Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6K0jrAjVylwDmczL1c-dcbxmEWk.roa
File:                     6K0jrAjVylwDmczL1c-dcbxmEWk.roa (raw, json)
Hash identifier:          Qxvm2qpOq6j6ZdtPgVXM5cOv8Q6AQQK/CRoaf4AyOo0=
Subject key identifier:   E8:AD:23:AC:08:D5:CA:5C:03:99:CC:CB:D5:CF:9D:71:BC:66:11:69
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521EBD6DE278C9C6956252C9ABF3B72
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6K0jrAjVylwDmczL1c-dcbxmEWk.roa
Signing time:             Thu 02 Jan 2025 03:49:27 +0000
ROA not before:           Thu 02 Jan 2025 03:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     147016
IP address blocks:        2a0e:b107:b17::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:eb:d6:de:27:8c:9c:69:56:25:2c:9a:bf:3b:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e8ad23ac08d5ca5c0399cccbd5cf9d71bc661169
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d7:81:52:e4:d3:f1:73:f2:06:b5:82:97:26:
                    a3:c4:97:d6:b1:27:fc:4a:45:b3:45:26:34:53:24:
                    0c:bb:74:ab:9f:e0:52:79:82:05:92:83:5c:96:9a:
                    5a:89:e5:2b:22:9b:4f:bf:24:18:b9:5c:94:69:e1:
                    5a:91:8b:01:50:4e:6b:4f:b7:9d:cc:d8:8f:53:b2:
                    c2:13:2a:aa:6a:38:34:ba:ab:63:63:e5:20:aa:ce:
                    10:89:8a:bc:fb:82:6d:60:f9:1f:30:1c:b8:60:14:
                    c9:15:f0:c9:a9:ac:63:56:50:00:d1:af:59:c9:5e:
                    97:dd:0a:9a:b8:fb:7d:b9:dc:e9:c1:3d:78:26:94:
                    be:94:72:27:5e:1c:6d:7e:73:9d:d6:e0:64:61:26:
                    11:d0:8e:08:4b:3c:c1:cc:aa:25:02:28:e7:5c:6a:
                    ff:32:85:33:f8:83:b8:b1:52:de:fe:a1:e0:61:ee:
                    91:4b:7b:e5:41:84:9e:11:74:68:00:e4:15:b1:fa:
                    51:d3:64:1e:2c:3b:a1:e3:3e:ce:48:ce:18:c3:1e:
                    19:a3:10:f3:62:12:e3:a2:82:84:c4:8b:ab:f5:5d:
                    7c:3e:9e:6f:6c:53:52:bd:66:06:c6:ad:81:9d:7c:
                    bd:11:81:89:42:10:0b:c8:ef:cc:63:6e:16:2d:2a:
                    d1:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:AD:23:AC:08:D5:CA:5C:03:99:CC:CB:D5:CF:9D:71:BC:66:11:69
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6K0jrAjVylwDmczL1c-dcbxmEWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:b17::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:0e:aa:e7:21:2c:13:5e:b2:74:78:7d:59:ce:08:e3:70:dd:
         7b:94:26:db:77:5c:4e:24:d6:70:cf:e7:be:90:eb:5a:a2:1e:
         48:54:4d:24:7a:6c:cb:11:6e:e0:13:8a:44:26:20:d1:af:a2:
         79:93:5b:ff:56:13:fe:2d:8a:d3:16:6c:86:05:c6:80:f9:d3:
         d3:33:64:28:18:3b:93:8d:2c:5e:37:7a:65:a3:a0:eb:97:55:
         72:02:17:5a:5d:09:9c:12:a9:e1:e1:d4:8a:c1:c6:13:4b:c5:
         14:2e:17:aa:ab:38:49:00:cf:a0:68:11:2d:57:60:08:19:7b:
         67:dc:1b:10:c7:6c:35:60:34:2e:11:8a:9e:2a:80:72:f3:6a:
         61:65:86:4c:9e:db:18:e7:bf:68:77:fc:ab:2e:d0:6d:cf:42:
         9d:3d:f6:6e:5f:c9:5b:78:d9:40:a8:4e:76:b4:65:b0:1f:97:
         6f:79:ee:c7:c5:7b:21:eb:1e:d0:29:55:f4:a0:07:80:5f:88:
         c6:30:f6:fa:f7:fa:de:0c:87:e7:91:cc:bc:76:fb:8b:3a:cd:
         a8:ea:12:11:77:39:85:36:b1:7a:8a:d9:44:a5:88:1a:9b:74:
         61:cb:1c:19:d3:4f:d8:39:89:6b:b9:2d:3a:f4:d2:37:72:fe:
         cd:e5:c2:66
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIevW3ieMnGlWJSyavztyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGFkMjNhYzA4ZDVjYTVjMDM5OWNjY2JkNWNmOWQ3MWJjNjYxMTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlteBUuTT8XPyBrWClyajxJfWsSf8
SkWzRSY0UyQMu3Srn+BSeYIFkoNclppaieUrIptPvyQYuVyUaeFakYsBUE5rT7ed
zNiPU7LCEyqqajg0uqtjY+Ugqs4QiYq8+4JtYPkfMBy4YBTJFfDJqaxjVlAA0a9Z
yV6X3QqauPt9udzpwT14JpS+lHInXhxtfnOd1uBkYSYR0I4ISzzBzKolAijnXGr/
MoUz+IO4sVLe/qHgYe6RS3vlQYSeEXRoAOQVsfpR02QeLDuh4z7OSM4Ywx4ZoxDz
YhLjooKExIur9V18Pp5vbFNSvWYGxq2BnXy9EYGJQhALyO/MY24WLSrRhwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOitI6wI1cpcA5nMy9XPnXG8ZhFpMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNkswanJBalZ5bHdEbWN6TDFjLWRjYnhtRVdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBwsX
MA0GCSqGSIb3DQEBCwUAA4IBAQCvDqrnISwTXrJ0eH1ZzgjjcN17lCbbd1xOJNZw
z+e+kOtaoh5IVE0kemzLEW7gE4pEJiDRr6J5k1v/VhP+LYrTFmyGBcaA+dPTM2Qo
GDuTjSxeN3plo6Drl1VyAhdaXQmcEqnh4dSKwcYTS8UULheqqzhJAM+gaBEtV2AI
GXtn3BsQx2w1YDQuEYqeKoBy82phZYZMntsY579od/yrLtBtz0KdPfZuX8lbeNlA
qE52tGWwH5dvee7HxXsh6x7QKVX0oAeAX4jGMPb69/reDIfnkcy8dvuLOs2o6hIR
dzmFNrF6itlEpYgam3RhyxwZ00/YOYlruS069NI3cv7N5cJm
-----END CERTIFICATE-----