Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6sDfbnVzFJ0hCxwweFr9FJWfVbg.roa
File:                     6sDfbnVzFJ0hCxwweFr9FJWfVbg.roa (raw, json)
Hash identifier:          1D3EJm0Fq57HhYjEWhDrCRv3ClMmPgjRMxbw9IPsrAw=
Subject key identifier:   EA:C0:DF:6E:75:73:14:9D:21:0B:1C:30:78:5A:FD:14:95:9F:55:B8
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521E331847F885D6B8D3EF5233ABBF4
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6sDfbnVzFJ0hCxwweFr9FJWfVbg.roa
Signing time:             Thu 02 Jan 2025 03:49:25 +0000
ROA not before:           Thu 02 Jan 2025 03:49:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     138211
IP address blocks:        2a0e:b107:6d0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:e3:31:84:7f:88:5d:6b:8d:3e:f5:23:3a:bb:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eac0df6e7573149d210b1c30785afd14959f55b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b4:7b:83:10:09:db:27:65:de:26:92:34:b5:
                    39:bd:3a:32:da:d4:fe:e4:ca:bc:1e:d2:c3:b6:11:
                    3e:77:8c:93:d4:f5:2c:7e:d4:46:6e:8f:49:57:b5:
                    56:ae:48:22:16:94:be:19:5b:e6:ab:d5:01:34:e9:
                    a9:4a:f3:ca:fe:d5:27:77:19:c6:f7:cb:2e:78:20:
                    5c:08:2b:e2:e7:bc:36:4c:ee:75:ea:4d:bb:58:58:
                    53:3e:6a:3d:00:1d:99:0e:52:6d:8a:be:21:29:ed:
                    19:a9:29:02:28:cb:fb:93:a9:24:d8:36:10:12:77:
                    b9:a5:17:36:ae:eb:3b:ef:72:23:9f:f5:84:75:5a:
                    84:55:0c:d6:d9:41:11:97:32:f3:a3:91:c3:02:02:
                    67:36:25:b6:54:32:bf:1a:67:40:03:11:9e:83:94:
                    29:e0:e4:e7:e7:54:85:a5:c3:a1:36:9e:0e:99:db:
                    19:37:29:60:b0:14:7c:ca:09:40:17:29:65:e6:10:
                    ca:82:51:aa:4b:7d:de:80:c1:10:01:f9:99:f9:bd:
                    5c:56:ce:40:43:63:31:1b:a4:65:6f:dc:80:3e:d3:
                    30:ef:3a:7a:d3:8b:5d:fe:d9:af:42:28:fd:40:4c:
                    39:29:a4:ab:57:5c:26:34:45:e4:14:39:14:63:2f:
                    d9:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:C0:DF:6E:75:73:14:9D:21:0B:1C:30:78:5A:FD:14:95:9F:55:B8
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6sDfbnVzFJ0hCxwweFr9FJWfVbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:6d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a7:db:20:71:3d:d5:90:f9:58:e5:5b:69:c7:70:7c:f4:dc:e4:
         c8:bf:7a:ef:34:c0:bc:c3:c0:a3:6c:b6:20:b8:be:1c:3d:a9:
         7b:04:97:79:35:63:41:94:88:90:a5:54:cb:87:15:5d:a9:46:
         92:22:bb:3c:f3:2a:0c:21:e6:2c:e7:f1:7d:84:07:a4:84:b7:
         1e:27:2b:fa:e8:14:6c:4f:54:77:d6:1f:61:04:56:00:d7:1f:
         35:fd:5e:f3:2c:2d:16:02:b4:62:cd:7b:b3:4b:c0:c8:74:3f:
         47:f2:e0:53:6f:c4:17:2c:13:fe:f8:5c:0c:c1:32:c6:a7:fd:
         c3:05:bb:d7:d5:da:76:08:6e:50:8f:3c:36:e4:36:db:fe:9e:
         8b:79:1d:af:69:c6:7e:8f:7c:ef:9b:b3:e8:aa:93:29:5a:2a:
         73:17:30:04:b5:53:69:14:92:09:25:29:64:21:be:be:94:db:
         08:20:1f:ad:02:e3:a5:ce:58:e4:c5:39:81:af:ce:49:5f:2b:
         be:fa:f9:71:df:05:e9:b3:bc:6a:52:c0:09:94:cb:04:39:5e:
         c3:7c:87:d1:7c:ec:d1:73:d2:a5:a0:bb:95:d9:c7:fe:13:ce:
         ae:f9:f3:da:3b:0c:d4:53:c1:b5:c5:01:15:b7:49:74:79:ef:
         18:bc:8e:2d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIeMxhH+IXWuNPvUjOrv0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWMwZGY2ZTc1NzMxNDlkMjEwYjFjMzA3ODVhZmQxNDk1OWY1NWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrR7gxAJ2ydl3iaSNLU5vToy2tT+
5Mq8HtLDthE+d4yT1PUsftRGbo9JV7VWrkgiFpS+GVvmq9UBNOmpSvPK/tUndxnG
98sueCBcCCvi57w2TO516k27WFhTPmo9AB2ZDlJtir4hKe0ZqSkCKMv7k6kk2DYQ
Ene5pRc2rus773Ijn/WEdVqEVQzW2UERlzLzo5HDAgJnNiW2VDK/GmdAAxGeg5Qp
4OTn51SFpcOhNp4OmdsZNylgsBR8yglAFyll5hDKglGqS33egMEQAfmZ+b1cVs5A
Q2MxG6Rlb9yAPtMw7zp604td/tmvQij9QEw5KaSrV1wmNEXkFDkUYy/ZiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOrA3251cxSdIQscMHha/RSVn1W4MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNnNEZmJuVnpGSjBoQ3h3d2VGcjlGSldmVmJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBwbQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCn2yBxPdWQ+VjlW2nHcHz03OTIv3rvNMC8w8Cj
bLYguL4cPal7BJd5NWNBlIiQpVTLhxVdqUaSIrs88yoMIeYs5/F9hAekhLceJyv6
6BRsT1R31h9hBFYA1x81/V7zLC0WArRizXuzS8DIdD9H8uBTb8QXLBP++FwMwTLG
p/3DBbvX1dp2CG5Qjzw25Dbb/p6LeR2vacZ+j3zvm7PoqpMpWipzFzAEtVNpFJIJ
JSlkIb6+lNsIIB+tAuOlzljkxTmBr85JXyu++vlx3wXps7xqUsAJlMsEOV7DfIfR
fOzRc9KloLuV2cf+E86u+fPaOwzUU8G1xQEVt0l0ee8YvI4t
-----END CERTIFICATE-----