Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WLVxIhiYkkBi2TL2XwhXZvAlsZY.roa
File:                     WLVxIhiYkkBi2TL2XwhXZvAlsZY.roa (raw, json)
Hash identifier:          fdjWMuo9Q8HGKjvSCP6mFqtVu5hPoRS0h0NsZhmq1xk=
Subject key identifier:   58:B5:71:22:18:98:92:40:62:D9:32:F6:5F:08:57:66:F0:25:B1:96
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522052D903B306477FF0B889DA53319
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WLVxIhiYkkBi2TL2XwhXZvAlsZY.roa
Signing time:             Thu 02 Jan 2025 03:49:34 +0000
ROA not before:           Thu 02 Jan 2025 03:49:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201911
IP address blocks:        2a0e:97c0:ae0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:05:2d:90:3b:30:64:77:ff:0b:88:9d:a5:33:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58b571221898924062d932f65f085766f025b196
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f6:4f:65:f7:9c:a2:a3:48:f4:3f:4b:a1:97:
                    2b:24:07:f9:6b:91:0f:7c:17:2f:53:8d:fc:6d:25:
                    ff:4a:c9:96:c9:5e:69:28:f6:8e:08:cd:4d:dd:9c:
                    70:41:68:be:f6:dc:4b:c2:49:6d:13:73:41:31:bb:
                    f7:5c:97:f6:5c:db:4f:59:93:1d:7a:2d:a1:a1:22:
                    af:ce:50:31:a2:71:df:54:c1:cc:88:0a:22:da:fd:
                    8d:19:33:73:c5:9f:99:03:be:a0:2f:a8:78:e7:da:
                    21:2a:c8:b7:66:ea:5f:2e:d7:27:ce:31:aa:98:a0:
                    8d:84:f0:cd:c7:58:0d:73:d1:38:51:60:26:1b:d9:
                    f5:8e:ae:70:6f:80:19:11:98:09:8a:12:93:96:95:
                    d4:0a:ff:76:48:18:d1:bf:78:5c:fc:26:e0:87:08:
                    e0:fd:aa:86:f4:d4:e9:d2:fe:12:85:39:0c:8e:7d:
                    0f:60:96:40:4d:1a:62:d1:bd:f9:f0:fd:64:2d:71:
                    92:e4:36:ff:24:18:8c:f5:9c:0a:fe:c9:d1:8f:bc:
                    73:8d:df:1b:12:58:37:86:a2:a0:9c:41:43:9b:93:
                    dd:53:05:b7:c2:85:17:3b:4f:64:2d:cc:cb:c3:9b:
                    c0:de:fb:5d:d5:31:c9:ce:45:01:7b:35:e7:0b:4a:
                    bf:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:B5:71:22:18:98:92:40:62:D9:32:F6:5F:08:57:66:F0:25:B1:96
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WLVxIhiYkkBi2TL2XwhXZvAlsZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:ae0::/44

    Signature Algorithm: sha256WithRSAEncryption
         40:b3:4f:f6:f3:cd:3c:17:a8:17:46:24:a2:62:cb:84:ec:2e:
         b9:47:90:e5:08:d0:50:2b:c0:ad:35:0b:64:5a:09:d0:cb:34:
         92:84:9a:81:73:a4:79:c8:dd:03:09:6c:cf:9e:c2:64:f8:a0:
         02:d1:db:95:0a:4b:99:23:9f:34:f5:05:bc:a9:b1:c9:4f:af:
         9e:0f:4c:63:23:21:67:32:1c:2c:11:95:05:c6:50:2b:9e:94:
         c2:51:7b:01:09:4e:45:0c:d4:55:db:07:c7:32:68:48:04:f6:
         3f:f1:97:88:24:9f:85:3f:cd:0b:89:29:54:e1:a5:90:b8:b1:
         62:67:29:b7:f5:a9:2f:03:6a:cf:09:3c:bd:b1:c4:2c:1d:11:
         b0:a3:20:60:8f:d8:92:c7:04:35:f0:d9:c1:19:f4:a9:80:99:
         7e:09:cb:1f:5f:2a:fd:c9:c9:73:fb:d9:7d:63:38:f6:ee:29:
         b5:1e:4a:22:c3:d7:b4:cf:8b:1a:dc:dd:39:f2:e8:06:6a:b3:
         48:9f:68:55:d1:ae:8d:7c:56:aa:ae:0d:5f:8b:7f:e6:e5:64:
         0d:22:7e:77:73:1f:4c:8b:68:16:63:63:ec:db:82:31:95:61:
         0a:ad:1b:59:9a:a3:95:e6:54:cf:09:62:8b:ea:bd:59:c2:ed:
         fc:83:26:5f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIgUtkDswZHf/C4idpTMZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGI1NzEyMjE4OTg5MjQwNjJkOTMyZjY1ZjA4NTc2NmYwMjViMTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfZPZfecoqNI9D9LoZcrJAf5a5EP
fBcvU438bSX/SsmWyV5pKPaOCM1N3ZxwQWi+9txLwkltE3NBMbv3XJf2XNtPWZMd
ei2hoSKvzlAxonHfVMHMiAoi2v2NGTNzxZ+ZA76gL6h459ohKsi3ZupfLtcnzjGq
mKCNhPDNx1gNc9E4UWAmG9n1jq5wb4AZEZgJihKTlpXUCv92SBjRv3hc/Cbghwjg
/aqG9NTp0v4ShTkMjn0PYJZATRpi0b358P1kLXGS5Db/JBiM9ZwK/snRj7xzjd8b
Elg3hqKgnEFDm5PdUwW3woUXO09kLczLw5vA3vtd1THJzkUBezXnC0q/8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFi1cSIYmJJAYtky9l8IV2bwJbGWMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvV0xWeEloaVlra0JpMlRMMlh3aFhadkFsc1pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwArg
MA0GCSqGSIb3DQEBCwUAA4IBAQBAs0/28808F6gXRiSiYsuE7C65R5DlCNBQK8Ct
NQtkWgnQyzSShJqBc6R5yN0DCWzPnsJk+KAC0duVCkuZI5809QW8qbHJT6+eD0xj
IyFnMhwsEZUFxlArnpTCUXsBCU5FDNRV2wfHMmhIBPY/8ZeIJJ+FP80LiSlU4aWQ
uLFiZym39akvA2rPCTy9scQsHRGwoyBgj9iSxwQ18NnBGfSpgJl+CcsfXyr9yclz
+9l9Yzj27im1Hkoiw9e0z4sa3N058ugGarNIn2hV0a6NfFaqrg1fi3/m5WQNIn53
cx9Mi2gWY2Ps24IxlWEKrRtZmqOV5lTPCWKL6r1Zwu38gyZf
-----END CERTIFICATE-----