Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5_-nWpx02nWKWNMUc2_sQuZUdh8.roa
File:                     5_-nWpx02nWKWNMUc2_sQuZUdh8.roa (raw, json)
Hash identifier:          Gh0WyOtht73NvR+pBckTnh3bLDpskUlzNaXS018E96o=
Subject key identifier:   E7:FF:A7:5A:9C:74:DA:75:8A:58:D3:14:73:6F:EC:42:E6:54:76:1F
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425224C4FC6CA0E62D572887339F71099
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5_-nWpx02nWKWNMUc2_sQuZUdh8.roa
Signing time:             Thu 02 Jan 2025 03:49:52 +0000
ROA not before:           Thu 02 Jan 2025 03:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211169
IP address blocks:        2a0e:b107:15b0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:4c:4f:c6:ca:0e:62:d5:72:88:73:39:f7:10:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7ffa75a9c74da758a58d314736fec42e654761f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b0:e8:20:4a:d9:a9:b0:4c:6e:92:eb:03:a2:
                    fd:d1:03:23:b7:64:04:93:2f:b9:0e:b4:f8:db:d0:
                    d0:aa:dd:c0:9a:21:cf:c7:47:a1:8a:91:3e:42:64:
                    d1:91:87:9e:53:80:43:8a:cb:d8:36:a9:30:03:d2:
                    b8:39:3d:ce:ed:8e:bb:2c:e8:16:a6:ab:41:bd:d0:
                    52:29:a2:b3:22:7e:75:13:33:64:f3:a2:2a:71:17:
                    d6:98:da:bc:bb:ba:88:75:99:33:2f:63:f4:04:5a:
                    ae:d3:f2:01:ae:20:ce:df:7f:69:a6:7b:91:d2:b0:
                    55:e5:a1:ab:9b:fe:1d:df:02:e7:b6:90:8b:05:22:
                    74:60:df:8c:58:0b:5f:55:bf:c5:c3:62:6a:a4:e0:
                    8e:53:7a:a7:31:25:f3:db:0c:b5:32:b4:33:dd:55:
                    43:97:ce:11:59:7c:a1:a7:21:5e:b8:c2:a8:fc:2d:
                    bc:e6:77:78:6a:e7:a2:e0:8a:9a:62:e9:97:c9:ca:
                    d0:e5:09:d5:6a:3d:15:ba:41:4f:22:4d:38:f0:17:
                    c4:f8:f3:f6:23:91:f4:ca:10:88:59:ba:93:7c:29:
                    db:6c:ea:c5:4b:12:6e:01:d4:03:9a:e6:95:3d:92:
                    7b:5c:21:8c:0b:7c:c6:67:e2:d7:f1:b8:d5:69:dc:
                    d1:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:FF:A7:5A:9C:74:DA:75:8A:58:D3:14:73:6F:EC:42:E6:54:76:1F
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5_-nWpx02nWKWNMUc2_sQuZUdh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:15b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6b:b3:ab:ef:88:59:00:be:c3:f1:bd:eb:cc:b6:29:be:da:6c:
         1c:ce:dc:30:ca:ee:88:74:fc:48:a8:c3:69:67:ca:d8:1e:ed:
         17:8a:3d:e0:9b:1f:32:e8:c5:7f:1d:a4:0f:df:21:b2:f1:87:
         8a:8d:5f:28:2f:6e:3c:97:b2:22:fe:66:b1:26:76:1a:1a:0e:
         69:fb:d0:b3:3b:78:2f:81:c6:c3:f9:f5:ac:42:90:41:a2:41:
         59:b7:fc:f8:33:18:db:25:35:c3:1d:6d:58:2f:6b:d6:3f:44:
         02:b8:31:ce:7a:27:5a:a2:5f:b4:8d:a8:f8:ac:03:82:55:da:
         17:08:14:94:e0:36:f4:9a:cb:a7:42:c2:41:cb:ba:a3:fa:3c:
         98:48:7d:b2:40:de:0a:d4:a4:0a:42:1f:22:ca:d4:1c:12:23:
         d3:b1:a3:c2:15:82:70:05:f5:76:f1:b8:cc:eb:df:f5:a3:6a:
         79:8a:3a:87:3e:93:60:f4:ae:1b:8f:b4:5d:3c:3a:95:35:b3:
         55:2e:8a:5e:1b:b0:c9:00:05:7c:05:02:46:c6:0a:03:f9:cf:
         d6:28:aa:74:f6:95:49:0f:f0:dc:48:9b:11:c2:43:53:9e:62:
         59:00:17:e6:2f:76:52:1c:90:d3:33:d9:83:60:74:b0:9e:a1:
         d4:0d:72:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIkxPxsoOYtVyiHM59xCZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2ZmYTc1YTljNzRkYTc1OGE1OGQzMTQ3MzZmZWM0MmU2NTQ3NjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbDoIErZqbBMbpLrA6L90QMjt2QE
ky+5DrT429DQqt3AmiHPx0ehipE+QmTRkYeeU4BDisvYNqkwA9K4OT3O7Y67LOgW
pqtBvdBSKaKzIn51EzNk86IqcRfWmNq8u7qIdZkzL2P0BFqu0/IBriDO339ppnuR
0rBV5aGrm/4d3wLntpCLBSJ0YN+MWAtfVb/Fw2JqpOCOU3qnMSXz2wy1MrQz3VVD
l84RWXyhpyFeuMKo/C285nd4auei4IqaYumXycrQ5QnVaj0VukFPIk048BfE+PP2
I5H0yhCIWbqTfCnbbOrFSxJuAdQDmuaVPZJ7XCGMC3zGZ+LX8bjVadzRCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOf/p1qcdNp1iljTFHNv7ELmVHYfMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNV8tbldweDAybldLV05NVWMyX3NRdVpVZGg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxWw
MA0GCSqGSIb3DQEBCwUAA4IBAQBrs6vviFkAvsPxvevMtim+2mwcztwwyu6IdPxI
qMNpZ8rYHu0Xij3gmx8y6MV/HaQP3yGy8YeKjV8oL248l7Ii/maxJnYaGg5p+9Cz
O3gvgcbD+fWsQpBBokFZt/z4MxjbJTXDHW1YL2vWP0QCuDHOeidaol+0jaj4rAOC
VdoXCBSU4Db0msunQsJBy7qj+jyYSH2yQN4K1KQKQh8iytQcEiPTsaPCFYJwBfV2
8bjM69/1o2p5ijqHPpNg9K4bj7RdPDqVNbNVLopeG7DJAAV8BQJGxgoD+c/WKKp0
9pVJD/DcSJsRwkNTnmJZABfmL3ZSHJDTM9mDYHSwnqHUDXKb
-----END CERTIFICATE-----