Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/wGLxZnVZcIniu9enbzsZwZXADU4.roa
File:                     wGLxZnVZcIniu9enbzsZwZXADU4.roa (raw, json)
Hash identifier:          NFS+ENuKuRPgr0vLncyH2cXtHV5Morb1KfXuTWwRJ8Y=
Subject key identifier:   C0:62:F1:66:75:59:70:89:E2:BB:D7:A7:6F:3B:19:C1:95:C0:0D:4E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01947BD3D1F412132FA3A81B8F6CC554D6AD
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/wGLxZnVZcIniu9enbzsZwZXADU4.roa
Signing time:             Sat 18 Jan 2025 23:51:06 +0000
ROA not before:           Sat 18 Jan 2025 23:51:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     134666
IP address blocks:        2a0e:b107:30f::/48 maxlen: 48
                          2a10:2f01:3df::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 11:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:7b:d3:d1:f4:12:13:2f:a3:a8:1b:8f:6c:c5:54:d6:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan 18 23:51:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c062f16675597089e2bbd7a76f3b19c195c00d4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:b5:19:86:44:19:44:65:01:b6:a0:d9:4e:97:
                    b4:ee:c3:a7:b9:4f:8f:ac:43:20:b8:aa:f1:52:f4:
                    e5:ea:e2:58:45:b1:bf:eb:60:70:d6:c9:cc:1c:97:
                    63:b8:b7:36:96:8f:86:2f:fe:b3:a2:59:4f:e3:f1:
                    86:6f:8d:84:af:38:58:14:7a:f8:f4:18:89:d3:e5:
                    62:4a:f1:3c:da:81:14:ab:8b:a8:71:60:50:94:24:
                    35:74:82:60:d3:af:ef:d7:2f:fe:35:a4:c6:7d:d6:
                    6c:c2:7e:2f:59:28:2f:46:64:bd:4d:59:07:05:30:
                    be:85:83:2f:85:8f:b6:ba:7d:e1:33:61:91:da:c3:
                    13:42:21:2f:f8:c0:37:36:65:be:f3:44:13:da:f7:
                    7d:dd:8f:1a:2e:02:af:a8:14:9b:45:26:b0:d9:b5:
                    65:63:11:d5:2d:2f:c4:00:95:bc:36:f8:3c:d4:39:
                    c5:5f:f2:47:60:03:ca:0f:a0:0d:df:d7:bb:fb:66:
                    12:e5:df:5a:a1:9f:35:6f:5f:07:36:e3:07:33:d0:
                    af:f2:1b:69:89:31:7c:0e:47:ac:91:f8:81:c9:cc:
                    d8:66:de:d2:20:24:1c:2d:f9:8c:5d:9f:d0:74:28:
                    07:eb:71:8b:a7:fc:2c:f4:2f:99:37:c8:7b:2c:96:
                    a9:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:62:F1:66:75:59:70:89:E2:BB:D7:A7:6F:3B:19:C1:95:C0:0D:4E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/wGLxZnVZcIniu9enbzsZwZXADU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:30f::/48
                  2a10:2f01:3df::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:62:ef:ef:a2:cf:8e:f6:83:74:46:49:af:f0:a5:37:22:b2:
         c0:7e:4d:f0:89:bc:78:0c:67:61:5c:50:c1:55:b0:5e:cd:1e:
         9a:7e:0a:05:0b:d2:34:f2:fe:7d:d2:c9:df:db:5d:77:4e:54:
         ba:c5:4a:f3:02:6f:28:b7:fb:d5:1c:d2:d7:2c:da:50:35:a4:
         a7:15:a1:f3:08:38:d4:84:b6:8f:5f:36:92:97:7b:b6:62:fd:
         88:0a:99:30:7a:c3:62:de:0d:9e:79:18:7f:e1:9e:01:2e:23:
         83:de:f5:d1:be:21:2e:d5:a2:a2:26:a5:c3:e5:97:7c:d4:22:
         6f:b3:a1:67:99:68:5f:16:e4:9f:2e:21:b1:01:da:9f:47:17:
         53:48:96:c2:ba:73:2e:88:4b:c1:25:ad:31:5e:5b:e4:e1:ce:
         52:5a:5a:7d:a8:8e:5f:9b:8c:dd:95:59:a6:1a:4d:24:21:7f:
         d3:3b:d5:89:6e:b2:42:f5:81:a9:38:50:77:e4:b8:3b:27:ba:
         cc:1e:09:88:94:37:cd:69:10:39:01:d7:67:a1:f1:dc:2f:49:
         93:bc:cc:8c:ba:6a:1c:51:36:27:d7:81:e9:81:43:42:d2:07:
         48:bc:7a:63:7c:70:c6:aa:3c:a2:28:02:50:99:6c:0c:36:d3:
         f1:7c:ce:52
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZR709H0EhMvo6gbj2zFVNatMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTE4MjM1MTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDYyZjE2Njc1NTk3MDg5ZTJiYmQ3YTc2ZjNiMTljMTk1YzAwZDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7UZhkQZRGUBtqDZTpe07sOnuU+P
rEMguKrxUvTl6uJYRbG/62Bw1snMHJdjuLc2lo+GL/6zollP4/GGb42ErzhYFHr4
9BiJ0+ViSvE82oEUq4uocWBQlCQ1dIJg06/v1y/+NaTGfdZswn4vWSgvRmS9TVkH
BTC+hYMvhY+2un3hM2GR2sMTQiEv+MA3NmW+80QT2vd93Y8aLgKvqBSbRSaw2bVl
YxHVLS/EAJW8Nvg81DnFX/JHYAPKD6AN39e7+2YS5d9aoZ81b18HNuMHM9Cv8htp
iTF8DkeskfiByczYZt7SICQcLfmMXZ/QdCgH63GLp/ws9C+ZN8h7LJapbQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMBi8WZ1WXCJ4rvXp287GcGVwA1OMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvd0dMeFpuVlpjSW5pdTllbmJ6c1p3WlhBRFU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6xBwMP
AwcAKhAvAQPfMA0GCSqGSIb3DQEBCwUAA4IBAQA+Yu/vos+O9oN0Rkmv8KU3IrLA
fk3wibx4DGdhXFDBVbBezR6afgoFC9I08v590snf2113TlS6xUrzAm8ot/vVHNLX
LNpQNaSnFaHzCDjUhLaPXzaSl3u2Yv2ICpkwesNi3g2eeRh/4Z4BLiOD3vXRviEu
1aKiJqXD5Zd81CJvs6FnmWhfFuSfLiGxAdqfRxdTSJbCunMuiEvBJa0xXlvk4c5S
Wlp9qI5fm4zdlVmmGk0kIX/TO9WJbrJC9YGpOFB35Lg7J7rMHgmIlDfNaRA5Addn
ofHcL0mTvMyMumocUTYn14HpgUNC0gdIvHpjfHDGqjyiKAJQmWwMNtPxfM5S
-----END CERTIFICATE-----