Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WPkk31oNxrg2ubcsuaxau6i1ejw.roa
File:                     WPkk31oNxrg2ubcsuaxau6i1ejw.roa (raw, json)
Hash identifier:          bcR5S6+u4rWpYkeHoZGOb8L/sY398NGItL3WpcLziic=
Subject key identifier:   58:F9:24:DF:5A:0D:C6:B8:36:B9:B7:2C:B9:AC:5A:BB:A8:B5:7A:3C
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425226D72506F728AD311F6C2BAC465ED
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WPkk31oNxrg2ubcsuaxau6i1ejw.roa
Signing time:             Thu 02 Jan 2025 03:50:00 +0000
ROA not before:           Thu 02 Jan 2025 03:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213105
IP address blocks:        2a10:2f00:138::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:6d:72:50:6f:72:8a:d3:11:f6:c2:ba:c4:65:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58f924df5a0dc6b836b9b72cb9ac5abba8b57a3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:47:91:48:20:56:7e:dd:ac:69:be:47:be:a7:
                    dd:02:93:51:91:ef:03:fd:ec:ed:fc:8b:f2:d8:9a:
                    3e:47:51:43:dc:7f:0d:98:d1:8d:3e:33:89:03:24:
                    38:8c:1c:40:89:58:4f:b9:83:3c:45:18:87:7a:8f:
                    94:3d:eb:88:3b:47:8d:c5:6d:68:fe:17:5a:fc:08:
                    18:a8:14:cf:ec:47:62:84:41:bc:2d:67:0e:df:03:
                    53:a7:a4:61:8a:76:54:ce:fc:1b:44:93:cc:a9:5b:
                    1a:b3:b9:3e:c3:b3:0c:ad:89:5a:d6:3b:4d:d9:db:
                    4c:24:cf:3e:8b:3d:0e:71:f4:db:61:e1:d4:d5:16:
                    53:47:46:e6:08:89:c7:8e:3e:2a:38:6e:33:30:a9:
                    94:f3:25:ae:3a:6f:fb:74:1a:45:90:86:ba:61:9e:
                    23:d6:3d:34:a2:be:1e:d0:6d:e6:62:cd:73:3d:30:
                    e8:94:8a:3a:87:0a:42:37:62:03:af:e8:51:04:9e:
                    bb:06:2a:ae:94:14:78:1e:b8:33:99:a2:60:55:6b:
                    9a:b1:f0:ac:26:e0:fe:e0:8d:1b:e3:81:62:c2:8f:
                    98:33:7b:a3:8c:61:a1:94:00:90:7c:1e:72:8b:fa:
                    ad:d3:a6:2b:7a:da:dd:f8:aa:43:a3:98:42:8b:09:
                    c3:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:F9:24:DF:5A:0D:C6:B8:36:B9:B7:2C:B9:AC:5A:BB:A8:B5:7A:3C
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WPkk31oNxrg2ubcsuaxau6i1ejw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:138::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:f0:45:f6:13:5c:3a:21:b0:c2:4c:9a:9c:af:a1:a3:9e:c1:
         22:ec:f0:d6:cc:15:14:1f:5b:12:02:83:a0:0b:1f:61:a4:c6:
         a5:e0:5e:c5:2b:b3:40:6a:c6:66:90:9b:06:12:c5:80:6d:61:
         86:aa:a8:b4:ee:84:8e:dc:a3:25:da:05:41:b2:05:b3:d4:47:
         7f:c2:c7:ad:49:be:a0:f8:6c:d1:2c:cc:db:62:66:32:ad:9c:
         e9:1c:de:42:3b:9e:32:6c:a8:1c:55:57:b2:d0:b8:c9:91:1b:
         47:37:93:2a:13:f3:c1:51:b7:72:2c:63:ac:bf:2a:d4:66:65:
         30:2f:e9:94:55:5a:57:6b:a0:8a:78:14:86:d2:af:54:83:89:
         8b:d2:47:94:25:4c:33:ff:8b:9a:de:1f:e4:a0:a2:74:e1:0c:
         98:09:bb:a5:95:7d:de:f1:d4:06:cd:ea:03:ba:21:e4:28:ca:
         27:e3:a6:0d:e3:d2:c6:c9:a2:7b:af:dc:c2:48:65:f1:68:6f:
         5a:68:f8:fd:4b:a8:c3:8b:26:f7:44:d3:74:03:52:36:64:01:
         46:c5:2f:20:ad:0e:61:af:b6:ba:4d:23:5b:d4:90:3b:1e:ff:
         2c:c9:59:9c:cb:3e:88:e8:ce:ed:b9:3b:c1:8a:e5:3f:5b:b7:
         cd:ec:07:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIm1yUG9yitMR9sK6xGXtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGY5MjRkZjVhMGRjNmI4MzZiOWI3MmNiOWFjNWFiYmE4YjU3YTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuEeRSCBWft2sab5HvqfdApNRke8D
/ezt/Ivy2Jo+R1FD3H8NmNGNPjOJAyQ4jBxAiVhPuYM8RRiHeo+UPeuIO0eNxW1o
/hda/AgYqBTP7EdihEG8LWcO3wNTp6RhinZUzvwbRJPMqVsas7k+w7MMrYla1jtN
2dtMJM8+iz0OcfTbYeHU1RZTR0bmCInHjj4qOG4zMKmU8yWuOm/7dBpFkIa6YZ4j
1j00or4e0G3mYs1zPTDolIo6hwpCN2IDr+hRBJ67BiqulBR4HrgzmaJgVWuasfCs
JuD+4I0b44Fiwo+YM3ujjGGhlACQfB5yi/qt06Yretrd+KpDo5hCiwnDNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFj5JN9aDca4Nrm3LLmsWruotXo8MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvV1BrazMxb054cmcydWJjc3VheGF1NmkxZWp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAE4
MA0GCSqGSIb3DQEBCwUAA4IBAQCv8EX2E1w6IbDCTJqcr6GjnsEi7PDWzBUUH1sS
AoOgCx9hpMal4F7FK7NAasZmkJsGEsWAbWGGqqi07oSO3KMl2gVBsgWz1Ed/wset
Sb6g+GzRLMzbYmYyrZzpHN5CO54ybKgcVVey0LjJkRtHN5MqE/PBUbdyLGOsvyrU
ZmUwL+mUVVpXa6CKeBSG0q9Ug4mL0keUJUwz/4ua3h/koKJ04QyYCbullX3e8dQG
zeoDuiHkKMon46YN49LGyaJ7r9zCSGXxaG9aaPj9S6jDiyb3RNN0A1I2ZAFGxS8g
rQ5hr7a6TSNb1JA7Hv8syVmcyz6I6M7tuTvBiuU/W7fN7Ad/
-----END CERTIFICATE-----