Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Ja0OEawZjQa28Dg3u-oPLOGjphA.roa
File:                     Ja0OEawZjQa28Dg3u-oPLOGjphA.roa (raw, json)
Hash identifier:          oS2FphA9GBd8jryxrzhOf3m2CgOvmN+0x9kghCHD40c=
Subject key identifier:   25:AD:0E:11:AC:19:8D:06:B6:F0:38:37:BB:EA:0F:2C:E1:A3:A6:10
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521E2D420AAE97240A3234E96726CFE
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Ja0OEawZjQa28Dg3u-oPLOGjphA.roa
Signing time:             Thu 02 Jan 2025 03:49:25 +0000
ROA not before:           Thu 02 Jan 2025 03:49:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137256
IP address blocks:        2a0e:b107:c10::/48 maxlen: 48
                          2a0e:b107:c11::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 02:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:e2:d4:20:aa:e9:72:40:a3:23:4e:96:72:6c:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=25ad0e11ac198d06b6f03837bbea0f2ce1a3a610
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ac:5d:e0:11:c3:45:03:ff:34:a2:2d:6c:0a:
                    89:51:51:50:43:f9:18:2d:5b:86:e0:08:1d:8f:20:
                    98:ef:6b:f0:49:e3:c7:84:e2:41:89:8f:b7:3b:ae:
                    d9:7d:a9:ee:1f:f9:33:54:41:83:2e:3a:03:2d:b5:
                    e6:9e:d5:f8:d8:4c:1b:5e:69:e2:16:0e:e7:ea:ad:
                    29:dd:71:7d:74:19:00:47:5a:f8:83:18:f1:20:17:
                    b5:2b:b2:4c:a8:b0:21:b7:c9:9e:6a:83:e3:f5:24:
                    0f:de:e9:a5:fd:cb:98:f1:c5:1e:69:34:cd:d2:e8:
                    13:cf:43:74:7c:99:c8:81:05:0e:89:8d:b3:17:1a:
                    d2:f5:d1:7c:25:e9:ed:8b:da:5e:f4:99:f6:8c:a0:
                    6e:a3:5a:54:43:08:f1:e0:1a:a7:6a:b7:98:fd:98:
                    1d:a1:a8:10:23:69:7a:a7:73:68:5b:9c:02:0c:6f:
                    60:f5:bc:c9:e6:8e:1b:db:81:84:7a:99:25:e2:d6:
                    a0:c9:e9:75:a7:20:76:b6:36:ef:77:91:fd:59:99:
                    8c:1c:08:7e:d7:7c:4b:95:46:16:1a:73:17:41:94:
                    23:dc:63:68:30:b9:2f:7b:c5:a9:9a:3a:ef:35:54:
                    ca:ba:e8:89:22:b7:60:8f:e0:3a:1c:32:f4:9e:53:
                    5a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:AD:0E:11:AC:19:8D:06:B6:F0:38:37:BB:EA:0F:2C:E1:A3:A6:10
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Ja0OEawZjQa28Dg3u-oPLOGjphA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:c10::/47

    Signature Algorithm: sha256WithRSAEncryption
         9e:8c:7f:18:f1:6a:c1:07:2e:58:46:bb:ad:a1:09:62:08:6c:
         73:2f:0a:ae:8f:d4:6a:be:51:bd:28:d3:1a:aa:af:fd:04:1b:
         da:40:12:b6:86:4f:c0:ad:ba:8b:e6:b0:b0:1c:45:77:fd:ff:
         14:01:7d:c6:68:96:53:e8:2d:0f:86:5b:d7:bc:5e:4a:1e:96:
         31:bd:ef:36:79:78:4f:f4:0e:0a:48:63:ee:72:76:c8:fd:90:
         db:bd:0e:b7:38:2a:6a:83:69:bf:43:9d:6c:cc:41:79:9d:fe:
         b8:28:b8:86:5f:67:5a:6e:41:78:f0:fe:a8:e5:fc:60:ce:50:
         c1:80:e2:33:6c:69:5c:ce:db:1c:ae:66:0d:be:cd:9b:c1:fa:
         9a:1c:64:28:a7:57:08:4c:af:7b:77:66:cc:eb:bd:38:41:5e:
         00:4e:1f:3b:da:41:f2:7d:e5:c5:bb:81:2d:cd:b1:d6:09:24:
         31:44:14:1e:61:6c:2d:46:1a:d1:cc:b3:38:83:a8:80:d0:64:
         d3:7d:33:70:c1:49:28:fd:67:81:44:9d:05:41:0f:17:bb:7d:
         90:55:c5:16:90:c7:e2:11:61:a2:56:b3:6d:6e:c5:c8:99:4e:
         99:f8:1b:9e:ff:ac:9b:91:7b:09:32:c5:1a:a4:64:05:86:5e:
         92:1c:7d:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIeLUIKrpckCjI06Wcmz+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWFkMGUxMWFjMTk4ZDA2YjZmMDM4MzdiYmVhMGYyY2UxYTNhNjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaxd4BHDRQP/NKItbAqJUVFQQ/kY
LVuG4AgdjyCY72vwSePHhOJBiY+3O67ZfanuH/kzVEGDLjoDLbXmntX42EwbXmni
Fg7n6q0p3XF9dBkAR1r4gxjxIBe1K7JMqLAht8meaoPj9SQP3uml/cuY8cUeaTTN
0ugTz0N0fJnIgQUOiY2zFxrS9dF8Jenti9pe9Jn2jKBuo1pUQwjx4BqnareY/Zgd
oagQI2l6p3NoW5wCDG9g9bzJ5o4b24GEepkl4tagyel1pyB2tjbvd5H9WZmMHAh+
13xLlUYWGnMXQZQj3GNoMLkve8WpmjrvNVTKuuiJIrdgj+A6HDL0nlNafwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCWtDhGsGY0GtvA4N7vqDyzho6YQMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSmEwT0Vhd1pqUWEyOERnM3Utb1BMT0dqcGhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKg6xBwwQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCejH8Y8WrBBy5YRrutoQliCGxzLwquj9RqvlG9
KNMaqq/9BBvaQBK2hk/ArbqL5rCwHEV3/f8UAX3GaJZT6C0PhlvXvF5KHpYxve82
eXhP9A4KSGPucnbI/ZDbvQ63OCpqg2m/Q51szEF5nf64KLiGX2dabkF48P6o5fxg
zlDBgOIzbGlcztscrmYNvs2bwfqaHGQop1cITK97d2bM6704QV4ATh872kHyfeXF
u4EtzbHWCSQxRBQeYWwtRhrRzLM4g6iA0GTTfTNwwUko/WeBRJ0FQQ8Xu32QVcUW
kMfiEWGiVrNtbsXImU6Z+Bue/6ybkXsJMsUapGQFhl6SHH2k
-----END CERTIFICATE-----