Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5AalgPpuIZHCCEFqIMQx2MpzMSc.roa
File:                     5AalgPpuIZHCCEFqIMQx2MpzMSc.roa (raw, json)
Hash identifier:          dlwe8/49akJ21TKqXkBM+WYJPadNMI6yijV/h2wOx1w=
Subject key identifier:   E4:06:A5:80:FA:6E:21:91:C2:08:41:6A:20:C4:31:D8:CA:73:31:27
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425220EF15C1AE10D8C9DF50AB9672086
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5AalgPpuIZHCCEFqIMQx2MpzMSc.roa
Signing time:             Thu 02 Jan 2025 03:49:36 +0000
ROA not before:           Thu 02 Jan 2025 03:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203074
IP address blocks:        2a0e:97c0:4b0::/48 maxlen: 48
                          2a0e:97c0:4b1::/48 maxlen: 48
                          2a0e:97c0:4b2::/48 maxlen: 48
                          2a0e:97c0:4b3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:0e:f1:5c:1a:e1:0d:8c:9d:f5:0a:b9:67:20:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e406a580fa6e2191c208416a20c431d8ca733127
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:1a:89:0a:18:03:1f:d8:f3:1b:42:48:8b:19:
                    eb:69:8d:6b:b7:54:8f:ef:6f:85:90:b4:47:10:92:
                    63:7c:3f:e6:0e:df:04:f1:a8:f2:c0:d3:cd:02:fe:
                    fa:f5:85:fa:d7:f6:6d:c1:86:6c:ff:cc:d5:ca:57:
                    08:5e:0e:40:33:39:fb:b3:ee:99:46:3f:37:ff:6d:
                    e8:cb:10:a5:91:97:5e:6e:15:c4:73:35:ea:80:8d:
                    6a:91:b0:4b:33:95:00:44:7e:dd:de:10:f6:fd:08:
                    4a:0a:43:43:19:d9:2b:d9:a1:3c:3b:ec:ab:0d:ce:
                    5d:5d:87:ea:25:b7:e7:60:c7:f6:71:c4:3a:f8:34:
                    b7:c6:93:71:ea:1e:e8:bf:aa:4d:21:7a:ef:9b:f2:
                    1d:bc:f0:60:a2:c7:1a:51:74:42:93:81:df:2e:dc:
                    50:f6:22:f3:18:5a:f3:99:b9:9e:0b:e4:c9:71:c7:
                    d0:8a:bf:2c:77:40:23:6b:c7:1a:c8:89:e3:68:e2:
                    8a:f1:3d:c2:16:36:cc:2d:4e:5f:bd:d9:8c:69:18:
                    58:7b:51:3b:11:75:8b:11:74:70:5c:a7:b6:ea:55:
                    69:90:c9:9f:cb:b1:44:64:af:00:0b:be:de:76:fd:
                    05:51:5a:52:31:4b:ba:86:a4:5f:48:f3:3b:7b:ba:
                    df:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:06:A5:80:FA:6E:21:91:C2:08:41:6A:20:C4:31:D8:CA:73:31:27
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5AalgPpuIZHCCEFqIMQx2MpzMSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:4b0::/46

    Signature Algorithm: sha256WithRSAEncryption
         26:dd:76:de:52:18:7d:b1:50:b5:1e:97:1a:7d:f4:9d:3b:fe:
         95:ce:ce:a0:2b:90:e6:ba:ce:a1:a6:08:03:d3:b3:df:52:8b:
         48:12:d3:ae:3a:ba:a7:75:b9:d8:59:04:6a:39:c8:47:60:2e:
         7b:51:78:da:59:2d:42:54:b3:15:16:f2:ea:a6:8d:d0:bd:fe:
         35:9e:ae:dd:a4:44:61:28:9b:ea:40:c9:e1:d8:49:a2:1f:3f:
         8e:ee:3e:b4:0d:e6:3f:1b:43:44:68:d3:59:7a:14:cb:84:16:
         e1:93:3e:66:43:31:ba:a8:ea:29:ca:84:c4:6b:61:75:c5:be:
         1f:5b:e9:69:5f:0f:51:9d:e2:85:34:e4:69:a7:9a:e8:29:88:
         95:dc:2a:f7:13:6e:e0:60:c0:73:46:be:86:c5:77:12:a5:f4:
         37:8b:2a:f5:ab:33:6b:48:49:6f:86:cb:dd:0b:39:d1:ff:76:
         1f:e0:82:f0:d7:e3:a6:fe:52:48:3f:9f:9b:0b:cd:94:b4:8f:
         c4:fc:75:f2:af:5b:bf:5e:ec:fc:b7:79:24:21:55:71:0b:a3:
         fe:ed:9d:59:f5:79:3a:60:95:20:e8:83:1d:93:94:0f:f4:e9:
         20:a7:bd:73:cc:f6:4e:14:e3:b1:39:5b:10:19:e2:29:aa:ed:
         77:bb:7a:99
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIg7xXBrhDYyd9Qq5ZyCGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDA2YTU4MGZhNmUyMTkxYzIwODQxNmEyMGM0MzFkOGNhNzMzMTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhqJChgDH9jzG0JIixnraY1rt1SP
72+FkLRHEJJjfD/mDt8E8ajywNPNAv769YX61/ZtwYZs/8zVylcIXg5AMzn7s+6Z
Rj83/23oyxClkZdebhXEczXqgI1qkbBLM5UARH7d3hD2/QhKCkNDGdkr2aE8O+yr
Dc5dXYfqJbfnYMf2ccQ6+DS3xpNx6h7ov6pNIXrvm/IdvPBgoscaUXRCk4HfLtxQ
9iLzGFrzmbmeC+TJccfQir8sd0Aja8cayInjaOKK8T3CFjbMLU5fvdmMaRhYe1E7
EXWLEXRwXKe26lVpkMmfy7FEZK8AC77edv0FUVpSMUu6hqRfSPM7e7rfCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOQGpYD6biGRwghBaiDEMdjKczEnMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNUFhbGdQcHVJWkhDQ0VGcUlNUXgyTXB6TVNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKg6XwASw
MA0GCSqGSIb3DQEBCwUAA4IBAQAm3XbeUhh9sVC1HpcaffSdO/6Vzs6gK5Dmus6h
pggD07PfUotIEtOuOrqndbnYWQRqOchHYC57UXjaWS1CVLMVFvLqpo3Qvf41nq7d
pERhKJvqQMnh2EmiHz+O7j60DeY/G0NEaNNZehTLhBbhkz5mQzG6qOopyoTEa2F1
xb4fW+lpXw9RneKFNORpp5roKYiV3Cr3E27gYMBzRr6GxXcSpfQ3iyr1qzNrSElv
hsvdCznR/3Yf4ILw1+Om/lJIP5+bC82UtI/E/HXyr1u/Xuz8t3kkIVVxC6P+7Z1Z
9Xk6YJUg6IMdk5QP9Okgp71zzPZOFOOxOVsQGeIpqu13u3qZ
-----END CERTIFICATE-----