Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/4glFstmHaGWnycQS1ry1VZougTQ.roa
File:                     4glFstmHaGWnycQS1ry1VZougTQ.roa (raw, json)
Hash identifier:          15qj7Iwywo7xioRo6W/b0OCbtI6mxF8CFkuJK3hQsy8=
Subject key identifier:   E2:09:45:B2:D9:87:68:65:A7:C9:C4:12:D6:BC:B5:55:9A:2E:81:34
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019A6E55589C6FF01B7F7B700F26071076B0
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/4glFstmHaGWnycQS1ry1VZougTQ.roa
Signing time:             Mon 10 Nov 2025 15:14:38 +0000
ROA not before:           Mon 10 Nov 2025 15:14:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63473
IP address blocks:        2a10:ccc3:ccc0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Nov 2025 14:56:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:6e:55:58:9c:6f:f0:1b:7f:7b:70:0f:26:07:10:76:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Nov 10 15:14:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e20945b2d9876865a7c9c412d6bcb5559a2e8134
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:67:aa:ea:1d:f1:4d:51:2d:ba:db:ef:5b:cc:
                    2f:ed:ba:4e:34:81:08:8a:4e:f8:3d:cb:6d:9e:e5:
                    06:ba:1c:bd:d0:3c:4d:d2:1c:89:5c:90:71:1f:e1:
                    8a:d5:a3:df:68:eb:f9:a2:99:e0:28:02:92:1f:41:
                    cd:0c:a6:e4:94:27:7b:ed:40:bb:e7:09:a2:c7:5f:
                    1d:43:5f:19:84:37:f5:db:88:d7:97:61:d1:5d:18:
                    1e:14:d0:12:94:c3:b7:30:e6:ae:14:a6:47:48:a6:
                    a6:7a:36:5d:1f:35:01:a9:cd:b8:bb:90:8b:8c:3c:
                    3e:1e:ba:f2:d4:a4:4b:f3:35:81:7b:a0:86:c6:a7:
                    b1:7d:a2:84:ac:9d:c3:d1:44:f2:de:12:35:79:d1:
                    1f:c3:ae:e1:83:3c:8f:cf:b8:e4:c7:82:ba:98:26:
                    9f:47:d9:46:80:3d:14:5c:a1:7a:9d:c5:ef:35:99:
                    94:83:d9:c3:84:8e:49:ca:e8:0c:07:1c:5f:d6:12:
                    ea:4b:d4:0f:e9:d6:4f:89:21:29:3b:65:4e:83:48:
                    11:4f:31:65:25:29:66:d4:d8:c3:4b:15:a0:f0:e8:
                    38:f5:ac:f0:fb:f7:e4:3c:44:11:eb:38:d0:fc:58:
                    4e:fc:9c:98:d1:41:53:d8:c5:0f:a1:9e:26:17:ec:
                    4e:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:09:45:B2:D9:87:68:65:A7:C9:C4:12:D6:BC:B5:55:9A:2E:81:34
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/4glFstmHaGWnycQS1ry1VZougTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc3:ccc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         22:2b:46:ef:25:d2:67:ab:ce:66:a1:37:ef:29:39:a0:d9:13:
         58:6d:fa:01:2e:d0:05:48:20:2c:82:36:4b:68:38:7a:1c:9d:
         bb:37:23:8f:0e:8f:f1:c2:eb:92:76:1c:c8:a1:6d:e8:3b:da:
         36:ba:99:70:bc:e2:87:35:a0:0d:ce:d3:73:99:1f:2e:27:22:
         8e:36:9d:df:3e:2c:7e:af:87:d3:a7:b2:5f:d2:2a:30:74:ed:
         b5:f3:f1:21:c3:7d:6e:46:3d:b9:6d:82:0a:bd:93:32:3b:3a:
         26:ea:26:ec:01:e2:33:12:a1:f8:61:98:77:93:ad:de:a8:27:
         1b:4b:c4:2e:7d:d9:b4:a1:2a:28:fa:cb:99:d7:c6:bb:7e:21:
         e5:1f:f6:b5:19:b4:d2:d5:2b:5f:60:59:57:e4:ec:3c:af:ca:
         8f:8d:3c:79:dc:4d:13:19:64:ae:3f:52:b6:57:a0:c0:1b:43:
         cf:14:27:15:69:00:38:84:be:04:b5:48:f8:e6:e6:a8:38:65:
         27:58:2d:81:29:4a:3b:31:e0:de:70:07:5a:c5:2a:4a:60:c3:
         18:4e:a7:87:5d:85:8b:65:c6:1a:e1:ae:27:a2:2b:83:6c:b9:
         e0:c7:5b:02:55:4d:ef:16:b9:04:ee:ab:19:1f:ab:fa:4e:47:
         46:c8:ca:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZpuVVicb/Abf3twDyYHEHawMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUxMTEwMTUxNDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjA5NDViMmQ5ODc2ODY1YTdjOWM0MTJkNmJjYjU1NTlhMmU4MTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGeq6h3xTVEtutvvW8wv7bpONIEI
ik74PcttnuUGuhy90DxN0hyJXJBxH+GK1aPfaOv5opngKAKSH0HNDKbklCd77UC7
5wmix18dQ18ZhDf124jXl2HRXRgeFNASlMO3MOauFKZHSKamejZdHzUBqc24u5CL
jDw+Hrry1KRL8zWBe6CGxqexfaKErJ3D0UTy3hI1edEfw67hgzyPz7jkx4K6mCaf
R9lGgD0UXKF6ncXvNZmUg9nDhI5JyugMBxxf1hLqS9QP6dZPiSEpO2VOg0gRTzFl
JSlm1NjDSxWg8Og49azw+/fkPEQR6zjQ/FhO/JyY0UFT2MUPoZ4mF+xO9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOIJRbLZh2hlp8nEEta8tVWaLoE0MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNGdsRnN0bUhhR1dueWNRUzFyeTFWWm91Z1RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhDMw8zA
MA0GCSqGSIb3DQEBCwUAA4IBAQAiK0bvJdJnq85moTfvKTmg2RNYbfoBLtAFSCAs
gjZLaDh6HJ27NyOPDo/xwuuSdhzIoW3oO9o2uplwvOKHNaANztNzmR8uJyKONp3f
Pix+r4fTp7Jf0iowdO218/Ehw31uRj25bYIKvZMyOzom6ibsAeIzEqH4YZh3k63e
qCcbS8Qufdm0oSoo+suZ18a7fiHlH/a1GbTS1StfYFlX5Ow8r8qPjTx53E0TGWSu
P1K2V6DAG0PPFCcVaQA4hL4EtUj45uaoOGUnWC2BKUo7MeDecAdaxSpKYMMYTqeH
XYWLZcYa4a4noiuDbLngx1sCVU3vFrkE7qsZH6v6TkdGyMow
-----END CERTIFICATE-----