Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WifEsofgC0pF4MtVq9ABc87fhiM.roa
File:                     WifEsofgC0pF4MtVq9ABc87fhiM.roa (raw, json)
Hash identifier:          FhzHzXfIPkRkzdpFSXLpJJ7o8u/jnwELiPJrALSMFiQ=
Subject key identifier:   5A:27:C4:B2:87:E0:0B:4A:45:E0:CB:55:AB:D0:01:73:CE:DF:86:23
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425229566EBB7EFE7F6FA02BCC7666F74
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WifEsofgC0pF4MtVq9ABc87fhiM.roa
Signing time:             Thu 02 Jan 2025 03:50:10 +0000
ROA not before:           Thu 02 Jan 2025 03:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216093
IP address blocks:        2a0e:97c0:df0::/48 maxlen: 48
                          2a0e:97c0:df1::/48 maxlen: 48
                          2a0e:97c0:df2::/48 maxlen: 48
                          2a0e:97c0:df3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:95:66:eb:b7:ef:e7:f6:fa:02:bc:c7:66:6f:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a27c4b287e00b4a45e0cb55abd00173cedf8623
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:89:3b:54:78:b0:ea:8d:50:56:e7:6a:00:ee:
                    8d:ab:ae:3e:1c:f4:c6:31:56:af:45:06:3c:5f:1d:
                    35:f9:70:3c:22:c2:cf:6d:4a:26:1a:02:ee:95:14:
                    23:e1:18:56:1a:7d:78:a3:f6:99:c9:8b:18:01:ae:
                    6b:e3:a8:98:1e:ef:4f:87:f9:aa:0f:0d:eb:e7:ae:
                    9b:64:29:ac:03:2e:3a:2b:28:83:ed:09:3b:fd:1e:
                    15:1b:fe:31:b4:85:20:cd:61:a3:3c:41:8e:02:5a:
                    e9:f5:eb:a3:a6:eb:32:3a:d2:78:3d:b6:35:a6:e1:
                    4a:7d:6a:92:0d:65:3d:da:bc:7b:de:64:4e:63:75:
                    13:74:c7:9c:6e:02:7e:cd:ed:b1:95:c4:85:ba:da:
                    9f:a9:cc:a5:ec:18:71:dc:e6:40:a9:01:7b:d1:f8:
                    b4:65:98:b1:8e:4d:97:f7:a6:63:09:ec:09:eb:d3:
                    51:8f:04:e2:5d:1e:62:96:63:b5:bf:21:0d:ac:84:
                    8c:dd:5d:47:ad:a2:58:32:d3:a7:99:0d:93:56:12:
                    f2:f7:a7:11:3c:bd:22:de:6d:dc:6f:08:cf:84:aa:
                    2a:99:a8:33:8b:b5:fd:fc:98:77:c1:f2:57:66:bc:
                    62:e1:80:d0:15:ef:66:8d:2d:32:c7:ee:fe:d2:de:
                    d0:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:27:C4:B2:87:E0:0B:4A:45:E0:CB:55:AB:D0:01:73:CE:DF:86:23
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WifEsofgC0pF4MtVq9ABc87fhiM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:df0::/46

    Signature Algorithm: sha256WithRSAEncryption
         0a:87:f2:b5:23:88:0f:3a:ed:ce:5e:75:2d:07:0a:ed:a0:36:
         2f:0c:a9:40:ba:4d:35:ee:da:1f:78:91:d4:7f:82:44:77:dc:
         c3:dc:df:46:14:0b:7a:5a:73:27:74:38:88:8d:b5:ba:51:97:
         c9:f7:cb:df:21:db:2e:a2:45:81:dd:d9:fe:ee:62:b1:8a:c1:
         ca:91:81:d0:7b:c4:a4:55:43:50:15:90:b7:84:36:92:4c:16:
         fd:93:f2:33:57:51:1e:73:f7:b9:09:dc:b5:85:a0:99:af:a7:
         4c:23:d7:4c:45:8d:63:c4:0e:61:ae:48:02:97:24:1e:7c:01:
         71:40:9c:bb:01:ae:23:d0:06:4d:91:3c:b5:10:dd:fa:82:3f:
         c0:d7:d7:ce:bf:09:80:a0:9c:8f:e5:a7:16:84:f8:bf:c0:e3:
         0f:be:9b:56:f6:30:22:66:2f:fc:99:88:d3:0f:6b:b7:ef:89:
         bd:d1:03:9b:71:9a:b4:01:35:f7:0b:a7:d2:07:0a:e5:12:c2:
         11:23:c8:f1:86:f2:3a:81:51:8f:a4:ae:9b:d3:48:f6:a3:a0:
         0f:00:e1:15:55:e7:ea:98:e6:09:90:bc:f2:e9:09:18:eb:b2:
         82:eb:f2:c3:f0:03:20:c2:a9:a4:af:fa:bf:f4:d7:c4:fd:50:
         05:72:1e:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIpVm67fv5/b6ArzHZm90MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTI3YzRiMjg3ZTAwYjRhNDVlMGNiNTVhYmQwMDE3M2NlZGY4NjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAook7VHiw6o1QVudqAO6Nq64+HPTG
MVavRQY8Xx01+XA8IsLPbUomGgLulRQj4RhWGn14o/aZyYsYAa5r46iYHu9Ph/mq
Dw3r566bZCmsAy46KyiD7Qk7/R4VG/4xtIUgzWGjPEGOAlrp9eujpusyOtJ4PbY1
puFKfWqSDWU92rx73mROY3UTdMecbgJ+ze2xlcSFutqfqcyl7Bhx3OZAqQF70fi0
ZZixjk2X96ZjCewJ69NRjwTiXR5ilmO1vyENrISM3V1HraJYMtOnmQ2TVhLy96cR
PL0i3m3cbwjPhKoqmagzi7X9/Jh3wfJXZrxi4YDQFe9mjS0yx+7+0t7QUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFonxLKH4AtKReDLVavQAXPO34YjMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvV2lmRXNvZmdDMHBGNE10VnE5QUJjODdmaGlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKg6XwA3w
MA0GCSqGSIb3DQEBCwUAA4IBAQAKh/K1I4gPOu3OXnUtBwrtoDYvDKlAuk017tof
eJHUf4JEd9zD3N9GFAt6WnMndDiIjbW6UZfJ98vfIdsuokWB3dn+7mKxisHKkYHQ
e8SkVUNQFZC3hDaSTBb9k/IzV1Eec/e5Cdy1haCZr6dMI9dMRY1jxA5hrkgClyQe
fAFxQJy7Aa4j0AZNkTy1EN36gj/A19fOvwmAoJyP5acWhPi/wOMPvptW9jAiZi/8
mYjTD2u374m90QObcZq0ATX3C6fSBwrlEsIRI8jxhvI6gVGPpK6b00j2o6APAOEV
VefqmOYJkLzy6QkY67KC6/LD8AMgwqmkr/q/9NfE/VAFch4e
-----END CERTIFICATE-----