Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WR2BGIRuzBFePfC9ACwL-hobPT4.roa
File:                     WR2BGIRuzBFePfC9ACwL-hobPT4.roa (raw, json)
Hash identifier:          anEpGLvnVgFRziTb8nmrGcM/TJdvpTQKlbw5e+DMxqQ=
Subject key identifier:   59:1D:81:18:84:6E:CC:11:5E:3D:F0:BD:00:2C:0B:FA:1A:1B:3D:3E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD49D9CA21FA715F722B1C8775B458
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WR2BGIRuzBFePfC9ACwL-hobPT4.roa
Signing time:             Tue 02 Jan 2024 10:34:34 +0000
ROA not before:           Tue 02 Jan 2024 10:34:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212904
IP address blocks:        2a10:2f00:141::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:49:d9:ca:21:fa:71:5f:72:2b:1c:87:75:b4:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=591d8118846ecc115e3df0bd002c0bfa1a1b3d3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:57:5a:de:7a:5c:ab:4c:8b:21:5a:39:ef:d7:
                    bf:dd:66:3a:26:6f:13:24:f4:33:c9:63:c8:e0:83:
                    07:65:0a:63:ab:5d:e1:fd:3e:f4:81:fb:c3:33:fd:
                    22:6b:b2:e3:bc:79:1b:28:a4:83:39:cb:f9:53:77:
                    19:cf:f2:d6:ea:cd:5b:9f:fd:1c:5e:b1:c0:a5:2c:
                    fe:b4:ef:47:87:38:73:aa:99:74:88:76:4c:9e:b9:
                    1e:40:fb:cd:3a:37:aa:1e:cb:5b:3d:98:51:6c:01:
                    a8:1e:51:7a:5c:ac:36:71:5c:db:a8:49:43:ce:99:
                    0a:84:77:21:9d:04:ec:7e:dd:73:52:c1:cc:ba:63:
                    7c:22:0e:30:a4:35:82:e8:95:89:7a:54:d7:65:91:
                    da:b3:72:ec:1a:83:b6:1f:e6:17:3e:50:32:68:23:
                    13:cd:46:f2:9a:9b:4e:01:bf:b7:04:6a:65:3f:10:
                    79:79:67:a6:4c:46:41:9b:8b:9c:56:a7:be:08:aa:
                    a7:17:4b:16:3e:af:b9:ea:23:66:43:ce:3a:85:70:
                    e2:6f:fb:1c:6b:72:1f:df:46:eb:49:6d:2b:02:40:
                    97:e5:a2:a0:eb:68:2d:aa:20:93:4f:d8:89:86:a9:
                    78:78:2f:b6:33:7b:ca:90:29:a9:74:1a:29:ea:66:
                    a6:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:1D:81:18:84:6E:CC:11:5E:3D:F0:BD:00:2C:0B:FA:1A:1B:3D:3E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WR2BGIRuzBFePfC9ACwL-hobPT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:141::/48

    Signature Algorithm: sha256WithRSAEncryption
         b6:ec:31:25:a9:38:23:28:47:b5:ce:40:30:ef:4c:d5:78:24:
         f1:0b:de:f4:83:34:f0:ff:a5:d3:f8:6d:e3:a4:85:bc:33:e4:
         3b:bf:87:44:1a:cd:a4:34:16:31:78:1c:0c:69:f7:8a:58:6d:
         24:5d:24:17:23:e7:7d:88:b9:1e:da:d9:d0:d4:55:0e:6c:34:
         fb:56:eb:25:ef:27:33:10:60:e7:d6:5e:74:6f:d5:e0:a0:a6:
         57:86:d7:a1:6e:a4:05:72:0b:2a:1b:9e:db:7e:af:50:db:1f:
         4d:44:86:f0:0b:3b:51:29:4a:02:c2:4a:57:bc:da:7b:3a:b0:
         c8:19:02:7a:b3:a9:b8:dd:b3:62:41:52:5c:87:60:bb:bc:bb:
         04:fc:7e:15:61:bd:d8:53:db:c3:f6:de:55:2d:90:51:5a:43:
         d9:90:ec:38:6d:17:3c:87:67:8e:9f:4e:05:2d:00:b7:0e:13:
         54:3b:e6:d7:38:a4:1c:df:78:35:dc:8b:0f:c3:62:f1:9d:7a:
         51:04:d6:16:b6:b1:89:cc:48:11:b6:05:44:76:b1:c7:d0:a6:
         d9:88:f6:ed:23:d3:cc:e7:51:07:62:65:67:a2:80:7d:7d:45:
         56:ce:de:47:b9:ce:81:7d:4d:6d:f5:1b:9e:a5:6c:e4:43:16:
         3b:08:5c:17
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvUnZyiH6cV9yKxyHdbRYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTFkODExODg0NmVjYzExNWUzZGYwYmQwMDJjMGJmYTFhMWIzZDNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01da3npcq0yLIVo579e/3WY6Jm8T
JPQzyWPI4IMHZQpjq13h/T70gfvDM/0ia7LjvHkbKKSDOcv5U3cZz/LW6s1bn/0c
XrHApSz+tO9Hhzhzqpl0iHZMnrkeQPvNOjeqHstbPZhRbAGoHlF6XKw2cVzbqElD
zpkKhHchnQTsft1zUsHMumN8Ig4wpDWC6JWJelTXZZHas3LsGoO2H+YXPlAyaCMT
zUbymptOAb+3BGplPxB5eWemTEZBm4ucVqe+CKqnF0sWPq+56iNmQ846hXDib/sc
a3If30brSW0rAkCX5aKg62gtqiCTT9iJhql4eC+2M3vKkCmpdBop6mamtQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFkdgRiEbswRXj3wvQAsC/oaGz0+MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvV1IyQkdJUnV6QkZlUGZDOUFDd0wtaG9iUFQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAFB
MA0GCSqGSIb3DQEBCwUAA4IBAQC27DElqTgjKEe1zkAw70zVeCTxC970gzTw/6XT
+G3jpIW8M+Q7v4dEGs2kNBYxeBwMafeKWG0kXSQXI+d9iLke2tnQ1FUObDT7Vusl
7yczEGDn1l50b9XgoKZXhtehbqQFcgsqG57bfq9Q2x9NRIbwCztRKUoCwkpXvNp7
OrDIGQJ6s6m43bNiQVJch2C7vLsE/H4VYb3YU9vD9t5VLZBRWkPZkOw4bRc8h2eO
n04FLQC3DhNUO+bXOKQc33g13IsPw2LxnXpRBNYWtrGJzEgRtgVEdrHH0KbZiPbt
I9PM51EHYmVnooB9fUVWzt5Huc6BfU1t9RuepWzkQxY7CFwX
-----END CERTIFICATE-----