Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/2hM4kQSlmqs0Ht151W_FeIZnNog.roa
File:                     2hM4kQSlmqs0Ht151W_FeIZnNog.roa (raw, json)
Hash identifier:          phvr2iTItfwtavlPxXb76jXV29fhPaUOgvnLqYctTVY=
Subject key identifier:   DA:13:38:91:04:A5:9A:AB:34:1E:DD:79:D5:6F:C5:78:86:67:36:88
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521E032F7A031AD8289719742204B90
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/2hM4kQSlmqs0Ht151W_FeIZnNog.roa
Signing time:             Thu 02 Jan 2025 03:49:24 +0000
ROA not before:           Thu 02 Jan 2025 03:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61218
IP address blocks:        2a0e:97c0:4b00::/40 maxlen: 48
                          2a0e:b100:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:e0:32:f7:a0:31:ad:82:89:71:97:42:20:4b:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da13389104a59aab341edd79d56fc57886673688
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c9:7c:4f:87:2e:ea:46:3f:1b:db:ca:c5:fd:
                    93:2c:c2:99:dc:30:ce:e0:90:7b:4f:00:7e:96:fc:
                    74:f9:f0:0a:32:f0:03:f9:e4:05:3d:91:30:d1:97:
                    2a:47:67:b3:16:d4:b1:5c:22:a1:eb:c5:58:b9:93:
                    77:63:ed:4b:8c:5b:64:25:ca:ca:70:b3:39:d6:a0:
                    69:07:69:70:45:24:57:c7:18:6b:04:dd:65:43:9d:
                    d1:af:11:e4:d7:2b:af:7a:4c:83:9b:03:72:e6:b9:
                    14:66:56:e2:84:c0:7e:35:8d:c9:cf:5f:21:7e:48:
                    5d:a7:7a:55:2c:bb:bf:b3:1c:39:90:39:e1:08:eb:
                    ea:57:e0:bc:c7:11:ed:1b:8d:7c:d1:b1:83:04:0b:
                    7f:d8:28:ad:f1:41:6d:bb:c3:9a:fa:e0:7e:9e:a4:
                    c3:50:e4:f4:35:b8:7c:9e:23:98:dc:52:89:36:69:
                    72:89:03:06:c7:ec:17:bb:c1:b5:14:1d:47:7c:28:
                    bb:37:f5:7f:73:9c:12:91:a8:94:7d:ec:61:d9:6e:
                    63:44:0a:e4:80:ab:ec:65:a4:de:6b:6f:fd:57:72:
                    8c:db:e8:b7:2d:6f:c9:e5:9c:e9:cd:cd:9d:c0:04:
                    58:49:b1:93:bb:d4:9e:a9:3d:9f:7e:ec:12:c8:d2:
                    18:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:13:38:91:04:A5:9A:AB:34:1E:DD:79:D5:6F:C5:78:86:67:36:88
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/2hM4kQSlmqs0Ht151W_FeIZnNog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:4b00::/40
                  2a0e:b100:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:6d:f5:c3:1c:2f:b9:71:65:c3:42:a1:81:77:63:c4:98:64:
         06:59:34:ef:55:44:4c:34:89:13:a2:09:eb:db:38:d9:98:a0:
         4e:b2:c2:87:38:f8:11:a1:64:04:49:c5:2a:e6:87:72:95:3c:
         ea:46:ed:0d:98:50:e4:d8:24:8f:d2:4e:50:54:15:a1:a3:be:
         39:ee:90:4f:03:42:bd:78:7a:98:c0:ce:86:8c:60:2f:7a:84:
         d2:b8:e9:78:b5:60:16:bc:28:73:c4:2b:b4:47:17:aa:5f:73:
         42:09:b0:79:ad:0a:a8:b3:f6:89:94:5f:44:f6:b3:8c:57:32:
         6a:c7:43:0b:64:a0:3f:b2:06:c7:8d:68:b5:e5:1f:55:36:ea:
         c6:31:52:29:56:77:52:47:dc:f9:25:50:18:c5:ca:93:3c:e7:
         0d:4c:0e:28:31:8f:9c:2a:81:e3:ea:be:eb:b4:bc:f3:cf:aa:
         a1:c2:7c:b2:7b:6d:04:25:4c:bd:20:52:cf:57:2d:7f:b5:ba:
         f4:67:f1:53:91:16:52:eb:9a:03:01:50:72:8b:3a:5b:9a:3e:
         fe:4f:4e:c1:80:1c:72:73:f4:2a:ba:cb:6c:25:bb:c0:01:71:
         9a:92:5c:33:65:49:bf:ab:cc:f9:10:09:22:c4:c6:47:f8:58:
         ca:f0:0e:44
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZQlIeAy96AxrYKJcZdCIEuQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTEzMzg5MTA0YTU5YWFiMzQxZWRkNzlkNTZmYzU3ODg2NjczNjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMl8T4cu6kY/G9vKxf2TLMKZ3DDO
4JB7TwB+lvx0+fAKMvAD+eQFPZEw0ZcqR2ezFtSxXCKh68VYuZN3Y+1LjFtkJcrK
cLM51qBpB2lwRSRXxxhrBN1lQ53RrxHk1yuvekyDmwNy5rkUZlbihMB+NY3Jz18h
fkhdp3pVLLu/sxw5kDnhCOvqV+C8xxHtG4180bGDBAt/2Cit8UFtu8Oa+uB+nqTD
UOT0Nbh8niOY3FKJNmlyiQMGx+wXu8G1FB1HfCi7N/V/c5wSkaiUfexh2W5jRArk
gKvsZaTea2/9V3KM2+i3LW/J5Zzpzc2dwARYSbGTu9SeqT2ffuwSyNIYOwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFNoTOJEEpZqrNB7dedVvxXiGZzaIMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMmhNNGtRU2xtcXMwSHQxNTFXX0ZlSVpuTm9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYAKg6XwEsD
BwAqDrEAAAEwDQYJKoZIhvcNAQELBQADggEBAHFt9cMcL7lxZcNCoYF3Y8SYZAZZ
NO9VREw0iROiCevbONmYoE6ywoc4+BGhZARJxSrmh3KVPOpG7Q2YUOTYJI/STlBU
FaGjvjnukE8DQr14epjAzoaMYC96hNK46Xi1YBa8KHPEK7RHF6pfc0IJsHmtCqiz
9omUX0T2s4xXMmrHQwtkoD+yBseNaLXlH1U26sYxUilWd1JH3PklUBjFypM85w1M
Digxj5wqgePqvuu0vPPPqqHCfLJ7bQQlTL0gUs9XLX+1uvRn8VORFlLrmgMBUHKL
OluaPv5PTsGAHHJz9Cq6y2wlu8ABcZqSXDNlSb+rzPkQCSLExkf4WMrwDkQ=
-----END CERTIFICATE-----