Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WM_-qOlmagahRpSB2PhOxleVpOg.roa
File:                     WM_-qOlmagahRpSB2PhOxleVpOg.roa (raw, json)
Hash identifier:          SwoY63tVH3PVEN/dSUh9qa3Od5HSMebTo/QTThsBmT8=
Subject key identifier:   58:CF:FE:A8:E9:66:6A:06:A1:46:94:81:D8:F8:4E:C6:57:95:A4:E8
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD374CE8FB8E43D060D17567D42D4A
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WM_-qOlmagahRpSB2PhOxleVpOg.roa
Signing time:             Tue 02 Jan 2024 10:34:30 +0000
ROA not before:           Tue 02 Jan 2024 10:34:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211544
IP address blocks:        2a0e:97c0:2e0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:37:4c:e8:fb:8e:43:d0:60:d1:75:67:d4:2d:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58cffea8e9666a06a1469481d8f84ec65795a4e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f7:64:ea:31:50:65:4e:84:78:26:48:70:62:
                    c0:1d:45:ba:b1:03:a6:40:29:f5:63:e5:d7:88:dd:
                    7f:bf:c7:f8:20:42:df:97:2d:c4:dd:7b:97:59:4a:
                    bb:75:67:31:28:97:d6:7e:d0:bb:8a:e4:7c:3b:70:
                    ba:10:58:c3:c5:7d:5f:e7:a2:1e:9a:2e:2c:05:58:
                    27:a2:59:28:70:0c:10:cc:ce:e4:47:b9:26:13:c6:
                    73:b8:ac:1f:26:57:e0:09:2c:39:a4:5d:d9:c3:b2:
                    92:4a:2a:b0:ee:34:93:25:4c:3b:e3:13:cb:f0:3a:
                    96:cd:13:02:93:df:93:0c:a0:cf:8b:05:fb:27:ef:
                    b0:2a:ef:8f:e0:67:df:da:7a:26:b9:6f:39:f4:e8:
                    a3:13:ed:a3:31:e8:45:86:1b:97:08:fb:27:db:94:
                    2b:a4:4e:e8:74:7c:d3:6f:ee:67:fd:d4:09:4e:3e:
                    53:78:f6:d2:3b:f5:01:63:08:9c:29:8b:20:d7:d2:
                    a9:1c:87:fc:c3:4f:8a:84:cb:a1:0e:62:65:c9:f2:
                    a6:a2:5a:f0:a5:56:c0:f3:dc:12:38:a1:76:fc:80:
                    47:3e:83:87:fb:2e:ea:b0:f1:94:7e:61:ab:f5:47:
                    f8:b8:e2:f9:d3:94:a9:cf:b0:85:f6:a6:bc:e3:ef:
                    54:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:CF:FE:A8:E9:66:6A:06:A1:46:94:81:D8:F8:4E:C6:57:95:A4:E8
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WM_-qOlmagahRpSB2PhOxleVpOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:2e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         06:88:38:31:53:ad:15:49:d3:13:6a:91:bd:65:14:1e:e6:75:
         ea:c3:f6:c5:50:6d:93:d7:46:ff:e3:95:cd:4f:15:d7:b8:8a:
         36:90:86:e7:79:35:cc:be:d8:fa:e6:65:9c:25:41:26:07:d6:
         3e:08:28:55:95:a0:f7:0c:1f:87:3c:c9:5f:2c:89:89:ed:aa:
         d1:59:4c:ad:cb:72:cf:0f:2e:bc:f7:92:33:7d:56:9d:4a:15:
         da:7c:4c:b0:35:6c:4e:47:14:93:3f:06:2a:83:55:8c:71:5b:
         d7:77:bd:93:96:cd:2b:7a:89:93:bb:db:5c:19:bc:e8:38:c2:
         f8:01:3c:e8:1f:05:fd:93:c5:fd:86:49:51:ab:e0:16:90:58:
         89:1a:cf:1d:41:68:61:3d:7f:01:ed:f4:38:6d:31:18:d8:e8:
         65:5f:bb:ad:7b:90:59:4e:b4:73:30:e6:4e:b5:34:5d:05:87:
         1b:7c:ac:fe:fc:69:a8:b5:e7:15:6c:e9:a1:f2:85:17:c4:3c:
         26:60:46:62:b2:f4:37:21:43:f8:7b:86:98:be:9d:c2:dd:6c:
         ad:8d:b5:54:77:d3:55:93:22:1f:69:4d:2c:d9:05:b4:15:73:
         3c:8b:fb:c7:61:10:52:ac:55:1d:7d:2b:b0:36:fb:13:08:6e:
         b7:79:06:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvTdM6PuOQ9Bg0XVn1C1KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGNmZmVhOGU5NjY2YTA2YTE0Njk0ODFkOGY4NGVjNjU3OTVhNGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvdk6jFQZU6EeCZIcGLAHUW6sQOm
QCn1Y+XXiN1/v8f4IELfly3E3XuXWUq7dWcxKJfWftC7iuR8O3C6EFjDxX1f56Ie
mi4sBVgnolkocAwQzM7kR7kmE8ZzuKwfJlfgCSw5pF3Zw7KSSiqw7jSTJUw74xPL
8DqWzRMCk9+TDKDPiwX7J++wKu+P4Gff2nomuW859OijE+2jMehFhhuXCPsn25Qr
pE7odHzTb+5n/dQJTj5TePbSO/UBYwicKYsg19KpHIf8w0+KhMuhDmJlyfKmolrw
pVbA89wSOKF2/IBHPoOH+y7qsPGUfmGr9Uf4uOL505Spz7CF9qa84+9UpQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFjP/qjpZmoGoUaUgdj4TsZXlaToMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvV01fLXFPbG1hZ2FoUnBTQjJQaE94bGVWcE9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwALg
MA0GCSqGSIb3DQEBCwUAA4IBAQAGiDgxU60VSdMTapG9ZRQe5nXqw/bFUG2T10b/
45XNTxXXuIo2kIbneTXMvtj65mWcJUEmB9Y+CChVlaD3DB+HPMlfLImJ7arRWUyt
y3LPDy6895IzfVadShXafEywNWxORxSTPwYqg1WMcVvXd72Tls0reomTu9tcGbzo
OML4ATzoHwX9k8X9hklRq+AWkFiJGs8dQWhhPX8B7fQ4bTEY2OhlX7ute5BZTrRz
MOZOtTRdBYcbfKz+/GmotecVbOmh8oUXxDwmYEZisvQ3IUP4e4aYvp3C3WytjbVU
d9NVkyIfaU0s2QW0FXM8i/vHYRBSrFUdfSuwNvsTCG63eQa7
-----END CERTIFICATE-----