Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/B1uNIxYOGj7RAlgl5F89TJ1bwBE.roa
File:                     B1uNIxYOGj7RAlgl5F89TJ1bwBE.roa (raw, json)
Hash identifier:          5U+grJQ0ROukDF285CLSjs9GaXxdzSAeATS072aYB2Y=
Subject key identifier:   07:5B:8D:23:16:0E:1A:3E:D1:02:58:25:E4:5F:3D:4C:9D:5B:C0:11
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01983D8644723D1EE284FAAD2F51DA13F076
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/B1uNIxYOGj7RAlgl5F89TJ1bwBE.roa
Signing time:             Thu 24 Jul 2025 17:41:06 +0000
ROA not before:           Thu 24 Jul 2025 17:41:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209859
IP address blocks:        2a0e:b102:140::/43 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 11:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3d:86:44:72:3d:1e:e2:84:fa:ad:2f:51:da:13:f0:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jul 24 17:41:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=075b8d23160e1a3ed1025825e45f3d4c9d5bc011
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:13:af:db:d5:fb:35:02:39:c4:af:de:57:db:
                    ac:91:b8:7e:85:5c:2f:b4:0f:2a:d3:7f:4f:3c:04:
                    1e:8d:ea:22:e9:50:29:f8:ce:f3:96:fb:c0:c0:ef:
                    ac:71:b7:ec:f2:4a:9e:71:b2:ad:24:5a:33:b1:a6:
                    fb:46:b8:77:78:7f:a0:a9:37:7f:84:22:9e:b1:e9:
                    1a:a5:17:f2:19:9b:20:80:0e:f7:ef:95:43:80:39:
                    16:ab:0b:2f:28:38:c5:65:15:2d:68:c4:7a:6b:e6:
                    38:ff:47:6d:be:73:48:46:13:e1:09:9f:42:48:6f:
                    e3:56:72:51:d1:2b:81:e2:44:70:8c:3a:18:a5:18:
                    56:1a:16:a3:4a:59:04:43:48:a2:2a:4a:0b:3f:aa:
                    a1:2f:c4:8a:e7:37:0a:23:ae:0e:cd:b9:1f:d4:21:
                    e3:03:15:d0:6a:69:b6:a0:ec:cd:df:6d:c5:a3:e4:
                    80:ac:00:f4:b6:a4:6f:9a:1d:8a:ca:e5:c1:88:99:
                    02:33:64:5a:66:ae:35:db:48:f9:25:06:29:61:dd:
                    78:a1:5d:e8:15:1c:1e:a3:52:fb:b3:c0:38:47:f9:
                    c6:55:8c:65:14:eb:98:4d:88:d8:9f:e8:34:bc:4f:
                    aa:d3:df:50:fe:fe:b4:53:d8:9f:a9:d9:85:32:c8:
                    fd:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:5B:8D:23:16:0E:1A:3E:D1:02:58:25:E4:5F:3D:4C:9D:5B:C0:11
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/B1uNIxYOGj7RAlgl5F89TJ1bwBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b102:140::/43

    Signature Algorithm: sha256WithRSAEncryption
         75:33:7f:44:2d:9c:bb:bf:2c:dc:b9:1c:5c:50:91:61:05:e0:
         bc:f7:10:eb:f7:e7:9d:a1:d5:f2:a3:1f:30:ed:16:d1:16:27:
         15:fd:df:45:af:f4:5d:85:e0:ff:44:8a:49:e3:d2:5d:6d:bb:
         d7:48:48:35:ee:8b:b4:62:72:db:2b:4b:fe:53:e0:73:02:35:
         dc:31:01:b4:26:7d:30:fa:8b:7c:b9:4b:0f:43:ee:b9:09:29:
         28:b8:a8:a9:0a:10:8e:b7:a2:a4:75:c3:88:e6:f1:61:e0:77:
         7c:00:71:81:89:df:ba:8d:b7:58:1e:16:d5:94:c2:33:16:97:
         a2:2b:b6:5e:04:d1:31:40:89:17:33:70:0f:97:c9:73:e9:49:
         94:be:b0:d9:a2:c8:54:1e:94:74:4d:6e:33:46:50:17:5f:83:
         ce:2f:7f:0d:b5:81:1e:68:64:e6:d5:56:dd:d9:26:ed:d8:cf:
         be:59:f6:a2:6d:94:38:87:3b:da:23:d6:7a:a3:45:80:76:43:
         71:bf:55:32:bd:a4:68:5c:74:a2:36:46:24:7a:4e:0f:4a:9f:
         2b:f2:eb:fd:cb:50:2c:26:d2:7b:b8:b2:47:a0:89:b7:39:4f:
         80:85:11:fb:e2:88:c5:25:ee:09:7f:75:cd:67:ac:71:a4:1e:
         1b:c5:f1:a9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZg9hkRyPR7ihPqtL1HaE/B2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNzI0MTc0MTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzViOGQyMzE2MGUxYTNlZDEwMjU4MjVlNDVmM2Q0YzlkNWJjMDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxOv29X7NQI5xK/eV9uskbh+hVwv
tA8q039PPAQejeoi6VAp+M7zlvvAwO+scbfs8kqecbKtJFozsab7Rrh3eH+gqTd/
hCKesekapRfyGZsggA7375VDgDkWqwsvKDjFZRUtaMR6a+Y4/0dtvnNIRhPhCZ9C
SG/jVnJR0SuB4kRwjDoYpRhWGhajSlkEQ0iiKkoLP6qhL8SK5zcKI64Ozbkf1CHj
AxXQamm2oOzN323Fo+SArAD0tqRvmh2KyuXBiJkCM2RaZq4120j5JQYpYd14oV3o
FRweo1L7s8A4R/nGVYxlFOuYTYjYn+g0vE+q099Q/v60U9ifqdmFMsj9VwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAdbjSMWDho+0QJYJeRfPUydW8ARMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQjF1Tkl4WU9HajdSQWxnbDVGODlUSjFid0JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcFKg6xAgFA
MA0GCSqGSIb3DQEBCwUAA4IBAQB1M39ELZy7vyzcuRxcUJFhBeC89xDr9+edodXy
ox8w7RbRFicV/d9Fr/RdheD/RIpJ49JdbbvXSEg17ou0YnLbK0v+U+BzAjXcMQG0
Jn0w+ot8uUsPQ+65CSkouKipChCOt6KkdcOI5vFh4Hd8AHGBid+6jbdYHhbVlMIz
FpeiK7ZeBNExQIkXM3APl8lz6UmUvrDZoshUHpR0TW4zRlAXX4POL38NtYEeaGTm
1Vbd2Sbt2M++WfaibZQ4hzvaI9Z6o0WAdkNxv1UyvaRoXHSiNkYkek4PSp8r8uv9
y1AsJtJ7uLJHoIm3OU+AhRH74ojFJe4Jf3XNZ6xxpB4bxfGp
-----END CERTIFICATE-----