Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3b_2uKJDnwg1ARbbZVOrIlOzU7Q.roa
File:                     3b_2uKJDnwg1ARbbZVOrIlOzU7Q.roa (raw, json)
Hash identifier:          u21qgInX8Y2VLWW33u8qmuANUP+OzMN7Dvj/DgM86m4=
Subject key identifier:   DD:BF:F6:B8:A2:43:9F:08:35:01:16:DB:65:53:AB:22:53:B3:53:B4
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521F1130D2214C3E9A4734557981072
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3b_2uKJDnwg1ARbbZVOrIlOzU7Q.roa
Signing time:             Thu 02 Jan 2025 03:49:28 +0000
ROA not before:           Thu 02 Jan 2025 03:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197469
IP address blocks:        2a0e:97c0:b50::/44 maxlen: 48
                          2a0e:97c0:b50::/48 maxlen: 48
                          2a0e:97c0:b51::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:f1:13:0d:22:14:c3:e9:a4:73:45:57:98:10:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ddbff6b8a2439f08350116db6553ab2253b353b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:6e:05:f3:0a:d5:d9:60:75:81:dc:ec:64:8d:
                    43:19:a5:97:71:94:67:70:59:58:05:1f:ef:26:b5:
                    99:05:2f:78:b3:bb:ed:66:15:dd:de:8d:09:06:9a:
                    75:f8:5d:d0:b6:1d:8a:cd:9d:bd:2f:50:19:64:80:
                    f4:1b:cb:07:ed:3e:a2:7a:fa:8d:21:39:b8:0c:a8:
                    70:ed:0e:f6:66:00:f5:8d:76:0b:fc:ce:b3:a7:5c:
                    22:ca:00:0f:b5:f8:0f:b4:36:60:d0:54:cd:25:84:
                    9e:b5:d6:5e:a2:cb:f6:c9:e3:c2:de:8f:36:ce:3a:
                    77:45:49:37:ab:59:7d:ed:61:c6:a6:bc:18:05:65:
                    08:33:bd:e6:3f:b0:41:d9:96:ec:6f:b1:39:30:62:
                    8c:24:de:eb:aa:60:cc:ac:2d:67:65:a7:54:ce:7c:
                    7d:83:f7:62:ab:c6:91:4e:1f:12:9d:5f:1b:2e:e2:
                    9b:c0:77:f2:96:15:85:cc:2b:3d:ae:fb:25:0f:ab:
                    69:e7:08:35:2d:81:30:0d:36:32:89:b0:35:16:0f:
                    4d:1d:05:cf:fb:2a:f7:68:83:74:ad:07:8b:11:dc:
                    40:c7:59:0c:95:b3:7f:ed:fc:46:31:cf:d1:fc:48:
                    7e:25:c0:73:0b:5e:e6:66:1f:78:c6:d5:f0:36:43:
                    ad:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:BF:F6:B8:A2:43:9F:08:35:01:16:DB:65:53:AB:22:53:B3:53:B4
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3b_2uKJDnwg1ARbbZVOrIlOzU7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:b50::/44

    Signature Algorithm: sha256WithRSAEncryption
         6e:83:54:b2:38:9b:29:ce:62:16:3c:f8:9e:fc:6b:18:52:2c:
         28:95:8e:e5:20:fe:5b:62:cc:de:52:36:7e:aa:22:43:c0:a3:
         38:7f:e3:57:bc:21:e6:74:a1:12:25:fc:3f:4a:86:24:8d:71:
         69:7f:d5:9a:dd:b5:56:2a:99:4e:2b:d4:4c:34:cf:10:f4:a6:
         f3:87:be:f1:2f:63:5a:e9:12:e4:16:9a:86:0d:6b:12:fe:0b:
         41:35:5d:2a:41:9d:b5:58:df:2f:63:33:95:aa:4e:d3:9b:06:
         01:6f:c3:8b:d9:7f:2d:45:d0:73:55:5e:43:fc:82:a0:be:bd:
         56:b8:82:58:03:4b:72:57:a6:f6:54:f9:7a:cc:1f:f6:fc:3f:
         bb:3b:62:36:52:83:d3:bb:4f:e6:cd:02:5d:08:2f:69:1a:c6:
         df:00:67:79:82:4f:9b:aa:2f:3c:e4:64:db:38:cf:0d:e8:89:
         17:98:8e:d3:27:e0:82:f8:a4:0f:7b:e6:08:70:41:28:eb:4e:
         7d:e4:aa:76:b6:90:46:6a:77:0e:24:03:d4:58:a3:a8:ef:24:
         ef:b4:a8:c0:d0:2a:a3:bd:86:7c:b4:7e:d8:bf:17:12:c1:13:
         fb:cd:85:57:32:e7:10:10:5b:fa:79:42:1e:58:3d:de:03:ff:
         04:30:72:75
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIfETDSIUw+mkc0VXmBByMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGJmZjZiOGEyNDM5ZjA4MzUwMTE2ZGI2NTUzYWIyMjUzYjM1M2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApG4F8wrV2WB1gdzsZI1DGaWXcZRn
cFlYBR/vJrWZBS94s7vtZhXd3o0JBpp1+F3Qth2KzZ29L1AZZID0G8sH7T6ievqN
ITm4DKhw7Q72ZgD1jXYL/M6zp1wiygAPtfgPtDZg0FTNJYSetdZeosv2yePC3o82
zjp3RUk3q1l97WHGprwYBWUIM73mP7BB2Zbsb7E5MGKMJN7rqmDMrC1nZadUznx9
g/diq8aRTh8SnV8bLuKbwHfylhWFzCs9rvslD6tp5wg1LYEwDTYyibA1Fg9NHQXP
+yr3aIN0rQeLEdxAx1kMlbN/7fxGMc/R/Eh+JcBzC17mZh94xtXwNkOtcQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN2/9riiQ58INQEW22VTqyJTs1O0MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvM2JfMnVLSkRud2cxQVJiYlpWT3JJbE96VTdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAtQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBug1SyOJspzmIWPPie/GsYUiwolY7lIP5bYsze
UjZ+qiJDwKM4f+NXvCHmdKESJfw/SoYkjXFpf9Wa3bVWKplOK9RMNM8Q9Kbzh77x
L2Na6RLkFpqGDWsS/gtBNV0qQZ21WN8vYzOVqk7TmwYBb8OL2X8tRdBzVV5D/IKg
vr1WuIJYA0tyV6b2VPl6zB/2/D+7O2I2UoPTu0/mzQJdCC9pGsbfAGd5gk+bqi88
5GTbOM8N6IkXmI7TJ+CC+KQPe+YIcEEo60595Kp2tpBGancOJAPUWKOo7yTvtKjA
0CqjvYZ8tH7YvxcSwRP7zYVXMucQEFv6eUIeWD3eA/8EMHJ1
-----END CERTIFICATE-----