Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5y4YlHHdCCnk23SmQhFHXXrkbF4.roa
File:                     5y4YlHHdCCnk23SmQhFHXXrkbF4.roa (raw, json)
Hash identifier:          tyT9PtBOVJSS3UZVSj5VVaxPL2JrkOrFq/fFVoM1xhc=
Subject key identifier:   E7:2E:18:94:71:DD:08:29:E4:DB:74:A6:42:11:47:5D:7A:E4:6C:5E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0198B843299D1425A589B57FBFB936E73396
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5y4YlHHdCCnk23SmQhFHXXrkbF4.roa
Signing time:             Sun 17 Aug 2025 13:41:05 +0000
ROA not before:           Sun 17 Aug 2025 13:41:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214534
IP address blocks:        2a10:ccc6:66ce::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 23:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b8:43:29:9d:14:25:a5:89:b5:7f:bf:b9:36:e7:33:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Aug 17 13:41:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e72e189471dd0829e4db74a64211475d7ae46c5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:f1:a7:3d:74:f2:71:38:3f:c7:c2:2e:ec:f5:
                    74:95:68:d5:37:1f:b5:48:05:dc:50:c1:1c:de:f2:
                    c9:56:b3:93:b1:ff:cb:06:bb:1b:27:17:d9:b6:52:
                    94:d9:7a:7a:f5:59:f8:ca:bf:1f:8b:82:5a:48:66:
                    e5:29:45:e3:f3:c2:36:4f:cf:d2:fa:82:f4:b6:89:
                    33:34:4b:f7:48:6a:b9:88:41:fa:40:e3:dd:a8:9b:
                    c7:be:60:20:b3:95:6d:42:2d:83:45:95:05:20:3a:
                    f0:92:2d:96:76:fb:a1:25:bd:f2:57:46:f0:a8:b4:
                    5d:d3:97:ba:95:5b:1d:52:48:e0:99:c2:8c:7c:11:
                    20:ac:89:b3:92:88:56:09:37:56:18:f8:b1:78:0f:
                    92:24:63:8d:d7:31:cc:59:cb:ff:33:ac:ca:c5:5b:
                    f4:68:84:5d:e5:2f:49:68:3d:4b:49:1d:7e:36:db:
                    3b:35:85:4a:3a:fc:13:3d:b0:02:20:65:9e:b0:82:
                    ff:57:79:bf:cb:51:bd:cf:65:4d:0a:e2:2c:db:44:
                    7a:5e:25:8d:fd:51:ea:ce:e9:01:78:ee:14:6e:a8:
                    6a:35:3f:1d:22:43:a4:01:52:1b:fb:ac:97:a9:94:
                    97:3c:68:9e:96:7f:68:04:e7:ed:eb:0d:74:c3:66:
                    2b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:2E:18:94:71:DD:08:29:E4:DB:74:A6:42:11:47:5D:7A:E4:6C:5E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5y4YlHHdCCnk23SmQhFHXXrkbF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc6:66ce::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:62:b1:7d:3b:42:16:08:77:9d:1e:31:3a:aa:97:6a:08:82:
         fe:4b:a1:2b:68:17:24:67:90:8c:71:14:c8:56:6a:9c:ef:bc:
         47:18:8e:cc:0d:e2:f1:0a:7d:8c:6d:bd:13:ff:df:bf:cd:52:
         0a:69:4b:55:5d:10:eb:a8:ac:d9:e0:20:e4:cb:b0:67:c8:aa:
         bb:b2:5f:47:d0:73:69:97:19:6a:93:7c:e5:05:6e:ed:be:cb:
         ed:0b:dc:58:df:fd:f5:bf:bf:ee:0f:3e:ba:1a:7a:0d:be:e1:
         54:47:91:0c:eb:e2:8f:69:5a:74:79:04:33:d5:03:7b:7f:40:
         c8:1e:20:c7:64:a1:30:14:7d:d7:02:90:27:d8:c8:52:c7:9f:
         51:fe:cf:08:87:d4:19:6b:ec:bd:be:ec:51:92:2e:70:fe:79:
         3d:b4:ad:60:1d:80:13:ab:cf:78:e6:bf:b6:c9:80:be:42:f5:
         3c:74:27:b6:5d:d3:a0:13:d1:c1:2e:e8:63:f3:1a:e0:74:37:
         9d:e5:8a:bb:6a:f0:bb:4f:a6:fe:b0:f2:d5:97:72:13:9b:24:
         7f:df:6d:8f:cb:09:77:59:4a:61:1e:03:20:3a:79:da:a9:24:
         ef:37:d4:8a:3d:3a:4a:eb:d7:a4:a3:81:ec:8d:e0:64:71:d6:
         85:2a:c9:80
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZi4QymdFCWlibV/v7k25zOWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwODE3MTM0MTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzJlMTg5NDcxZGQwODI5ZTRkYjc0YTY0MjExNDc1ZDdhZTQ2YzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPGnPXTycTg/x8Iu7PV0lWjVNx+1
SAXcUMEc3vLJVrOTsf/LBrsbJxfZtlKU2Xp69Vn4yr8fi4JaSGblKUXj88I2T8/S
+oL0tokzNEv3SGq5iEH6QOPdqJvHvmAgs5VtQi2DRZUFIDrwki2WdvuhJb3yV0bw
qLRd05e6lVsdUkjgmcKMfBEgrImzkohWCTdWGPixeA+SJGON1zHMWcv/M6zKxVv0
aIRd5S9JaD1LSR1+Nts7NYVKOvwTPbACIGWesIL/V3m/y1G9z2VNCuIs20R6XiWN
/VHqzukBeO4UbqhqNT8dIkOkAVIb+6yXqZSXPGieln9oBOft6w10w2YrLQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOcuGJRx3Qgp5Nt0pkIRR1165GxeMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNXk0WWxISGRDQ25rMjNTbVFoRkhYWHJrYkY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhDMxmbO
MA0GCSqGSIb3DQEBCwUAA4IBAQCjYrF9O0IWCHedHjE6qpdqCIL+S6EraBckZ5CM
cRTIVmqc77xHGI7MDeLxCn2Mbb0T/9+/zVIKaUtVXRDrqKzZ4CDky7BnyKq7sl9H
0HNplxlqk3zlBW7tvsvtC9xY3/31v7/uDz66GnoNvuFUR5EM6+KPaVp0eQQz1QN7
f0DIHiDHZKEwFH3XApAn2MhSx59R/s8Ih9QZa+y9vuxRki5w/nk9tK1gHYATq894
5r+2yYC+QvU8dCe2XdOgE9HBLuhj8xrgdDed5Yq7avC7T6b+sPLVl3ITmyR/322P
ywl3WUphHgMgOnnaqSTvN9SKPTpK69eko4HsjeBkcdaFKsmA
-----END CERTIFICATE-----