Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/0EXCceIF-_LmYwlleACKHs84Tqw.roa
File:                     0EXCceIF-_LmYwlleACKHs84Tqw.roa (raw, json)
Hash identifier:          MlBESCR+6Gn4z7II7XVz7U7ZWg55zJcHY4DnmPUtdQ8=
Subject key identifier:   D0:45:C2:71:E2:05:FB:F2:E6:63:09:65:78:00:8A:1E:CF:38:4E:AC
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522530D1BDB1118BCE77011685FA250
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/0EXCceIF-_LmYwlleACKHs84Tqw.roa
Signing time:             Thu 02 Jan 2025 03:49:53 +0000
ROA not before:           Thu 02 Jan 2025 03:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211548
IP address blocks:        2a0e:97c0:2c0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:53:0d:1b:db:11:18:bc:e7:70:11:68:5f:a2:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d045c271e205fbf2e663096578008a1ecf384eac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:12:3e:55:10:ee:81:35:f9:75:82:07:31:d7:
                    91:10:bd:16:c8:47:fd:c4:07:1d:a8:fa:ce:14:0e:
                    b5:c3:03:8c:a8:2f:d2:27:43:6a:7b:c9:79:ad:b2:
                    0d:eb:c7:de:30:1f:5d:59:2e:ba:1a:0d:99:a9:33:
                    5f:97:ba:20:1d:38:7c:11:18:62:40:78:ed:c3:11:
                    c5:22:8d:fb:a2:43:89:95:40:a3:21:66:60:64:66:
                    82:fd:6e:f6:79:fb:3a:5d:4f:23:f8:9a:2b:57:21:
                    2a:3f:14:cb:75:a3:34:50:32:55:b1:22:be:eb:a0:
                    08:f4:66:d0:f3:e1:8b:be:e2:59:9b:b1:17:b7:52:
                    28:9f:a8:e6:16:3c:f4:b6:89:39:ac:c4:5d:74:15:
                    93:6f:57:7a:5e:6a:d1:dd:43:18:22:9e:cf:ce:2d:
                    20:53:54:d7:35:a5:af:f0:04:f7:f1:9b:83:31:f3:
                    6c:2c:dd:e1:74:73:6d:c2:cf:2a:67:8a:f5:4c:cc:
                    98:3e:c7:32:d7:cf:19:d4:3f:7e:03:88:91:86:cb:
                    7b:37:77:99:03:ab:3c:ea:cd:35:96:3a:f2:19:fd:
                    63:4a:22:e3:1b:9d:4d:44:7f:f3:bd:22:c3:7e:a4:
                    1a:99:98:56:9a:0b:43:8b:be:93:b2:c3:99:0c:28:
                    7f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:45:C2:71:E2:05:FB:F2:E6:63:09:65:78:00:8A:1E:CF:38:4E:AC
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/0EXCceIF-_LmYwlleACKHs84Tqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:2c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         58:a9:f8:db:c2:8f:53:2b:8c:fc:1c:12:d3:57:fa:0f:70:0f:
         25:f7:b4:c6:b5:56:15:9c:05:d0:7e:5a:c9:5c:50:24:f8:bd:
         02:f6:11:a6:a6:c9:67:57:30:10:f6:e5:b5:af:55:45:cb:77:
         9e:cf:49:6c:0a:8a:78:52:88:78:80:1d:49:36:61:74:3a:ae:
         09:13:be:9c:a5:e3:b1:90:cd:94:a8:40:2b:01:50:64:79:c5:
         81:86:78:78:f2:18:49:70:b1:39:ee:e9:f0:67:de:bb:b1:96:
         e4:5b:1e:5d:c8:43:b6:93:d1:d4:e7:10:60:54:f9:28:6b:4c:
         97:a5:cc:ac:85:d0:b8:10:72:6f:b0:4f:fb:09:ad:83:06:a0:
         70:73:38:9a:11:1d:ca:d0:e9:e7:0e:6d:9a:d2:0c:d4:3b:ca:
         2a:34:03:35:b1:54:8b:84:69:8f:26:44:2f:0f:91:6b:3f:c8:
         7f:fe:ee:71:70:b3:01:9b:da:bb:be:f0:d8:ae:34:52:fd:0c:
         59:64:c1:d9:81:ce:dc:80:cd:36:48:5e:0a:ba:2c:7c:de:e2:
         7d:7a:06:bf:63:02:8c:2d:5f:03:47:4a:16:df:d3:23:9c:e0:
         3d:af:c0:58:90:2e:db:e2:e2:c6:25:02:4d:d7:0f:8b:e8:0e:
         7d:88:52:d0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIlMNG9sRGLzncBFoX6JQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDQ1YzI3MWUyMDVmYmYyZTY2MzA5NjU3ODAwOGExZWNmMzg0ZWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7RI+VRDugTX5dYIHMdeREL0WyEf9
xAcdqPrOFA61wwOMqC/SJ0Nqe8l5rbIN68feMB9dWS66Gg2ZqTNfl7ogHTh8ERhi
QHjtwxHFIo37okOJlUCjIWZgZGaC/W72efs6XU8j+JorVyEqPxTLdaM0UDJVsSK+
66AI9GbQ8+GLvuJZm7EXt1Ion6jmFjz0tok5rMRddBWTb1d6XmrR3UMYIp7Pzi0g
U1TXNaWv8AT38ZuDMfNsLN3hdHNtws8qZ4r1TMyYPscy188Z1D9+A4iRhst7N3eZ
A6s86s01ljryGf1jSiLjG51NRH/zvSLDfqQamZhWmgtDi76TssOZDCh/0wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNBFwnHiBfvy5mMJZXgAih7POE6sMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMEVYQ2NlSUYtX0xtWXdsbGVBQ0tIczg0VHF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwALA
MA0GCSqGSIb3DQEBCwUAA4IBAQBYqfjbwo9TK4z8HBLTV/oPcA8l97TGtVYVnAXQ
flrJXFAk+L0C9hGmpslnVzAQ9uW1r1VFy3eez0lsCop4Uoh4gB1JNmF0Oq4JE76c
peOxkM2UqEArAVBkecWBhnh48hhJcLE57unwZ967sZbkWx5dyEO2k9HU5xBgVPko
a0yXpcyshdC4EHJvsE/7Ca2DBqBwcziaER3K0OnnDm2a0gzUO8oqNAM1sVSLhGmP
JkQvD5FrP8h//u5xcLMBm9q7vvDYrjRS/QxZZMHZgc7cgM02SF4Kuix83uJ9ega/
YwKMLV8DR0oW39MjnOA9r8BYkC7b4uLGJQJN1w+L6A59iFLQ
-----END CERTIFICATE-----