Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/WPTgVrVAs2-BHRFdTgOK5NQXigU.roa
File:                     WPTgVrVAs2-BHRFdTgOK5NQXigU.roa (raw, json)
Hash identifier:          dXLI/cdw3XolMk3ZTnlPA8qnVnPhH6Rx/oe9BtQ3IKg=
Subject key identifier:   58:F4:E0:56:B5:40:B3:6F:81:1D:11:5D:4E:03:8A:E4:D4:17:8A:05
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       0193529EF86FD95A68A50F2D1533BF863049
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/WPTgVrVAs2-BHRFdTgOK5NQXigU.roa
Signing time:             Fri 22 Nov 2024 06:46:10 +0000
ROA not before:           Fri 22 Nov 2024 06:46:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207083
IP address blocks:        2a0a:c3c5:9000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:52:9e:f8:6f:d9:5a:68:a5:0f:2d:15:33:bf:86:30:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Nov 22 06:46:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=58f4e056b540b36f811d115d4e038ae4d4178a05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:9c:f3:fe:03:f7:03:21:41:30:91:63:e7:99:
                    56:21:a4:d7:9c:b3:e9:e0:7f:f5:be:bb:12:db:3c:
                    a8:63:37:c8:f8:dc:24:7b:87:b2:14:69:52:35:b9:
                    ec:85:07:20:30:89:84:24:28:ca:4d:b9:e5:6b:f3:
                    c7:35:19:05:46:98:f7:23:d1:85:e5:5b:53:58:44:
                    29:b5:c1:ee:f3:56:f3:00:2f:9a:d1:13:70:1b:35:
                    fa:1e:32:55:75:c2:31:6d:e7:ad:0e:06:ce:4f:22:
                    dc:df:6b:ed:d5:12:61:dc:00:6f:a6:e6:b4:7b:7d:
                    6f:20:d6:38:41:f7:22:28:cb:c2:a5:d2:bd:b2:34:
                    86:2b:60:e1:1d:93:5c:da:98:fe:82:0e:bd:16:26:
                    03:f3:d6:01:41:9d:59:7d:74:f3:0a:b4:c3:6c:f2:
                    82:25:d9:3f:78:5c:ae:87:26:4c:3b:86:ad:1c:74:
                    71:bd:29:3c:c1:d0:87:48:ff:84:2f:29:48:6f:a7:
                    63:2f:64:a9:a6:99:7b:c7:52:59:21:c8:3e:53:f4:
                    69:f2:ee:12:6a:30:15:72:c9:9b:ef:96:dd:6c:e3:
                    ef:94:a1:6b:fa:f7:75:80:c1:fb:b5:0b:31:92:18:
                    92:37:04:34:18:e1:53:4f:aa:2b:f4:35:68:23:94:
                    90:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:F4:E0:56:B5:40:B3:6F:81:1D:11:5D:4E:03:8A:E4:D4:17:8A:05
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/WPTgVrVAs2-BHRFdTgOK5NQXigU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:c3c5:9000::/36

    Signature Algorithm: sha256WithRSAEncryption
         46:95:43:95:03:1b:4a:2c:83:ff:53:ac:4d:68:e1:a6:fa:18:
         61:48:e5:c3:7c:3e:29:fb:57:66:87:3f:4b:25:71:53:01:a6:
         d4:d5:51:06:ee:c8:4d:18:6d:52:a4:24:b4:85:c3:d0:8e:a4:
         b5:64:39:00:b0:5f:c0:bd:d6:0f:45:dd:0a:cd:79:43:b0:b3:
         2b:db:6e:11:10:b5:5a:0a:45:b6:b7:5a:f6:00:11:a9:9a:15:
         a9:c5:ac:1d:84:a7:cc:ac:81:27:8e:20:b1:58:de:06:88:4c:
         ea:f4:b1:eb:46:03:2b:9f:b4:f6:2e:2e:f5:13:bc:f0:a3:e8:
         5f:67:9c:87:36:57:f7:5b:44:3a:58:5d:05:3e:49:b0:71:e3:
         58:4a:73:b4:f1:d8:8e:80:26:1e:19:da:7f:b8:80:b1:92:60:
         c6:2a:28:13:85:12:b5:b6:43:9e:90:39:4f:04:78:2f:5e:3d:
         92:4e:dd:9d:ba:11:24:63:0a:b3:cd:2e:ef:fa:6c:7e:f8:a6:
         f6:32:3f:1e:4f:82:66:cc:89:3c:3b:72:6e:74:9b:f9:6f:9b:
         66:cf:8b:70:51:05:25:d2:e8:21:f4:6e:e3:39:3c:ab:38:56:
         01:96:bd:3b:b0:f0:9e:82:6a:35:c8:25:09:00:6b:27:ac:d2:
         c3:ef:c4:c3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZNSnvhv2VpopQ8tFTO/hjBJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjQxMTIyMDY0NjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGY0ZTA1NmI1NDBiMzZmODExZDExNWQ0ZTAzOGFlNGQ0MTc4YTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5zz/gP3AyFBMJFj55lWIaTXnLPp
4H/1vrsS2zyoYzfI+Nwke4eyFGlSNbnshQcgMImEJCjKTbnla/PHNRkFRpj3I9GF
5VtTWEQptcHu81bzAC+a0RNwGzX6HjJVdcIxbeetDgbOTyLc32vt1RJh3ABvpua0
e31vINY4QfciKMvCpdK9sjSGK2DhHZNc2pj+gg69FiYD89YBQZ1ZfXTzCrTDbPKC
Jdk/eFyuhyZMO4atHHRxvSk8wdCHSP+ELylIb6djL2Spppl7x1JZIcg+U/Rp8u4S
ajAVcsmb75bdbOPvlKFr+vd1gMH7tQsxkhiSNwQ0GOFTT6or9DVoI5SQNwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFj04Fa1QLNvgR0RXU4DiuTUF4oFMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvV1BUZ1ZyVkFzMi1CSFJGZFRnT0s1TlFYaWdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgrDxZAw
DQYJKoZIhvcNAQELBQADggEBAEaVQ5UDG0osg/9TrE1o4ab6GGFI5cN8Pin7V2aH
P0slcVMBptTVUQbuyE0YbVKkJLSFw9COpLVkOQCwX8C91g9F3QrNeUOwsyvbbhEQ
tVoKRba3WvYAEamaFanFrB2Ep8ysgSeOILFY3gaITOr0setGAyuftPYuLvUTvPCj
6F9nnIc2V/dbRDpYXQU+SbBx41hKc7Tx2I6AJh4Z2n+4gLGSYMYqKBOFErW2Q56Q
OU8EeC9ePZJO3Z26ESRjCrPNLu/6bH74pvYyPx5PgmbMiTw7cm50m/lvm2bPi3BR
BSXS6CH0buM5PKs4VgGWvTuw8J6CajXIJQkAayes0sPvxMM=
-----END CERTIFICATE-----