Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lwNeB7wvU6h4TzRsYFFwnfGZOWY.roa
File:                     lwNeB7wvU6h4TzRsYFFwnfGZOWY.roa (raw, json)
Hash identifier:          ZGDpXnCvxk1j+AtZwWisbZLBi7H8Va/OQqq8TNug7c4=
Subject key identifier:   97:03:5E:07:BC:2F:53:A8:78:4F:34:6C:60:51:70:9D:F1:99:39:66
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522693E151B98C798CDA92AC2DA8B6F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lwNeB7wvU6h4TzRsYFFwnfGZOWY.roa
Signing time:             Thu 02 Jan 2025 03:49:59 +0000
ROA not before:           Thu 02 Jan 2025 03:49:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212904
IP address blocks:        2a10:2f00:141::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:69:3e:15:1b:98:c7:98:cd:a9:2a:c2:da:8b:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97035e07bc2f53a8784f346c6051709df1993966
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d5:07:be:59:1d:e1:37:75:b3:be:48:ff:41:
                    21:39:98:6e:60:07:39:80:34:69:f2:c3:e5:18:7e:
                    de:19:ef:f7:5a:86:82:44:dd:c3:bc:54:5e:11:1b:
                    e7:cc:46:ad:17:9a:41:40:f2:58:fa:95:92:2d:f5:
                    1b:87:87:ce:82:38:cb:86:56:86:00:8f:e8:97:f5:
                    08:f7:88:54:b8:b6:c6:86:73:d1:8c:64:00:f9:81:
                    2f:67:b0:e7:e3:25:d2:d3:bd:35:58:30:82:dd:00:
                    fa:35:7a:25:45:ab:40:4e:4c:5a:90:f5:1c:58:c1:
                    af:82:1e:a0:ff:08:22:2d:00:45:4a:ae:4a:65:d8:
                    1e:50:02:e7:5c:44:c5:4b:bc:25:87:39:d3:20:ee:
                    ae:00:82:51:c2:f7:29:dd:e8:49:2a:aa:bc:ac:b8:
                    ec:a9:f7:30:cc:8d:ac:af:f4:80:13:7e:17:86:7b:
                    d4:c6:16:72:5b:c1:f3:21:6b:e1:f9:2d:0d:1e:15:
                    04:ce:a8:37:15:74:9d:84:61:b3:fa:dc:5c:64:1b:
                    7d:e3:32:bb:2b:f3:35:dc:e1:5a:9f:c3:dc:79:a5:
                    e2:b1:e8:ad:fb:49:b3:7a:aa:71:42:54:f6:7b:3b:
                    85:cf:2c:52:5d:ca:75:a5:c0:d4:a1:da:eb:12:bd:
                    3c:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:03:5E:07:BC:2F:53:A8:78:4F:34:6C:60:51:70:9D:F1:99:39:66
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lwNeB7wvU6h4TzRsYFFwnfGZOWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:141::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:47:6b:77:a3:16:ec:ea:fb:2b:4f:3d:ec:95:46:cb:79:4c:
         4a:da:b6:ff:3f:47:a5:bd:fb:76:21:d4:9c:0a:d6:46:15:31:
         bc:07:c8:22:ed:52:d0:02:32:5a:02:8a:6a:48:69:c8:77:59:
         02:be:af:3d:c1:6a:9a:ed:56:26:bb:7f:46:23:c2:28:5a:5b:
         65:b9:c9:9d:40:bd:8c:14:90:5a:38:fa:8a:cb:8e:34:7f:92:
         81:cb:55:61:75:af:1b:46:93:1b:b8:a0:33:de:c8:40:c9:7d:
         f7:b0:b9:9f:c4:6e:9f:d5:73:f3:b3:88:d9:52:49:07:e2:39:
         1b:ff:b1:f1:5e:96:e7:9f:ee:93:b4:27:81:c1:34:63:4c:9a:
         f1:9e:7e:fb:e3:fc:75:a3:fe:e0:6a:88:82:98:aa:da:c0:65:
         db:04:71:ca:3f:41:7b:18:2d:42:ab:8c:58:25:82:4d:18:ce:
         bc:a2:35:80:e8:54:f1:3b:95:9f:1a:30:04:73:5c:a6:ef:ee:
         f7:d7:e7:c3:70:8f:c9:1a:67:cd:ec:1a:52:19:58:30:38:e3:
         be:8e:c9:ea:54:bf:60:80:53:5d:23:a8:92:94:09:4c:68:b1:
         96:04:bd:24:62:e6:ef:9d:af:0d:aa:87:90:b0:fa:ab:ed:68:
         35:1d:84:0f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlImk+FRuYx5jNqSrC2otvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzAzNWUwN2JjMmY1M2E4Nzg0ZjM0NmM2MDUxNzA5ZGYxOTkzOTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9UHvlkd4Td1s75I/0EhOZhuYAc5
gDRp8sPlGH7eGe/3WoaCRN3DvFReERvnzEatF5pBQPJY+pWSLfUbh4fOgjjLhlaG
AI/ol/UI94hUuLbGhnPRjGQA+YEvZ7Dn4yXS0701WDCC3QD6NXolRatATkxakPUc
WMGvgh6g/wgiLQBFSq5KZdgeUALnXETFS7wlhznTIO6uAIJRwvcp3ehJKqq8rLjs
qfcwzI2sr/SAE34XhnvUxhZyW8HzIWvh+S0NHhUEzqg3FXSdhGGz+txcZBt94zK7
K/M13OFan8PceaXiseit+0mzeqpxQlT2ezuFzyxSXcp1pcDUodrrEr08OQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJcDXge8L1OoeE80bGBRcJ3xmTlmMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbHdOZUI3d3ZVNmg0VHpSc1lGRnduZkdaT1dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAFB
MA0GCSqGSIb3DQEBCwUAA4IBAQAPR2t3oxbs6vsrTz3slUbLeUxK2rb/P0elvft2
IdScCtZGFTG8B8gi7VLQAjJaAopqSGnId1kCvq89wWqa7VYmu39GI8IoWltlucmd
QL2MFJBaOPqKy440f5KBy1Vhda8bRpMbuKAz3shAyX33sLmfxG6f1XPzs4jZUkkH
4jkb/7HxXpbnn+6TtCeBwTRjTJrxnn774/x1o/7gaoiCmKrawGXbBHHKP0F7GC1C
q4xYJYJNGM68ojWA6FTxO5WfGjAEc1ym7+731+fDcI/JGmfN7BpSGVgwOOO+jsnq
VL9ggFNdI6iSlAlMaLGWBL0kYubvna8NqoeQsPqr7Wg1HYQP
-----END CERTIFICATE-----