Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5Qm5D8mXffswl3c0OvB59KjeXOE.roa
File:                     5Qm5D8mXffswl3c0OvB59KjeXOE.roa (raw, json)
Hash identifier:          GqJubbQ5Q3fzPu+2IYUISmJ85QivFU8ie0dtuxJ43f0=
Subject key identifier:   E5:09:B9:0F:C9:97:7D:FB:30:97:77:34:3A:F0:79:F4:A8:DE:5C:E1
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521FB9CDCB51F11E3C66DDE07BBB429
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5Qm5D8mXffswl3c0OvB59KjeXOE.roa
Signing time:             Thu 02 Jan 2025 03:49:31 +0000
ROA not before:           Thu 02 Jan 2025 03:49:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199518
IP address blocks:        2a0e:b107:b14::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:fb:9c:dc:b5:1f:11:e3:c6:6d:de:07:bb:b4:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e509b90fc9977dfb309777343af079f4a8de5ce1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e2:9d:5b:a9:bf:12:39:d1:06:96:e2:09:66:
                    b4:f6:d3:cf:d4:21:79:eb:09:16:1b:c7:3b:94:8e:
                    87:8d:af:f1:14:cc:72:01:0c:9f:e2:fa:24:a0:a1:
                    26:9c:ce:2e:c8:b2:66:2c:82:20:6c:d5:b8:8c:ef:
                    53:85:af:36:d3:e4:0d:39:ed:83:9c:47:eb:c8:68:
                    ce:dc:4e:a2:6e:64:0d:33:50:c5:a8:c5:77:25:1a:
                    44:cd:42:d1:4a:1c:ca:77:a0:22:34:ca:46:84:4b:
                    04:01:80:aa:4d:17:59:06:5a:a1:c7:b3:a4:12:94:
                    b9:0e:e7:7e:7e:b5:43:18:e3:f4:78:4c:98:9a:a4:
                    6e:b0:3d:00:af:08:bd:11:d6:f4:e9:8c:08:6e:2b:
                    72:3b:93:58:87:26:cd:78:e6:b2:c7:e6:78:f0:26:
                    c7:01:e5:d4:9a:3d:03:69:6c:fe:cd:fc:fe:7d:42:
                    80:1b:e3:fb:36:e4:21:46:5b:36:5f:74:0b:5e:cd:
                    93:cd:10:aa:a1:a0:98:65:ae:17:3c:ee:76:3a:5b:
                    d8:03:c6:48:63:31:68:92:3c:b4:16:33:7e:6e:36:
                    c4:96:91:32:85:6a:67:e2:3b:8e:53:75:be:f7:97:
                    8a:0f:d4:48:20:38:fd:db:ed:3a:b1:4d:41:81:63:
                    3d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:09:B9:0F:C9:97:7D:FB:30:97:77:34:3A:F0:79:F4:A8:DE:5C:E1
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5Qm5D8mXffswl3c0OvB59KjeXOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:b14::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:37:70:db:cd:1a:7b:fc:66:6a:ee:4f:d7:76:6b:b3:cb:0a:
         19:ad:74:4c:bf:26:47:f5:07:1d:91:49:63:44:1c:24:9f:1b:
         3c:98:53:86:39:73:a0:ec:8c:dc:03:d4:98:b3:70:27:b7:f8:
         02:4e:eb:93:33:c5:38:99:2b:47:d1:4b:91:47:18:f2:7b:3c:
         4e:e4:f6:90:d5:d2:39:b5:8e:e4:55:b6:87:0c:f9:f2:99:30:
         50:b0:5d:f4:61:2b:d8:9b:98:7f:5b:b8:97:76:ca:d1:0f:7d:
         80:d8:7b:a0:e7:5d:37:b6:f6:dc:e0:f4:c9:03:51:cf:b9:c4:
         0b:fb:03:fa:ed:ed:e9:c6:f5:da:46:08:6b:d7:90:ce:74:ee:
         61:2a:64:4e:88:50:dc:55:74:dc:46:4d:35:7e:d6:2f:13:57:
         19:58:52:b5:1a:74:84:85:47:e4:bb:3a:c5:a1:1a:94:34:f9:
         4b:5a:ec:2f:06:af:75:8e:17:24:b6:4e:5a:da:3e:16:22:1d:
         a0:4f:82:02:31:bc:a0:25:d7:a5:7e:6f:47:71:32:4a:8b:8b:
         88:42:23:82:0f:99:fa:a2:2a:4b:ef:7b:e0:29:9c:d9:19:8b:
         9e:5a:45:46:4d:b4:2a:79:09:51:93:9e:e3:34:83:82:ac:22:
         b1:5b:14:ae
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIfuc3LUfEePGbd4Hu7QpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTA5YjkwZmM5OTc3ZGZiMzA5Nzc3MzQzYWYwNzlmNGE4ZGU1Y2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuKdW6m/EjnRBpbiCWa09tPP1CF5
6wkWG8c7lI6Hja/xFMxyAQyf4vokoKEmnM4uyLJmLIIgbNW4jO9Tha820+QNOe2D
nEfryGjO3E6ibmQNM1DFqMV3JRpEzULRShzKd6AiNMpGhEsEAYCqTRdZBlqhx7Ok
EpS5Dud+frVDGOP0eEyYmqRusD0Arwi9Edb06YwIbityO5NYhybNeOayx+Z48CbH
AeXUmj0DaWz+zfz+fUKAG+P7NuQhRls2X3QLXs2TzRCqoaCYZa4XPO52OlvYA8ZI
YzFokjy0FjN+bjbElpEyhWpn4juOU3W+95eKD9RIIDj92+06sU1BgWM9IwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOUJuQ/Jl337MJd3NDrwefSo3lzhMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNVFtNUQ4bVhmZnN3bDNjME92QjU5S2plWE9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBwsU
MA0GCSqGSIb3DQEBCwUAA4IBAQByN3DbzRp7/GZq7k/XdmuzywoZrXRMvyZH9Qcd
kUljRBwknxs8mFOGOXOg7IzcA9SYs3Ant/gCTuuTM8U4mStH0UuRRxjyezxO5PaQ
1dI5tY7kVbaHDPnymTBQsF30YSvYm5h/W7iXdsrRD32A2Hug5103tvbc4PTJA1HP
ucQL+wP67e3pxvXaRghr15DOdO5hKmROiFDcVXTcRk01ftYvE1cZWFK1GnSEhUfk
uzrFoRqUNPlLWuwvBq91jhcktk5a2j4WIh2gT4ICMbygJdelfm9HcTJKi4uIQiOC
D5n6oipL73vgKZzZGYueWkVGTbQqeQlRk57jNIOCrCKxWxSu
-----END CERTIFICATE-----