Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6aP5zKif5cgeCK0Ig6429FS04RM.roa
File:                     6aP5zKif5cgeCK0Ig6429FS04RM.roa (raw, json)
Hash identifier:          1bGU8P84sEVxZJTBs9IHWpoLRR7OFpHaZ2jT/hawZyE=
Subject key identifier:   E9:A3:F9:CC:A8:9F:E5:C8:1E:08:AD:08:83:AE:36:F4:54:B4:E1:13
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521CE7125C02294EE613A59E5BE5795
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6aP5zKif5cgeCK0Ig6429FS04RM.roa
Signing time:             Thu 02 Jan 2025 03:49:20 +0000
ROA not before:           Thu 02 Jan 2025 03:49:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41732
IP address blocks:        2a0e:b107:820::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ce:71:25:c0:22:94:ee:61:3a:59:e5:be:57:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9a3f9cca89fe5c81e08ad0883ae36f454b4e113
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ce:3e:02:0f:3b:c6:79:e6:64:d3:55:78:41:
                    f6:39:36:4c:70:89:bd:e3:68:82:f3:26:be:2c:44:
                    7a:7d:7b:08:18:23:75:a3:ee:85:4e:5a:ca:81:9d:
                    a3:8b:2b:a7:b1:0e:80:e7:cf:c2:84:69:80:e1:c4:
                    25:dc:19:e3:64:97:90:03:cd:60:5e:7a:4c:15:be:
                    15:46:71:94:3e:b0:9c:b0:27:59:6f:35:5e:4c:67:
                    57:65:d5:be:78:f1:e2:01:3e:dd:57:24:52:5e:bc:
                    66:e7:89:a7:ec:92:4e:10:1a:67:fd:f8:4c:62:5c:
                    62:7b:02:8f:30:59:3f:b1:41:34:b4:79:92:62:3a:
                    c8:8f:ba:83:d9:83:b7:56:66:e1:b3:cf:5f:4f:4f:
                    97:b6:8e:e2:93:4d:eb:3a:5e:b8:02:f9:47:f3:5a:
                    4d:26:51:06:42:3a:89:e0:45:72:fa:16:59:97:77:
                    25:4a:42:e9:05:2c:79:01:36:6e:41:cc:1a:05:90:
                    c4:7c:7a:05:1b:f1:52:07:ac:85:f2:a7:fc:9b:68:
                    9b:d9:75:25:1c:56:69:61:6a:72:cf:c3:59:c9:d7:
                    17:c7:44:33:21:cc:28:00:7f:a8:50:74:b3:52:ff:
                    1d:ca:75:a1:08:38:05:57:02:be:23:a0:d9:0a:e7:
                    85:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:A3:F9:CC:A8:9F:E5:C8:1E:08:AD:08:83:AE:36:F4:54:B4:E1:13
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6aP5zKif5cgeCK0Ig6429FS04RM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:820::/44

    Signature Algorithm: sha256WithRSAEncryption
         9e:8a:03:7e:7e:ae:61:87:41:f1:fa:29:37:f3:09:56:63:90:
         ae:0d:da:a7:df:9b:fd:f6:8d:77:b2:58:a9:c3:3e:61:c6:00:
         11:9f:62:ab:13:83:48:bf:ca:76:5d:65:78:62:22:bd:c0:50:
         29:0f:42:3d:a8:78:36:aa:61:4d:da:67:c3:a4:03:5c:6e:9d:
         20:e7:d4:95:eb:c2:a0:fa:dc:2f:5e:eb:6a:a2:dd:7f:27:ee:
         ad:7d:04:83:81:f4:bc:6c:76:1b:22:b7:99:43:26:57:2e:b5:
         ff:f6:2f:c7:1b:2d:a3:72:30:d5:bf:31:72:f8:65:24:80:b8:
         af:59:65:ed:55:7c:33:49:04:71:e4:45:1c:76:0b:14:69:64:
         f6:74:89:38:09:f8:2f:6f:e4:24:fe:39:0d:49:f0:37:28:c1:
         0a:f8:bf:36:3e:96:ae:60:80:76:b8:dd:8f:7f:96:65:56:64:
         48:a6:06:1a:b5:9f:7a:13:b1:34:ee:01:e0:b3:2b:2e:c3:1a:
         bd:61:34:1f:8b:9a:c5:4a:c5:b3:f8:ea:7b:f7:d3:06:00:ff:
         f4:73:c9:c8:97:d6:1a:d4:3f:81:ea:41:1e:f8:f0:9b:5c:e0:
         70:fd:65:71:a7:ea:3e:ee:35:c7:b2:dd:ff:c1:4e:83:63:d5:
         f1:81:d8:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIc5xJcAilO5hOlnlvleVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWEzZjljY2E4OWZlNWM4MWUwOGFkMDg4M2FlMzZmNDU0YjRlMTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz84+Ag87xnnmZNNVeEH2OTZMcIm9
42iC8ya+LER6fXsIGCN1o+6FTlrKgZ2jiyunsQ6A58/ChGmA4cQl3BnjZJeQA81g
XnpMFb4VRnGUPrCcsCdZbzVeTGdXZdW+ePHiAT7dVyRSXrxm54mn7JJOEBpn/fhM
YlxiewKPMFk/sUE0tHmSYjrIj7qD2YO3Vmbhs89fT0+Xto7ik03rOl64AvlH81pN
JlEGQjqJ4EVy+hZZl3clSkLpBSx5ATZuQcwaBZDEfHoFG/FSB6yF8qf8m2ib2XUl
HFZpYWpyz8NZydcXx0QzIcwoAH+oUHSzUv8dynWhCDgFVwK+I6DZCueFEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOmj+cyon+XIHgitCIOuNvRUtOETMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNmFQNXpLaWY1Y2dlQ0swSWc2NDI5RlMwNFJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBwgg
MA0GCSqGSIb3DQEBCwUAA4IBAQCeigN+fq5hh0Hx+ik38wlWY5CuDdqn35v99o13
slipwz5hxgARn2KrE4NIv8p2XWV4YiK9wFApD0I9qHg2qmFN2mfDpANcbp0g59SV
68Kg+twvXutqot1/J+6tfQSDgfS8bHYbIreZQyZXLrX/9i/HGy2jcjDVvzFy+GUk
gLivWWXtVXwzSQRx5EUcdgsUaWT2dIk4Cfgvb+Qk/jkNSfA3KMEK+L82PpauYIB2
uN2Pf5ZlVmRIpgYatZ96E7E07gHgsysuwxq9YTQfi5rFSsWz+Op799MGAP/0c8nI
l9Ya1D+B6kEe+PCbXOBw/WVxp+o+7jXHst3/wU6DY9Xxgdgw
-----END CERTIFICATE-----