Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WAnKf7GwwJHt4uA93yoME849i0A.roa
File:                     WAnKf7GwwJHt4uA93yoME849i0A.roa (raw, json)
Hash identifier:          alPOmF8w32d6Cz5AIJRXSxzWXoBWk/g0oGkaMtbnXQI=
Subject key identifier:   58:09:CA:7F:B1:B0:C0:91:ED:E2:E0:3D:DF:2A:0C:13:CE:3D:8B:40
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425228BD313873F37CD0A3A2212F5B2D1
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WAnKf7GwwJHt4uA93yoME849i0A.roa
Signing time:             Thu 02 Jan 2025 03:50:08 +0000
ROA not before:           Thu 02 Jan 2025 03:50:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215669
IP address blocks:        2a0e:97c0:8b0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:8b:d3:13:87:3f:37:cd:0a:3a:22:12:f5:b2:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5809ca7fb1b0c091ede2e03ddf2a0c13ce3d8b40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:79:e4:b4:9b:1b:75:ae:e7:fc:fb:5f:d5:99:
                    a4:80:c6:d1:80:ff:ce:6f:b0:b8:d3:ba:1f:ab:a2:
                    5d:d6:7c:29:b5:95:f1:03:47:d8:ec:0e:9c:a2:89:
                    02:b9:08:e6:31:e0:f8:72:89:53:81:bf:6e:9d:56:
                    83:b2:3d:cb:52:f8:04:1f:00:17:82:10:f2:fa:94:
                    85:48:e3:e0:a0:c4:bf:a5:d7:2a:5b:74:c9:00:30:
                    a9:7b:80:c8:e2:37:a6:a5:4b:e0:9c:10:cf:44:1d:
                    d2:cc:1d:4b:96:11:9c:c9:27:3c:3f:8f:1c:fb:a6:
                    51:b0:fd:b2:61:84:58:8e:80:6f:1e:2f:81:ef:26:
                    c3:29:51:ff:b4:b7:88:85:33:8d:ff:3c:a7:42:f6:
                    f3:fd:1f:65:24:66:68:d4:db:89:76:b6:1d:9c:03:
                    d9:53:2b:a9:25:80:32:23:37:e3:e7:ea:c9:df:0d:
                    b7:e9:14:e7:79:89:a1:3b:eb:f2:72:6b:6a:de:84:
                    3d:ec:06:9b:0b:f8:3f:6c:d4:41:e5:c8:e6:58:9c:
                    ee:6d:60:45:78:f2:6b:4f:85:b5:51:6d:ec:fd:ca:
                    4e:8d:37:3d:4b:fb:f5:48:6a:10:64:71:69:2d:84:
                    66:12:ef:46:88:15:ec:fc:6c:8a:52:26:ca:77:28:
                    a1:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:09:CA:7F:B1:B0:C0:91:ED:E2:E0:3D:DF:2A:0C:13:CE:3D:8B:40
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WAnKf7GwwJHt4uA93yoME849i0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:8b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         cb:b8:1b:fb:57:81:c4:c9:17:3d:0e:b8:92:c1:f9:2a:b2:a5:
         44:17:f3:b7:dc:02:67:2a:1b:d2:56:be:5a:4c:4a:e3:ea:01:
         f9:fb:11:b0:7b:5e:de:bf:34:4a:0c:3c:20:5f:a4:f2:0b:c0:
         b2:3c:eb:1a:48:8d:04:97:91:d5:c0:50:1b:10:bf:17:27:35:
         2a:97:d6:e9:40:a9:a0:4a:9c:df:2c:3a:96:3a:2d:bd:29:ab:
         a7:9b:3a:96:aa:4a:96:97:df:60:38:de:c2:a1:7a:d2:ec:8f:
         a0:d3:a1:c9:25:7a:06:3f:71:d3:56:3d:95:5e:2a:45:1b:3d:
         fe:24:b7:a7:6d:1c:96:d6:82:0b:a1:7c:48:e9:9c:6a:8e:3b:
         51:4b:31:8e:3e:20:3e:89:d1:bd:14:65:37:ad:4a:04:46:dc:
         56:e5:a0:07:5a:86:5d:fc:06:72:21:90:24:8c:84:09:10:e6:
         cc:64:55:73:75:8e:e2:06:bb:03:35:1a:40:71:ce:05:7e:d5:
         4c:eb:13:2f:a1:48:24:9b:54:f2:de:d6:20:c2:ae:2e:c2:a7:
         40:28:99:4f:80:a6:53:11:26:71:fa:ef:63:83:e9:87:bc:b8:
         6d:87:c3:69:22:95:e3:05:e9:9a:65:ca:92:05:52:1d:c1:e0:
         58:f7:75:a3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIovTE4c/N80KOiIS9bLRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODA5Y2E3ZmIxYjBjMDkxZWRlMmUwM2RkZjJhMGMxM2NlM2Q4YjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXnktJsbda7n/Ptf1ZmkgMbRgP/O
b7C407ofq6Jd1nwptZXxA0fY7A6cookCuQjmMeD4colTgb9unVaDsj3LUvgEHwAX
ghDy+pSFSOPgoMS/pdcqW3TJADCpe4DI4jempUvgnBDPRB3SzB1LlhGcySc8P48c
+6ZRsP2yYYRYjoBvHi+B7ybDKVH/tLeIhTON/zynQvbz/R9lJGZo1NuJdrYdnAPZ
UyupJYAyIzfj5+rJ3w236RTneYmhO+vycmtq3oQ97AabC/g/bNRB5cjmWJzubWBF
ePJrT4W1UW3s/cpOjTc9S/v1SGoQZHFpLYRmEu9GiBXs/GyKUibKdyih2wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFgJyn+xsMCR7eLgPd8qDBPOPYtAMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvV0FuS2Y3R3d3Skh0NHVBOTN5b01FODQ5aTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAiw
MA0GCSqGSIb3DQEBCwUAA4IBAQDLuBv7V4HEyRc9DriSwfkqsqVEF/O33AJnKhvS
Vr5aTErj6gH5+xGwe17evzRKDDwgX6TyC8CyPOsaSI0El5HVwFAbEL8XJzUql9bp
QKmgSpzfLDqWOi29KaunmzqWqkqWl99gON7CoXrS7I+g06HJJXoGP3HTVj2VXipF
Gz3+JLenbRyW1oILoXxI6ZxqjjtRSzGOPiA+idG9FGU3rUoERtxW5aAHWoZd/AZy
IZAkjIQJEObMZFVzdY7iBrsDNRpAcc4FftVM6xMvoUgkm1Ty3tYgwq4uwqdAKJlP
gKZTESZx+u9jg+mHvLhth8NpIpXjBemaZcqSBVIdweBY93Wj
-----END CERTIFICATE-----