Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1oMACt75wWyp9y2tiZyCD1n7dG4.roa
File:                     1oMACt75wWyp9y2tiZyCD1n7dG4.roa (raw, json)
Hash identifier:          3XXpW9csC3YL+wrGtwkOSwwx3d0vulnIzgT+KVxpUCw=
Subject key identifier:   D6:83:00:0A:DE:F9:C1:6C:A9:F7:2D:AD:89:9C:82:0F:59:FB:74:6E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521FD4122A81F92A99DA392DE1479D0
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1oMACt75wWyp9y2tiZyCD1n7dG4.roa
Signing time:             Thu 02 Jan 2025 03:49:32 +0000
ROA not before:           Thu 02 Jan 2025 03:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200242
IP address blocks:        2a0e:97c0:ca0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:fd:41:22:a8:1f:92:a9:9d:a3:92:de:14:79:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d683000adef9c16ca9f72dad899c820f59fb746e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ed:aa:ae:b9:e3:13:d2:15:74:f1:2d:25:48:
                    ae:55:19:52:aa:62:e3:67:90:87:1d:5e:7f:14:ca:
                    0d:e8:87:35:c9:a9:03:ae:0c:88:ca:1b:dd:8d:31:
                    25:c2:f8:a5:84:d0:0a:37:25:70:b9:af:43:7e:8b:
                    81:81:d7:5c:76:37:7f:ca:a5:7f:91:d9:8d:3c:8b:
                    07:5e:4d:2a:6b:d9:9b:ba:26:69:ab:78:9f:76:cf:
                    0d:2d:c4:0e:43:d2:3c:ac:b3:08:b7:e3:80:d0:71:
                    da:04:7b:e8:5e:86:ce:b9:c2:40:b8:25:0b:60:12:
                    b5:29:5a:b0:1d:71:41:a4:2b:39:57:b6:ba:52:d2:
                    c1:3a:86:81:42:b2:39:b8:27:25:50:34:8b:7a:e1:
                    09:74:f1:02:2c:be:c3:ae:18:bb:3c:c9:08:b4:c5:
                    36:2f:14:dc:9c:48:8b:ab:de:d2:7d:d4:3b:af:6b:
                    83:41:45:21:3d:be:6c:c3:a4:87:6e:74:90:0a:44:
                    67:b0:d3:33:57:35:38:29:01:68:a2:5b:2f:64:20:
                    1a:90:d9:63:b4:4a:76:39:61:b8:a4:51:fd:20:3f:
                    5c:80:ee:7c:8a:cc:66:13:63:59:18:a3:c4:a3:cf:
                    a0:dd:e8:ab:ab:60:bf:f1:a1:7e:17:96:3f:a6:dd:
                    4b:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:83:00:0A:DE:F9:C1:6C:A9:F7:2D:AD:89:9C:82:0F:59:FB:74:6E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1oMACt75wWyp9y2tiZyCD1n7dG4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:ca0::/44

    Signature Algorithm: sha256WithRSAEncryption
         aa:d6:3a:cf:e1:71:08:75:35:f6:1d:4d:4a:ff:53:1e:43:7c:
         82:99:f8:02:b1:47:fa:49:eb:6b:07:39:66:08:5d:97:11:9a:
         22:0e:cf:dd:03:6c:bc:50:5f:54:20:55:62:41:9d:72:01:12:
         48:9d:cf:d6:75:30:65:74:7a:e0:f7:48:52:86:fa:9e:96:0e:
         24:73:a4:d7:e5:58:b5:fa:d1:1b:a6:d7:42:f4:1e:2b:af:14:
         05:a0:8a:2f:2b:d2:9e:73:2a:32:f3:36:21:4d:f2:57:0b:75:
         6b:3b:d1:7e:1a:56:ed:81:6e:23:78:bd:0a:e4:52:c2:ff:b3:
         f0:dd:13:a7:3a:88:a2:80:36:4d:0f:2f:21:e0:d0:31:8e:af:
         74:b3:34:6e:cb:2b:2f:21:00:39:8a:28:45:2b:21:2e:65:7a:
         f0:65:26:a1:3e:d0:fa:ee:53:b4:b8:e4:14:6b:59:b7:e6:96:
         ab:12:ee:4f:8c:d0:3d:a3:35:ff:91:3f:c0:14:94:f1:01:4e:
         53:f4:4b:e6:67:33:7c:ca:f3:4c:78:24:c7:a2:af:32:cf:18:
         00:1d:c1:ce:ab:3b:59:4c:ab:69:27:48:51:33:2e:ea:a0:ba:
         8b:ed:5a:8b:70:c6:9a:cc:cf:08:50:6d:16:6c:f7:0f:b1:bc:
         6d:ac:b4:49
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIf1BIqgfkqmdo5LeFHnQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjgzMDAwYWRlZjljMTZjYTlmNzJkYWQ4OTljODIwZjU5ZmI3NDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtu2qrrnjE9IVdPEtJUiuVRlSqmLj
Z5CHHV5/FMoN6Ic1yakDrgyIyhvdjTElwvilhNAKNyVwua9DfouBgddcdjd/yqV/
kdmNPIsHXk0qa9mbuiZpq3ifds8NLcQOQ9I8rLMIt+OA0HHaBHvoXobOucJAuCUL
YBK1KVqwHXFBpCs5V7a6UtLBOoaBQrI5uCclUDSLeuEJdPECLL7Drhi7PMkItMU2
LxTcnEiLq97SfdQ7r2uDQUUhPb5sw6SHbnSQCkRnsNMzVzU4KQFoolsvZCAakNlj
tEp2OWG4pFH9ID9cgO58isxmE2NZGKPEo8+g3eirq2C/8aF+F5Y/pt1LIwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNaDAAre+cFsqfctrYmcgg9Z+3RuMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMW9NQUN0NzV3V3lwOXkydGlaeUNEMW43ZEc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAyg
MA0GCSqGSIb3DQEBCwUAA4IBAQCq1jrP4XEIdTX2HU1K/1MeQ3yCmfgCsUf6Setr
BzlmCF2XEZoiDs/dA2y8UF9UIFViQZ1yARJInc/WdTBldHrg90hShvqelg4kc6TX
5Vi1+tEbptdC9B4rrxQFoIovK9Kecyoy8zYhTfJXC3VrO9F+GlbtgW4jeL0K5FLC
/7Pw3ROnOoiigDZNDy8h4NAxjq90szRuyysvIQA5iihFKyEuZXrwZSahPtD67lO0
uOQUa1m35parEu5PjNA9ozX/kT/AFJTxAU5T9EvmZzN8yvNMeCTHoq8yzxgAHcHO
qztZTKtpJ0hRMy7qoLqL7VqLcMaazM8IUG0WbPcPsbxtrLRJ
-----END CERTIFICATE-----