:2a:d3:92:6d:fb:97:74:0d:46:c6:
         2a:4e:9e:9a:98:4a:a2:39:5c:b5:32:f5:1c:6f:a6:25:e7:65:
         8b:71:0b:d2:03:1e:0e:18:bf:71:d6:99:a2:0f:c4:13:ec:10:
         76:62:6e:b6:a8:3f:4f:94:1a:fd:6c:02:f8:f5:ca:63:43:0c:
         c0:89:3f:86:e8:90:59:12:f2:7d:34:d3:38:b2:e8:62:48:10:
         06:34:38:13:f8:df:3f:73:7f:95:7f:50:82:35:08:9d:52:50:
         c3:4b:f8:6a:7a:df:12:06:93:bb:10:28:ea:ff:3f:c1:d2:26:
         39:32:96:d6:31:ee:84:0c:cd:96:c5:b9:d5:c0:8d:b3:a9:dd:
         8c:fc:9c:7c:51:1f:b3:ca:47:48:44:3c:f5:41:8e:63:58:31:
         7a:19:96:72:74:d4:b3:74:37:0a:7c:3e:c7:ce:6a:61:35:cf:
         4d:2c:72:d4:4c:12:91:f0:b1:9e:21:67:0b:b0:01:92:d8:32:
         3f:2b:50:e9:33:75:45:3c:26:8a:66:17:04:22:22:c9:02:87:
         9d:ab:1d:1b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZLKVFUAC/1KDwQZdulTi3SMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQxMDI2MTkzNjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGVlMDYxNGVkODFkNWExMTUxODJjNWZiZTE5NzY1YjNmMWIxNTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQEe4jHP7/SCld1VLH9UgrYlF3/0
Aj9ovDQTGrkkEJokcya7EBFn4xVWyMLyDwPMGHL+apfWvBqYMG1MeJi+yKo4X8Ik
QI/ilchihreyefhwpy3e/O/Qx1u0gcU1N+CY4bLkv4jwFpkJdl7HjdP1kMHfDn57
RAEnbTrn1FdUfmYwZT5fxTrOcDROnGBSzH3zycQj+q4NkUAHUf97cChyLwbZhxyD
8dqK72rmLR/IMG3VOHYEtjXtbtI0+iq6Q1DKMpL+vVJl/482dCQ6hpO1hbv6uxO3
uQRZJeLt7/9KTKvkmRoYGjdK7INP6ZWx41E5DaO/LjLokzVexIW+FT/ebQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFjuBhTtgdWhFRgsX74Zdls/GxVNMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvV080R0ZPMkIxYUVWR0N4ZnZobDJXejhiRlUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhA/gDAN
BgkqhkiG9w0BAQsFAAOCAQEAWTgOolIadXYkakg5e3p5bTTvBcAP7+7OHDzHzvP+
ZGKdF2ySb9ONasU1NxYq05Jt+5d0DUbGKk6emphKojlctTL1HG+mJedli3EL0gMe
Dhi/cdaZog/EE+wQdmJutqg/T5Qa/WwC+PXKY0MMwIk/huiQWRLyfTTTOLLoYkgQ
BjQ4E/jfP3N/lX9QgjUInVJQw0v4anrfEgaTuxAo6v8/wdImOTKW1jHuhAzNlsW5
1cCNs6ndjPycfFEfs8pHSEQ89UGOY1gxehmWcnTUs3Q3Cnw+x85qYTXPTSxy1EwS
kfCxniFnC7ABktgyPytQ6TN1RTwmimYXBCIiyQKHnasdGw==
-----END CERTIFICATE-----