Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-TNoSC3dyo19ifco5WCKTlDpIJk.roa
File:                     1-TNoSC3dyo19ifco5WCKTlDpIJk.roa (raw, json)
Hash identifier:          TRZ7qnahYsuYZcVlv0cwz0X0r90w4LpkVqzK9XYKDOI=
Subject key identifier:   F9:33:68:48:2D:DD:CA:8D:7D:89:F7:28:E5:60:8A:4E:50:E9:20:99
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521F27B7994A1BE1B05BA171966BCD6
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-TNoSC3dyo19ifco5WCKTlDpIJk.roa
Signing time:             Thu 02 Jan 2025 03:49:29 +0000
ROA not before:           Thu 02 Jan 2025 03:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197762
IP address blocks:        2a06:de00:1330::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:f2:7b:79:94:a1:be:1b:05:ba:17:19:66:bc:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f93368482dddca8d7d89f728e5608a4e50e92099
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b2:bb:3b:6d:83:ec:26:4d:fd:3a:46:4d:aa:
                    1d:2b:da:81:78:35:51:c7:87:d8:ec:b1:5b:ab:22:
                    9f:f6:a1:3c:cf:e7:7a:19:d8:a1:c8:08:9a:37:10:
                    2c:cc:07:b2:cc:d1:c6:52:83:d5:5c:81:11:8b:b1:
                    69:14:fc:bc:e0:68:33:93:60:d7:b1:00:24:00:26:
                    e6:ac:e2:f6:80:d9:b4:46:5b:a2:df:3a:7a:74:0d:
                    52:62:d0:f6:0a:8d:6f:06:fa:36:55:f0:7b:88:73:
                    ac:4c:f0:f8:80:a1:22:67:65:11:16:15:7b:6c:84:
                    ab:53:01:c3:91:1b:56:9a:fa:04:1c:ed:02:bc:5c:
                    cd:91:31:8b:08:45:90:f8:63:68:64:ec:13:c7:0c:
                    59:00:08:0b:9a:0e:2a:6c:4b:a8:64:aa:8d:d2:8c:
                    5a:3c:13:0d:f1:b1:76:13:8f:5d:4e:0b:f9:4d:6b:
                    4f:d1:37:12:0f:5c:fe:85:f5:b7:7a:63:2c:cb:ad:
                    04:bf:30:d3:5c:76:49:79:70:1c:fa:6c:3f:d2:17:
                    32:d4:16:63:66:28:31:4c:1c:86:e2:22:66:6f:64:
                    16:27:cf:8f:44:27:1e:24:f0:86:fa:b6:35:59:b1:
                    1f:12:ee:2f:23:df:87:9d:26:b8:6b:d7:08:17:5c:
                    39:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:33:68:48:2D:DD:CA:8D:7D:89:F7:28:E5:60:8A:4E:50:E9:20:99
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-TNoSC3dyo19ifco5WCKTlDpIJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de00:1330::/44

    Signature Algorithm: sha256WithRSAEncryption
         5b:d0:ae:23:1e:f5:f9:a9:6f:48:cb:d2:56:05:1a:5f:40:07:
         45:30:58:a1:b5:b8:79:44:3e:a8:ed:0b:bd:ca:5d:d2:1c:6b:
         d6:e2:06:de:11:7c:3c:61:fa:2e:b4:62:bd:8b:bd:09:5b:af:
         87:36:9c:d2:ee:06:86:ab:26:5a:fb:fa:c4:70:c3:d6:8c:a3:
         e0:00:01:79:f0:0f:45:0f:16:f2:07:51:2a:a0:ba:54:4e:0a:
         a1:a4:3a:c6:07:86:8c:d2:a3:b4:4d:36:22:e4:a1:49:4b:02:
         b3:a1:7a:d3:08:c0:c2:c0:c0:06:69:c1:9a:18:a4:55:e8:c3:
         1a:8d:71:46:ee:0d:cc:b5:24:29:ea:75:d5:e5:a2:93:c8:80:
         99:2b:89:0f:fa:ae:d5:f2:d1:03:3d:fb:6a:d8:be:70:83:20:
         6e:6a:d8:07:ed:9a:ca:e4:94:4f:c1:36:0a:f9:4a:4f:07:14:
         d1:3f:32:f3:25:1a:62:8c:f0:5a:a7:ce:6b:e7:20:30:4c:fe:
         cc:0e:60:66:84:16:79:a4:62:72:55:c4:b7:78:0c:09:15:43:
         b2:0b:42:cd:82:5e:58:64:0d:db:b5:e0:62:67:e3:f3:27:65:
         94:ec:a7:76:db:bc:7f:55:52:0e:bd:ee:97:20:68:88:86:2e:
         5c:f3:6f:da
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAZQlIfJ7eZShvhsFuhcZZrzWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTMzNjg0ODJkZGRjYThkN2Q4OWY3MjhlNTYwOGE0ZTUwZTkyMDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7K7O22D7CZN/TpGTaodK9qBeDVR
x4fY7LFbqyKf9qE8z+d6GdihyAiaNxAszAeyzNHGUoPVXIERi7FpFPy84Ggzk2DX
sQAkACbmrOL2gNm0Rlui3zp6dA1SYtD2Co1vBvo2VfB7iHOsTPD4gKEiZ2URFhV7
bISrUwHDkRtWmvoEHO0CvFzNkTGLCEWQ+GNoZOwTxwxZAAgLmg4qbEuoZKqN0oxa
PBMN8bF2E49dTgv5TWtP0TcSD1z+hfW3emMsy60EvzDTXHZJeXAc+mw/0hcy1BZj
ZigxTByG4iJmb2QWJ8+PRCceJPCG+rY1WbEfEu4vI9+HnSa4a9cIF1w5KwIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPkzaEgt3cqNfYn3KOVgik5Q6SCZMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMS1UTm9TQzNkeW8xOWlmY281V0NLVGxEcElKay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTEvNDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZh
NS8xL1kta1djWHF4SE16eEh2SDdYQkx1UVpVUHJacy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoG3gAT
MDANBgkqhkiG9w0BAQsFAAOCAQEAW9CuIx71+alvSMvSVgUaX0AHRTBYobW4eUQ+
qO0Lvcpd0hxr1uIG3hF8PGH6LrRivYu9CVuvhzac0u4GhqsmWvv6xHDD1oyj4AAB
efAPRQ8W8gdRKqC6VE4KoaQ6xgeGjNKjtE02IuShSUsCs6F60wjAwsDABmnBmhik
VejDGo1xRu4NzLUkKep11eWik8iAmSuJD/qu1fLRAz37ati+cIMgbmrYB+2ayuSU
T8E2CvlKTwcU0T8y8yUaYozwWqfOa+cgMEz+zA5gZoQWeaRiclXEt3gMCRVDsgtC
zYJeWGQN27XgYmfj8ydllOyndtu8f1VSDr3ulyBoiIYuXPNv2g==
-----END CERTIFICATE-----