Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/HPWAaspm134tLrRTwvq56QPfgww.roa
File:                     HPWAaspm134tLrRTwvq56QPfgww.roa (raw, json)
Hash identifier:          65+AhI0Fun+XhVqpcpEPo+TpHpsdXS6845pDNojihQg=
Subject key identifier:   1C:F5:80:6A:CA:66:D7:7E:2D:2E:B4:53:C2:FA:B9:E9:03:DF:83:0C
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018D1104C475E638474684DC12CAAD0DA889
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/HPWAaspm134tLrRTwvq56QPfgww.roa
Signing time:             Tue 16 Jan 2024 06:45:41 +0000
ROA not before:           Tue 16 Jan 2024 06:45:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52177
IP address blocks:        2a10:2f00:136::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:11:04:c4:75:e6:38:47:46:84:dc:12:ca:ad:0d:a8:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan 16 06:45:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1cf5806aca66d77e2d2eb453c2fab9e903df830c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:15:ca:f1:18:ec:ed:c2:60:cf:d1:cb:8a:61:
                    fc:5f:4f:7c:e0:bd:20:b9:ad:7e:61:d8:26:01:c2:
                    16:42:5c:c6:c9:6f:62:26:6d:74:c3:1b:5f:a4:bd:
                    0e:ed:b9:45:7f:3a:fb:96:80:d4:fa:95:fe:4f:94:
                    b3:7b:3a:2a:8f:d5:c5:c3:49:50:ff:08:24:39:dd:
                    23:7e:21:f7:ae:18:e4:62:94:88:69:d6:5c:fb:d8:
                    8e:8c:ed:4d:1c:65:1b:4a:c1:d4:b0:25:ad:62:90:
                    94:b6:f1:ec:70:46:2b:e4:9e:42:f2:82:49:8b:33:
                    95:d4:d4:a8:37:47:a9:80:26:12:b3:cd:78:62:3d:
                    69:8c:ec:a6:9a:64:81:dc:32:c3:82:12:17:e4:36:
                    c4:f6:28:f4:58:0b:7b:3b:15:48:0e:71:cf:91:90:
                    6d:30:92:93:1e:2a:60:26:1d:83:bf:17:8b:d5:0f:
                    c4:c4:d6:10:a2:4d:50:9b:99:f4:7b:ff:73:e1:53:
                    92:5e:40:e7:b0:f9:cb:be:ae:cb:48:7f:e3:a7:9d:
                    eb:b4:75:91:97:3f:57:50:c4:4e:ff:f6:f7:d8:4f:
                    d3:d7:a8:f8:22:a8:ab:3c:6c:ba:cf:ba:86:95:f6:
                    6b:d8:80:c1:25:f7:ab:a3:19:d0:f4:04:c7:ee:ae:
                    6c:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:F5:80:6A:CA:66:D7:7E:2D:2E:B4:53:C2:FA:B9:E9:03:DF:83:0C
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/HPWAaspm134tLrRTwvq56QPfgww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:136::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:e8:b1:77:e0:f5:69:0c:d8:24:88:3d:60:98:71:ea:c8:94:
         23:25:d4:68:ff:ac:5e:d5:00:64:31:d6:6d:68:8f:47:56:f4:
         60:03:e8:fd:ee:34:ba:b5:f6:91:01:5c:88:ba:f3:1c:86:0d:
         6a:c5:79:c3:dd:59:39:f6:35:e7:74:73:b3:a4:fb:9e:f9:51:
         b4:01:3a:0e:09:24:4c:30:94:4b:cd:bb:cd:ef:3a:cb:91:3e:
         97:55:9b:17:a9:e6:5b:98:26:55:76:63:77:0d:01:64:28:0a:
         53:b2:21:54:5a:08:96:9e:ab:60:a4:b0:12:7f:60:f0:a6:4b:
         4b:ae:62:b9:8e:07:c6:84:e2:fd:eb:69:f3:a2:e2:23:ea:62:
         bc:ff:b7:63:3d:e9:54:98:b4:77:23:1a:b4:a0:1f:ed:76:48:
         2d:8d:2c:5a:45:06:38:68:25:be:b2:95:f2:68:05:e5:0e:19:
         5f:dd:26:58:81:04:92:ce:f3:ef:21:8d:f9:09:f2:11:f2:53:
         fa:ad:88:69:26:ef:be:9c:dd:ed:8e:1f:42:c5:db:67:55:30:
         ea:02:6c:00:e9:70:8c:5f:c1:fe:54:fd:da:76:a6:04:e5:e9:
         73:ea:d7:83:dc:a1:45:c3:3b:a1:f9:f4:93:c9:a9:72:bf:48:
         4a:fc:16:ac
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY0RBMR15jhHRoTcEsqtDaiJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTE2MDY0NTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2Y1ODA2YWNhNjZkNzdlMmQyZWI0NTNjMmZhYjllOTAzZGY4MzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhXK8Rjs7cJgz9HLimH8X0984L0g
ua1+YdgmAcIWQlzGyW9iJm10wxtfpL0O7blFfzr7loDU+pX+T5Szezoqj9XFw0lQ
/wgkOd0jfiH3rhjkYpSIadZc+9iOjO1NHGUbSsHUsCWtYpCUtvHscEYr5J5C8oJJ
izOV1NSoN0epgCYSs814Yj1pjOymmmSB3DLDghIX5DbE9ij0WAt7OxVIDnHPkZBt
MJKTHipgJh2DvxeL1Q/ExNYQok1Qm5n0e/9z4VOSXkDnsPnLvq7LSH/jp53rtHWR
lz9XUMRO//b32E/T16j4IqirPGy6z7qGlfZr2IDBJferoxnQ9ATH7q5seQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBz1gGrKZtd+LS60U8L6uekD34MMMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSFBXQWFzcG0xMzR0THJSVHd2cTU2UVBmZ3d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAE2
MA0GCSqGSIb3DQEBCwUAA4IBAQAk6LF34PVpDNgkiD1gmHHqyJQjJdRo/6xe1QBk
MdZtaI9HVvRgA+j97jS6tfaRAVyIuvMchg1qxXnD3Vk59jXndHOzpPue+VG0AToO
CSRMMJRLzbvN7zrLkT6XVZsXqeZbmCZVdmN3DQFkKApTsiFUWgiWnqtgpLASf2Dw
pktLrmK5jgfGhOL962nzouIj6mK8/7djPelUmLR3Ixq0oB/tdkgtjSxaRQY4aCW+
spXyaAXlDhlf3SZYgQSSzvPvIY35CfIR8lP6rYhpJu++nN3tjh9CxdtnVTDqAmwA
6XCMX8H+VP3adqYE5elz6teD3KFFwzuh+fSTyalyv0hK/Bas
-----END CERTIFICATE-----