Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1rjy1Iyud21AdHY8Omp5EtUojEo.roa
File:                     1rjy1Iyud21AdHY8Omp5EtUojEo.roa (raw, json)
Hash identifier:          s5+Qmy4WpJtlQFQxfu1tnO1TpxIcszh0w75RWe+kSs0=
Subject key identifier:   D6:B8:F2:D4:8C:AE:77:6D:40:74:76:3C:3A:6A:79:12:D5:28:8C:4A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521DEAE951A56BCC307A2ADA9C74970
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1rjy1Iyud21AdHY8Omp5EtUojEo.roa
Signing time:             Thu 02 Jan 2025 03:49:24 +0000
ROA not before:           Thu 02 Jan 2025 03:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59936
IP address blocks:        2a0e:97c0:40e::/48 maxlen: 48
                          2a0e:97c0:40f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:de:ae:95:1a:56:bc:c3:07:a2:ad:a9:c7:49:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6b8f2d48cae776d4074763c3a6a7912d5288c4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:bf:92:a9:f6:60:ad:ad:1d:b5:99:68:96:f8:
                    1e:37:63:24:13:0f:cf:cf:bf:a5:73:58:ee:9e:d1:
                    86:ae:99:1b:d8:c8:ab:aa:db:36:d5:85:d0:3c:f0:
                    93:08:82:22:2a:86:a1:fe:72:2b:9b:f0:6c:74:5a:
                    22:7e:b5:e3:08:53:a4:c1:8c:a2:8f:e5:78:98:d0:
                    25:5f:a1:9d:80:24:ad:2c:eb:bf:eb:bd:46:de:b7:
                    1f:11:f4:a0:50:b5:7c:40:df:85:6e:6b:1a:d5:81:
                    64:2c:9e:31:45:97:ee:53:34:06:0f:4e:76:6a:18:
                    30:31:a4:7a:d6:bc:a8:c3:6b:7f:0b:67:5c:79:75:
                    02:30:b7:ab:3c:81:59:63:6e:22:c7:1d:97:49:67:
                    bb:6c:61:d6:20:eb:43:03:43:b9:51:ca:a3:21:47:
                    0e:34:7f:f6:2b:cb:a3:20:cd:01:00:79:fd:60:fd:
                    7b:3b:39:6c:0a:5b:97:4b:c6:5c:47:7e:56:2a:1d:
                    d8:58:f0:6d:33:d6:ee:29:79:b4:0a:4b:c3:00:7c:
                    52:87:1b:92:65:78:11:b1:99:db:da:a3:41:13:0e:
                    c7:05:36:de:e2:a1:72:f3:90:1c:9b:6f:a0:b1:76:
                    83:8a:91:a1:b3:76:67:2a:84:bf:c1:c8:5a:0b:1f:
                    63:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:B8:F2:D4:8C:AE:77:6D:40:74:76:3C:3A:6A:79:12:D5:28:8C:4A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1rjy1Iyud21AdHY8Omp5EtUojEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:40e::/47

    Signature Algorithm: sha256WithRSAEncryption
         31:20:44:f8:d2:4f:53:e1:8b:67:8d:ac:cc:b6:de:8e:3f:89:
         de:a7:09:60:26:28:58:bf:34:2c:e0:13:c9:0e:8d:ca:7e:01:
         cb:51:72:ed:30:f2:3a:01:6d:f0:98:d5:ae:bf:e0:74:b5:51:
         75:43:b5:50:57:db:e2:59:bb:c9:e5:79:2e:b6:d4:ff:0d:fe:
         9d:31:22:51:42:a1:5c:5c:a1:54:d9:3d:6b:63:03:4b:32:df:
         80:25:e6:52:7a:5c:51:e7:9b:43:3d:c9:3d:53:9e:b2:82:1d:
         f0:1a:a4:8d:9e:7e:ff:8f:f4:09:3e:4a:ec:95:80:5d:b0:b7:
         9a:ba:40:20:6d:51:0c:f1:3a:bc:8d:33:5f:7c:d0:9e:1b:9e:
         b3:51:1c:29:49:a5:a0:7c:51:ba:86:f8:b5:6c:36:39:9a:6c:
         95:86:90:35:7b:26:bd:9a:ec:5c:f3:47:d0:ff:e8:bc:57:0f:
         f8:36:cc:4b:45:2b:45:e4:2d:f3:f5:02:c3:ff:47:49:37:78:
         22:ff:ac:65:83:43:e9:3b:34:c0:35:92:a3:6f:23:e6:a3:06:
         2e:4e:6e:b1:45:7b:43:f8:cb:b6:fa:13:e3:b3:56:2a:c4:09:
         a9:3d:76:f8:5d:f2:1b:e3:a3:70:be:0d:79:61:4f:ef:9f:fb:
         48:c4:6e:f4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlId6ulRpWvMMHoq2px0lwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmI4ZjJkNDhjYWU3NzZkNDA3NDc2M2MzYTZhNzkxMmQ1Mjg4YzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyr+SqfZgra0dtZlolvgeN2MkEw/P
z7+lc1juntGGrpkb2Mirqts21YXQPPCTCIIiKoah/nIrm/BsdFoifrXjCFOkwYyi
j+V4mNAlX6GdgCStLOu/671G3rcfEfSgULV8QN+Fbmsa1YFkLJ4xRZfuUzQGD052
ahgwMaR61ryow2t/C2dceXUCMLerPIFZY24ixx2XSWe7bGHWIOtDA0O5UcqjIUcO
NH/2K8ujIM0BAHn9YP17OzlsCluXS8ZcR35WKh3YWPBtM9buKXm0CkvDAHxShxuS
ZXgRsZnb2qNBEw7HBTbe4qFy85Acm2+gsXaDipGhs3ZnKoS/wchaCx9jkwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNa48tSMrndtQHR2PDpqeRLVKIxKMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMXJqeTFJeXVkMjFBZEhZOE9tcDVFdFVvakVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKg6XwAQO
MA0GCSqGSIb3DQEBCwUAA4IBAQAxIET40k9T4YtnjazMtt6OP4nepwlgJihYvzQs
4BPJDo3KfgHLUXLtMPI6AW3wmNWuv+B0tVF1Q7VQV9viWbvJ5XkuttT/Df6dMSJR
QqFcXKFU2T1rYwNLMt+AJeZSelxR55tDPck9U56ygh3wGqSNnn7/j/QJPkrslYBd
sLeaukAgbVEM8Tq8jTNffNCeG56zURwpSaWgfFG6hvi1bDY5mmyVhpA1eya9muxc
80fQ/+i8Vw/4NsxLRStF5C3z9QLD/0dJN3gi/6xlg0PpOzTANZKjbyPmowYuTm6x
RXtD+Mu2+hPjs1YqxAmpPXb4XfIb46Nwvg15YU/vn/tIxG70
-----END CERTIFICATE-----