Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3CIroKs-Vw30anXIvCeVDyIuHvg.roa
File:                     3CIroKs-Vw30anXIvCeVDyIuHvg.roa (raw, json)
Hash identifier:          3inVeU74PF/NpDEIE/j0zIa0kXL/JXtdiJwsL4R5Uk0=
Subject key identifier:   DC:22:2B:A0:AB:3E:57:0D:F4:6A:75:C8:BC:27:95:0F:22:2E:1E:F8
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521FFDE7D505D51AFBE59B3D8E4FB27
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3CIroKs-Vw30anXIvCeVDyIuHvg.roa
Signing time:             Thu 02 Jan 2025 03:49:32 +0000
ROA not before:           Thu 02 Jan 2025 03:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200730
IP address blocks:        2a0e:b107:1fc0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ff:de:7d:50:5d:51:af:be:59:b3:d8:e4:fb:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc222ba0ab3e570df46a75c8bc27950f222e1ef8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:11:40:f6:c3:3d:db:bc:93:75:4b:38:b2:eb:
                    a6:6b:e9:08:d9:ff:36:90:bf:bb:ce:4d:6e:f8:6c:
                    fd:0c:53:01:04:1c:7a:3d:63:81:81:e6:d8:4c:36:
                    d1:4b:ae:62:ab:11:b7:c1:55:84:19:4f:01:0c:f6:
                    88:80:a2:92:92:49:8e:de:b1:a0:16:42:13:4b:01:
                    e3:75:16:d4:27:0c:31:cc:77:39:d9:9a:dc:d5:11:
                    83:dc:a6:9b:b8:93:68:aa:dc:8f:ce:d7:35:13:72:
                    43:76:5c:df:44:6b:0e:ec:68:ee:dd:8b:92:06:2d:
                    12:a8:bb:5c:75:1f:91:65:0d:08:7e:9f:59:be:10:
                    62:29:b8:6c:10:b3:8d:8b:d7:27:66:27:21:cc:32:
                    a6:dc:ff:cd:17:20:16:00:22:76:ae:9b:70:3a:da:
                    b1:b1:0a:62:11:08:24:cf:5f:19:14:09:b7:18:a8:
                    df:26:66:4c:fc:2b:8a:28:10:02:8f:f3:9e:d5:3e:
                    df:d0:ca:c4:0a:30:a0:f5:7a:fd:70:99:5b:a8:6b:
                    45:ce:65:71:2f:9e:fb:f2:fe:2e:a1:da:2f:ed:5e:
                    9b:1f:93:3a:e3:71:4e:53:41:76:35:49:e6:54:e0:
                    07:7f:07:ac:90:96:77:20:55:84:8e:4a:70:8f:7c:
                    9e:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:22:2B:A0:AB:3E:57:0D:F4:6A:75:C8:BC:27:95:0F:22:2E:1E:F8
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3CIroKs-Vw30anXIvCeVDyIuHvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1fc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         21:f6:82:c5:97:40:ad:fc:9e:8d:db:3b:e7:d9:0c:43:76:3f:
         54:a6:5f:aa:d3:5a:0c:cf:d3:f7:01:c8:b8:d3:47:7a:41:ba:
         15:52:03:e4:03:e3:94:c9:b1:c1:e9:35:b8:0b:19:58:ee:6a:
         27:a2:15:c2:eb:cf:ad:66:ba:af:62:94:5c:a3:54:ef:7d:1e:
         5b:a8:35:5e:9e:da:3f:29:8a:25:b9:6a:4b:d5:11:f4:ed:c7:
         41:3b:e6:67:93:64:7c:d3:d5:6b:07:26:4e:6e:3d:ed:1b:07:
         fd:c4:4b:e3:1c:ad:76:61:3b:56:37:b6:a9:b1:ae:41:d7:a2:
         42:ad:f0:8e:c3:9b:a9:38:76:ce:5a:84:0c:e1:d8:74:2b:83:
         9b:23:fb:cf:63:6f:fd:e0:1e:ec:7f:7d:51:0a:56:ff:26:8d:
         67:6c:ab:45:20:a6:0c:ab:85:88:72:4c:7b:f4:ed:79:7c:5f:
         98:1c:3b:60:97:11:ca:a5:c7:53:60:dd:d5:9d:12:18:f6:9f:
         5c:e7:2c:f4:87:b2:4d:01:57:46:a3:e4:51:06:89:e1:a1:41:
         36:b9:ba:58:b0:6a:66:fb:17:72:6f:0b:07:8e:30:84:36:78:
         e6:66:53:07:26:69:2d:87:ff:68:ca:4a:10:9b:1f:e8:90:88:
         8a:73:a0:d8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIf/efVBdUa++WbPY5PsnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzIyMmJhMGFiM2U1NzBkZjQ2YTc1YzhiYzI3OTUwZjIyMmUxZWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1BFA9sM927yTdUs4suuma+kI2f82
kL+7zk1u+Gz9DFMBBBx6PWOBgebYTDbRS65iqxG3wVWEGU8BDPaIgKKSkkmO3rGg
FkITSwHjdRbUJwwxzHc52Zrc1RGD3KabuJNoqtyPztc1E3JDdlzfRGsO7Gju3YuS
Bi0SqLtcdR+RZQ0Ifp9ZvhBiKbhsELONi9cnZichzDKm3P/NFyAWACJ2rptwOtqx
sQpiEQgkz18ZFAm3GKjfJmZM/CuKKBACj/Oe1T7f0MrECjCg9Xr9cJlbqGtFzmVx
L5778v4uodov7V6bH5M643FOU0F2NUnmVOAHfweskJZ3IFWEjkpwj3yeewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNwiK6CrPlcN9Gp1yLwnlQ8iLh74MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvM0NJcm9Lcy1WdzMwYW5YSXZDZVZEeUl1SHZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBx/A
MA0GCSqGSIb3DQEBCwUAA4IBAQAh9oLFl0Ct/J6N2zvn2QxDdj9Upl+q01oMz9P3
Aci400d6QboVUgPkA+OUybHB6TW4CxlY7monohXC68+tZrqvYpRco1TvfR5bqDVe
nto/KYoluWpL1RH07cdBO+Znk2R809VrByZObj3tGwf9xEvjHK12YTtWN7apsa5B
16JCrfCOw5upOHbOWoQM4dh0K4ObI/vPY2/94B7sf31RClb/Jo1nbKtFIKYMq4WI
ckx79O15fF+YHDtglxHKpcdTYN3VnRIY9p9c5yz0h7JNAVdGo+RRBonhoUE2ubpY
sGpm+xdybwsHjjCENnjmZlMHJmkth/9oykoQmx/okIiKc6DY
-----END CERTIFICATE-----