Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6f29IIcQ2IEqq1uZQ7DL6kfoFx0.roa
File:                     6f29IIcQ2IEqq1uZQ7DL6kfoFx0.roa (raw, json)
Hash identifier:          5huChTQ3/bde8L87/F7Lc22gsa305VCeI+BayNXqs8U=
Subject key identifier:   E9:FD:BD:20:87:10:D8:81:2A:AB:5B:99:43:B0:CB:EA:47:E8:17:1D
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522330956AF4709F87909CEB07DD69E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6f29IIcQ2IEqq1uZQ7DL6kfoFx0.roa
Signing time:             Thu 02 Jan 2025 03:49:45 +0000
ROA not before:           Thu 02 Jan 2025 03:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209105
IP address blocks:        2a0e:b102:170::/44 maxlen: 48
                          2a10:2f00:17f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:33:09:56:af:47:09:f8:79:09:ce:b0:7d:d6:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9fdbd208710d8812aab5b9943b0cbea47e8171d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:64:45:1b:1b:6c:6c:67:10:e5:15:59:2a:94:
                    9a:77:35:c8:5b:9e:c7:42:7b:94:38:c9:0c:06:be:
                    35:3c:8e:ad:d8:cd:c7:db:bc:c3:a7:f2:89:8a:58:
                    89:53:4e:dc:c9:aa:d3:7e:b0:3f:26:65:55:72:b7:
                    81:5b:d9:c5:8b:4d:66:99:13:c5:69:6a:ad:78:91:
                    3e:53:51:1e:33:08:00:bc:66:d5:e4:c2:ce:8a:38:
                    ce:d6:a0:84:16:eb:0b:cf:db:dd:d4:ad:fe:db:4d:
                    b2:78:ba:1c:09:53:2b:6f:8a:29:54:3c:e4:e8:50:
                    ab:eb:2a:37:4d:d8:10:bd:b5:78:bf:43:86:61:21:
                    1b:d2:0b:d1:a3:d8:d8:62:a0:30:66:e7:be:17:fb:
                    83:e1:ea:b8:b5:d0:7d:39:c4:73:3e:60:fb:ef:85:
                    07:f6:0c:78:13:97:39:93:ad:50:99:2f:f6:27:52:
                    f4:db:e0:93:4d:78:33:14:21:49:d0:e6:8c:bd:e1:
                    d6:ca:e9:0c:a2:91:c5:5f:1c:b4:00:9d:e0:43:c5:
                    c4:86:0b:9d:4c:77:63:ba:14:bf:f4:6d:73:6b:e5:
                    8a:53:41:f5:ef:45:66:1d:f3:4f:28:f5:c2:5a:ae:
                    e6:db:3c:b8:da:0d:73:e8:c1:87:74:f2:b1:83:ea:
                    39:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:FD:BD:20:87:10:D8:81:2A:AB:5B:99:43:B0:CB:EA:47:E8:17:1D
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6f29IIcQ2IEqq1uZQ7DL6kfoFx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b102:170::/44
                  2a10:2f00:17f::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:71:93:52:61:ab:f1:19:f8:45:e6:f6:17:32:13:cc:52:92:
         d5:17:ac:2e:71:e2:29:43:79:4d:70:56:c6:74:da:74:0b:38:
         b3:83:a4:e3:ca:1e:47:f0:d5:63:39:5e:17:74:09:7c:7a:2c:
         62:6a:83:64:88:c2:a4:cf:d3:79:06:89:0f:4d:34:50:91:98:
         4e:95:1c:ba:b0:37:5d:8b:b0:3c:b5:72:e0:4f:56:e6:88:56:
         69:96:0d:b7:2d:46:c3:b3:73:33:b0:79:bc:a5:ef:b0:d0:f4:
         d0:5a:57:9e:72:9a:fe:fc:1c:7d:05:8c:36:3b:e4:00:d7:ef:
         96:b5:cd:8a:14:76:c9:02:da:b6:c5:c0:db:a2:6b:1a:2c:88:
         12:a6:72:48:33:ef:33:44:6b:17:45:e1:48:3f:7d:61:91:2c:
         08:26:6a:3c:b7:4e:4e:d3:24:21:da:7a:37:c5:eb:37:bd:7e:
         0c:fb:aa:9b:74:75:59:03:3d:80:80:82:e2:59:78:ba:ae:e0:
         90:bb:06:e0:0f:58:18:c9:fc:38:d6:a2:2a:a4:11:72:81:74:
         00:af:8c:0e:a3:d1:e8:45:96:a2:8a:97:1d:da:2a:6e:1f:24:
         eb:c5:b3:31:bb:58:19:4b:9f:34:15:08:d1:3d:48:c8:1a:67:
         b4:5f:a9:7d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIjMJVq9HCfh5Cc6wfdaeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWZkYmQyMDg3MTBkODgxMmFhYjViOTk0M2IwY2JlYTQ3ZTgxNzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5WRFGxtsbGcQ5RVZKpSadzXIW57H
QnuUOMkMBr41PI6t2M3H27zDp/KJiliJU07cyarTfrA/JmVVcreBW9nFi01mmRPF
aWqteJE+U1EeMwgAvGbV5MLOijjO1qCEFusLz9vd1K3+202yeLocCVMrb4opVDzk
6FCr6yo3TdgQvbV4v0OGYSEb0gvRo9jYYqAwZue+F/uD4eq4tdB9OcRzPmD774UH
9gx4E5c5k61QmS/2J1L02+CTTXgzFCFJ0OaMveHWyukMopHFXxy0AJ3gQ8XEhgud
THdjuhS/9G1za+WKU0H170VmHfNPKPXCWq7m2zy42g1z6MGHdPKxg+o52QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOn9vSCHENiBKqtbmUOwy+pH6BcdMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNmYyOUlJY1EySUVxcTF1WlE3REw2a2ZvRngwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6xAgFw
AwcAKhAvAAF/MA0GCSqGSIb3DQEBCwUAA4IBAQAycZNSYavxGfhF5vYXMhPMUpLV
F6wuceIpQ3lNcFbGdNp0Czizg6Tjyh5H8NVjOV4XdAl8eixiaoNkiMKkz9N5BokP
TTRQkZhOlRy6sDddi7A8tXLgT1bmiFZplg23LUbDs3MzsHm8pe+w0PTQWleecpr+
/Bx9BYw2O+QA1++Wtc2KFHbJAtq2xcDbomsaLIgSpnJIM+8zRGsXReFIP31hkSwI
Jmo8t05O0yQh2no3xes3vX4M+6qbdHVZAz2AgILiWXi6ruCQuwbgD1gYyfw41qIq
pBFygXQAr4wOo9HoRZaiipcd2ipuHyTrxbMxu1gZS580FQjRPUjIGme0X6l9
-----END CERTIFICATE-----