Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5PQVqO-gh4ODu33TWrYAHNEpSo4.roa
File:                     5PQVqO-gh4ODu33TWrYAHNEpSo4.roa (raw, json)
Hash identifier:          EI7W0bQvcch6vnXZj3TB/1dZl/9pIzwHV01vipGCUk4=
Subject key identifier:   E4:F4:15:A8:EF:A0:87:83:83:BB:7D:D3:5A:B6:00:1C:D1:29:4A:8E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425222012960E8C3284DF9EF90F941444
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5PQVqO-gh4ODu33TWrYAHNEpSo4.roa
Signing time:             Thu 02 Jan 2025 03:49:40 +0000
ROA not before:           Thu 02 Jan 2025 03:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205212
IP address blocks:        2a0e:b107:2a0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:20:12:96:0e:8c:32:84:df:9e:f9:0f:94:14:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e4f415a8efa0878383bb7dd35ab6001cd1294a8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:51:de:74:8d:7a:94:33:18:26:7d:72:a7:4c:
                    89:89:ce:59:eb:5c:8a:b4:f3:3e:24:9e:60:2a:54:
                    47:c0:5a:cd:e8:96:60:5e:7c:d3:0a:20:ed:ce:b6:
                    55:79:0f:ee:bb:bf:65:76:80:9e:a4:6b:97:99:75:
                    69:54:29:f5:78:42:b9:db:39:21:08:ce:71:fb:2e:
                    86:47:15:8e:be:72:31:53:a7:44:99:2e:f9:bb:d0:
                    43:74:64:e7:eb:b7:e2:6f:34:91:38:06:53:07:63:
                    49:0e:61:68:df:67:78:c0:1c:13:78:95:14:c8:2e:
                    e1:d0:4f:5a:c7:29:81:fc:ea:51:7f:3e:79:f5:65:
                    e0:4b:87:3e:3c:5e:81:f3:95:ea:66:61:73:1f:66:
                    71:60:41:99:b7:5c:0e:75:75:5c:01:d7:b9:e8:3d:
                    20:5e:01:10:f1:a5:6a:30:42:65:52:41:12:7f:65:
                    bd:66:5a:51:9d:f6:f6:55:b4:d6:c9:6b:19:48:7f:
                    16:e6:3b:ed:71:da:ac:d8:2c:7d:94:89:9b:4f:41:
                    74:5c:41:15:23:7c:88:8b:fe:23:01:de:e4:16:1d:
                    2a:5f:6f:8a:ca:48:e0:38:f2:1f:05:26:5d:5c:5a:
                    82:91:2f:a7:42:0d:c1:ca:fc:13:7f:42:ea:9d:ec:
                    32:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:F4:15:A8:EF:A0:87:83:83:BB:7D:D3:5A:B6:00:1C:D1:29:4A:8E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5PQVqO-gh4ODu33TWrYAHNEpSo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:2a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6d:65:d6:5d:9c:15:88:36:a1:a4:20:b1:c8:8c:a0:3a:e6:93:
         5a:85:ae:4d:e5:1b:b6:c7:00:64:f1:de:ba:77:be:13:6e:d6:
         72:58:a0:5a:0e:8d:08:0f:a8:6f:3e:b3:df:a5:08:13:a9:03:
         77:08:6b:68:ac:3a:f1:4c:1f:1c:18:dc:2a:f2:d4:a3:df:3d:
         27:7d:42:6c:4d:9b:00:0f:49:b2:dd:2b:dc:1f:24:dc:ed:15:
         8f:e3:cf:4a:53:de:eb:72:c4:c8:a3:ca:fd:0a:a0:b4:4a:a5:
         e6:b0:c5:4c:3d:6b:38:14:5d:92:1d:6e:c7:17:20:56:ca:6d:
         09:b4:86:7a:27:b6:b5:17:1f:8d:21:62:e0:d4:ee:90:21:0e:
         3e:78:3f:9c:1f:8a:33:b7:8a:46:ca:b3:9d:07:13:f2:5a:25:
         d8:02:f6:81:10:96:9e:78:0c:34:26:da:c8:7f:8e:d6:f9:c9:
         6d:bd:22:d0:47:ab:01:56:80:2c:1a:38:4e:46:54:b8:56:18:
         50:ea:02:21:67:a7:ce:b0:2d:2d:db:08:1b:16:4b:97:36:64:
         29:d0:78:96:e3:f3:4a:9a:26:bc:a0:32:a6:63:31:9d:73:6a:
         d3:70:e5:e8:23:5f:47:ba:60:67:80:bf:97:4a:88:fe:dc:ff:
         d0:a3:49:e4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIiASlg6MMoTfnvkPlBREMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGY0MTVhOGVmYTA4NzgzODNiYjdkZDM1YWI2MDAxY2QxMjk0YThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0VHedI16lDMYJn1yp0yJic5Z61yK
tPM+JJ5gKlRHwFrN6JZgXnzTCiDtzrZVeQ/uu79ldoCepGuXmXVpVCn1eEK52zkh
CM5x+y6GRxWOvnIxU6dEmS75u9BDdGTn67fibzSROAZTB2NJDmFo32d4wBwTeJUU
yC7h0E9axymB/OpRfz559WXgS4c+PF6B85XqZmFzH2ZxYEGZt1wOdXVcAde56D0g
XgEQ8aVqMEJlUkESf2W9ZlpRnfb2VbTWyWsZSH8W5jvtcdqs2Cx9lImbT0F0XEEV
I3yIi/4jAd7kFh0qX2+KykjgOPIfBSZdXFqCkS+nQg3ByvwTf0Lqnewy3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOT0FajvoIeDg7t901q2ABzRKUqOMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNVBRVnFPLWdoNE9EdTMzVFdyWUFITkVwU280LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBwKg
MA0GCSqGSIb3DQEBCwUAA4IBAQBtZdZdnBWINqGkILHIjKA65pNaha5N5Ru2xwBk
8d66d74TbtZyWKBaDo0ID6hvPrPfpQgTqQN3CGtorDrxTB8cGNwq8tSj3z0nfUJs
TZsAD0my3SvcHyTc7RWP489KU97rcsTIo8r9CqC0SqXmsMVMPWs4FF2SHW7HFyBW
ym0JtIZ6J7a1Fx+NIWLg1O6QIQ4+eD+cH4ozt4pGyrOdBxPyWiXYAvaBEJaeeAw0
JtrIf47W+cltvSLQR6sBVoAsGjhORlS4VhhQ6gIhZ6fOsC0t2wgbFkuXNmQp0HiW
4/NKmia8oDKmYzGdc2rTcOXoI19HumBngL+XSoj+3P/Qo0nk
-----END CERTIFICATE-----