Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-rIJG6EfRVE41EerYky_Vm7Qcaw.roa
File:                     1-rIJG6EfRVE41EerYky_Vm7Qcaw.roa (raw, json)
Hash identifier:          DJKEw/ePcu6kwxCxsBRMGDFNNRYnE5UhqPxon9+gZng=
Subject key identifier:   FA:B2:09:1B:A1:1F:45:51:38:D4:47:AB:62:4C:BF:56:6E:D0:71:AC
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425226E59A18B4836B37DDF88FEBE67BD
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-rIJG6EfRVE41EerYky_Vm7Qcaw.roa
Signing time:             Thu 02 Jan 2025 03:50:00 +0000
ROA not before:           Thu 02 Jan 2025 03:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213171
IP address blocks:        2a0e:b107:9c0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:6e:59:a1:8b:48:36:b3:7d:df:88:fe:be:67:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fab2091ba11f455138d447ab624cbf566ed071ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:02:19:c7:e8:02:fa:93:c3:e8:2f:0f:69:2c:
                    6e:e4:53:b9:36:89:14:22:47:c0:90:c2:e0:1f:f6:
                    ae:23:01:7d:9f:76:dc:1e:da:c5:ba:37:b5:8b:1d:
                    9e:80:e7:16:79:30:c0:53:b5:65:fe:38:29:cc:88:
                    29:d1:eb:29:d4:cc:12:96:3d:31:7d:bf:4e:06:32:
                    3a:14:4f:dd:48:31:ce:3f:5b:e9:c0:ee:ea:1b:9a:
                    0f:21:65:6d:3c:1a:c2:c5:44:2f:06:d9:91:47:81:
                    89:c9:50:b0:8d:11:c8:17:34:a5:56:91:88:54:d6:
                    bf:4e:57:3c:2b:17:f7:00:72:91:78:f3:29:8a:10:
                    98:48:50:f4:b9:b5:db:5e:e1:8d:3c:68:90:01:cc:
                    e8:be:80:45:11:4a:73:cb:3a:19:b5:a0:b3:58:64:
                    8b:be:9f:24:92:3b:e2:f8:51:1b:53:85:30:23:7d:
                    56:b0:89:e0:ac:d9:8c:cd:f4:bc:98:3d:c6:34:c4:
                    07:34:6a:7b:51:e4:28:98:75:b3:25:0b:d2:57:af:
                    65:c4:23:32:00:cb:2a:f7:0f:77:75:87:e4:17:32:
                    0b:6a:a7:25:80:ae:ca:66:f9:0c:4c:ec:05:e1:bd:
                    b7:51:75:a1:f9:a8:33:17:40:96:61:34:68:a2:0b:
                    41:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:B2:09:1B:A1:1F:45:51:38:D4:47:AB:62:4C:BF:56:6E:D0:71:AC
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-rIJG6EfRVE41EerYky_Vm7Qcaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:9c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         06:52:3d:f4:67:36:c4:ef:e5:bf:12:a3:54:77:26:b0:1c:79:
         6b:16:d4:aa:df:c6:53:02:25:15:4c:52:8e:99:f8:96:77:d4:
         58:45:db:52:e1:36:65:c5:f8:88:7b:2e:8d:d6:54:ca:a3:81:
         65:9a:21:57:16:35:92:5e:7c:bb:f8:1d:8b:90:e9:80:e5:5c:
         5a:94:b4:84:f2:13:7e:e3:c6:27:0c:7a:7e:a8:03:c0:34:b4:
         12:f8:e3:25:a8:b1:46:81:65:a9:a0:29:7d:65:bb:d4:8e:3a:
         f3:ff:76:d1:9b:3b:cb:78:56:0c:83:16:df:ed:ba:6d:84:f9:
         f8:bb:b7:72:81:72:c2:03:5d:69:70:ff:84:6e:a9:d5:56:9b:
         21:2a:f4:0d:1e:be:51:43:c4:90:2e:54:52:49:1a:73:9e:ee:
         d7:ab:ad:03:83:55:e7:08:84:3a:98:54:da:3b:43:47:08:1e:
         8e:6c:50:d8:18:fa:d4:ba:ab:40:9c:b0:43:09:5e:b3:f9:d5:
         07:d6:bc:0b:5b:69:89:d1:b2:e1:ca:90:d6:17:d7:64:0f:40:
         cf:47:18:f4:c8:53:d8:bf:06:07:f5:0d:62:bf:27:fe:e8:47:
         e8:f6:2b:18:f1:85:03:94:5c:a7:34:78:b2:28:ac:4a:8d:34:
         f0:9b:d8:8c
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAZQlIm5ZoYtINrN934j+vme9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWIyMDkxYmExMWY0NTUxMzhkNDQ3YWI2MjRjYmY1NjZlZDA3MWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwIZx+gC+pPD6C8PaSxu5FO5NokU
IkfAkMLgH/auIwF9n3bcHtrFuje1ix2egOcWeTDAU7Vl/jgpzIgp0esp1MwSlj0x
fb9OBjI6FE/dSDHOP1vpwO7qG5oPIWVtPBrCxUQvBtmRR4GJyVCwjRHIFzSlVpGI
VNa/Tlc8Kxf3AHKRePMpihCYSFD0ubXbXuGNPGiQAczovoBFEUpzyzoZtaCzWGSL
vp8kkjvi+FEbU4UwI31WsIngrNmMzfS8mD3GNMQHNGp7UeQomHWzJQvSV69lxCMy
AMsq9w93dYfkFzILaqclgK7KZvkMTOwF4b23UXWh+agzF0CWYTRoogtBkQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPqyCRuhH0VRONRHq2JMv1Zu0HGsMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMS1ySUpHNkVmUlZFNDFFZXJZa3lfVm03UWNhdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTEvNDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZh
NS8xL1kta1djWHF4SE16eEh2SDdYQkx1UVpVUHJacy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoOsQcJ
wDANBgkqhkiG9w0BAQsFAAOCAQEABlI99Gc2xO/lvxKjVHcmsBx5axbUqt/GUwIl
FUxSjpn4lnfUWEXbUuE2ZcX4iHsujdZUyqOBZZohVxY1kl58u/gdi5DpgOVcWpS0
hPITfuPGJwx6fqgDwDS0EvjjJaixRoFlqaApfWW71I468/920Zs7y3hWDIMW3+26
bYT5+Lu3coFywgNdaXD/hG6p1VabISr0DR6+UUPEkC5UUkkac57u16utA4NV5wiE
OphU2jtDRwgejmxQ2Bj61LqrQJywQwles/nVB9a8C1tpidGy4cqQ1hfXZA9Az0cY
9MhT2L8GB/UNYr8n/uhH6PYrGPGFA5RcpzR4siisSo008JvYjA==
-----END CERTIFICATE-----