Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/uLc6GREmONWIdJdQ-o1Jygod2Yw.roa
File:                     uLc6GREmONWIdJdQ-o1Jygod2Yw.roa (raw, json)
Hash identifier:          jiq25HcflTgVUpOkdO24Ccw73zSFidYxn0lQV/9UGRI=
Subject key identifier:   B8:B7:3A:19:11:26:38:D5:88:74:97:50:FA:8D:49:CA:0A:1D:D9:8C
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521EDC5A2C7CD0A5F410383BAC7B04F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/uLc6GREmONWIdJdQ-o1Jygod2Yw.roa
Signing time:             Thu 02 Jan 2025 03:49:27 +0000
ROA not before:           Thu 02 Jan 2025 03:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     149296
IP address blocks:        2a0e:b107:1840::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ed:c5:a2:c7:cd:0a:5f:41:03:83:ba:c7:b0:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b8b73a19112638d588749750fa8d49ca0a1dd98c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:6f:89:24:8e:b3:92:8f:85:ee:2e:33:d3:97:
                    7e:aa:ce:fa:5a:de:47:60:a0:67:79:75:8a:12:29:
                    f7:68:64:5a:82:72:f1:29:e1:a8:e2:37:89:9c:02:
                    a1:22:1b:91:5e:65:9e:a5:cd:11:61:10:5b:1d:ed:
                    6b:3e:bc:63:5e:a7:18:fe:fc:86:f3:1f:9b:ef:d1:
                    b2:ab:4b:43:f7:af:8a:f8:eb:53:65:7c:35:eb:07:
                    f0:e2:73:48:a0:48:f3:03:b1:9a:48:6e:72:9a:bb:
                    95:f7:d2:ca:b1:65:21:81:ca:97:e2:1b:92:75:df:
                    83:e2:fb:4a:09:4b:08:ba:ea:08:00:6d:4f:d9:cc:
                    24:27:98:5a:a1:65:36:f3:bd:7d:a9:8f:96:63:03:
                    6c:1b:81:40:f2:de:d8:d4:bb:1d:42:57:02:67:2c:
                    36:e2:62:ae:01:c4:cd:94:19:13:a9:e7:e4:d7:69:
                    04:a2:19:30:c2:d7:92:02:d8:7b:43:3a:d2:a8:5b:
                    4d:51:d4:99:55:25:e0:1e:04:76:85:96:6c:a4:b0:
                    46:9b:5f:21:2b:b3:6c:36:78:af:a2:b4:d8:0c:79:
                    cc:5e:a4:0c:1c:bd:f8:2d:ec:aa:02:ad:20:2c:28:
                    a1:32:86:fd:a9:8f:69:3c:5f:14:1e:27:5e:af:e5:
                    b3:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:B7:3A:19:11:26:38:D5:88:74:97:50:FA:8D:49:CA:0A:1D:D9:8C
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/uLc6GREmONWIdJdQ-o1Jygod2Yw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1840::/44

    Signature Algorithm: sha256WithRSAEncryption
         47:c1:6e:a6:83:29:ce:55:65:e2:1c:f4:97:99:00:8a:86:7d:
         f3:7a:05:d0:a7:07:96:68:3d:a1:61:f1:38:8b:d3:c5:a5:9d:
         df:28:ea:17:96:36:9f:5b:c5:22:f1:3d:24:c8:ee:77:8b:45:
         a0:ab:d8:74:09:7d:b0:1a:43:b4:fb:b1:1c:a3:2f:cb:ab:21:
         e3:42:3c:49:4e:4a:4b:8c:9a:b7:98:00:e2:b9:ec:f1:f5:ee:
         86:fc:88:44:9a:2a:96:6c:cc:7e:0d:f0:56:49:e7:05:4c:5a:
         81:af:c9:f1:00:45:bf:bb:27:37:00:c8:3a:52:c1:a0:10:0d:
         b8:58:c6:63:0f:ef:93:96:40:09:5d:b1:58:fe:15:fb:c7:ee:
         d6:95:0e:f3:0c:87:ac:b0:a3:b3:55:1b:e9:0b:1d:94:7f:34:
         3f:69:b6:6c:45:99:7f:e8:09:46:90:60:5e:5d:3e:5b:05:3d:
         a4:91:2d:b6:e9:58:d9:eb:09:9b:1a:32:13:c5:e0:04:4f:79:
         24:49:45:4b:eb:3d:bf:1f:3d:4c:9b:92:9c:8c:93:66:0a:00:
         63:da:9e:e0:a6:9b:cc:2a:fd:29:fd:2a:80:55:44:8f:f8:1f:
         47:fa:85:32:3a:f7:34:db:5f:7b:f6:cd:dd:da:6d:73:98:10:
         7d:57:1e:ab
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIe3FosfNCl9BA4O6x7BPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGI3M2ExOTExMjYzOGQ1ODg3NDk3NTBmYThkNDljYTBhMWRkOThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5G+JJI6zko+F7i4z05d+qs76Wt5H
YKBneXWKEin3aGRagnLxKeGo4jeJnAKhIhuRXmWepc0RYRBbHe1rPrxjXqcY/vyG
8x+b79Gyq0tD96+K+OtTZXw16wfw4nNIoEjzA7GaSG5ymruV99LKsWUhgcqX4huS
dd+D4vtKCUsIuuoIAG1P2cwkJ5haoWU28719qY+WYwNsG4FA8t7Y1LsdQlcCZyw2
4mKuAcTNlBkTqefk12kEohkwwteSAth7QzrSqFtNUdSZVSXgHgR2hZZspLBGm18h
K7NsNnivorTYDHnMXqQMHL34LeyqAq0gLCihMob9qY9pPF8UHider+Wz6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLi3OhkRJjjViHSXUPqNScoKHdmMMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdUxjNkdSRW1PTldJZEpkUS1vMUp5Z29kMll3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxhA
MA0GCSqGSIb3DQEBCwUAA4IBAQBHwW6mgynOVWXiHPSXmQCKhn3zegXQpweWaD2h
YfE4i9PFpZ3fKOoXljafW8Ui8T0kyO53i0Wgq9h0CX2wGkO0+7Ecoy/LqyHjQjxJ
TkpLjJq3mADiuezx9e6G/IhEmiqWbMx+DfBWSecFTFqBr8nxAEW/uyc3AMg6UsGg
EA24WMZjD++TlkAJXbFY/hX7x+7WlQ7zDIessKOzVRvpCx2UfzQ/abZsRZl/6AlG
kGBeXT5bBT2kkS226VjZ6wmbGjITxeAET3kkSUVL6z2/Hz1Mm5KcjJNmCgBj2p7g
ppvMKv0p/SqAVUSP+B9H+oUyOvc021979s3d2m1zmBB9Vx6r
-----END CERTIFICATE-----