Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6thhDOMD5WzYUqL2tV-rI7-E9Pk.roa
File:                     6thhDOMD5WzYUqL2tV-rI7-E9Pk.roa (raw, json)
Hash identifier:          mMk/HNaya1PvDYuXz/tOpgkYpnvNeRSzDOCHivbJsE8=
Subject key identifier:   EA:D8:61:0C:E3:03:E5:6C:D8:52:A2:F6:B5:5F:AB:23:BF:84:F4:F9
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521E89F3EB130F5A659FB5B262F73C0
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6thhDOMD5WzYUqL2tV-rI7-E9Pk.roa
Signing time:             Thu 02 Jan 2025 03:49:26 +0000
ROA not before:           Thu 02 Jan 2025 03:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142164
IP address blocks:        2a0e:b107:1470::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:e8:9f:3e:b1:30:f5:a6:59:fb:5b:26:2f:73:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ead8610ce303e56cd852a2f6b55fab23bf84f4f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:9e:9b:4e:50:48:3c:94:20:1c:d6:0c:e5:bd:
                    1a:c5:01:60:c9:47:bb:20:72:4d:19:4d:59:4c:41:
                    26:18:ce:65:b7:6c:8d:fb:a9:df:9d:68:b2:80:b2:
                    53:79:91:2e:88:01:40:ac:4a:57:dd:14:f0:17:fa:
                    86:47:dd:ae:53:2e:39:9a:9b:78:16:8c:69:f1:99:
                    11:b4:fd:f9:c7:0e:59:92:15:dc:35:24:be:18:a0:
                    82:f1:a0:29:2b:31:79:93:ef:f6:af:8b:10:05:ee:
                    dd:2b:61:ea:a7:5e:12:b5:de:31:55:ff:e1:6a:1d:
                    b8:52:d4:b6:e7:59:75:d6:20:0d:91:c0:b8:0a:3e:
                    cb:13:6c:79:db:87:1a:84:40:5f:aa:45:67:aa:d6:
                    7b:bb:fd:9c:b5:3e:e7:da:6b:69:8c:d9:96:77:f6:
                    8c:51:4b:1d:4c:fa:42:53:ca:73:85:45:1b:56:5b:
                    55:c4:82:32:cc:3f:c5:9f:ae:45:db:04:41:cc:71:
                    aa:69:66:6b:0f:a6:5c:3a:31:29:f6:98:e8:e3:e1:
                    68:85:b3:03:48:b7:f4:e8:bf:b5:8a:d5:56:0e:63:
                    24:81:de:c2:5e:78:ee:6f:7b:b1:48:02:00:01:d3:
                    31:fc:23:96:d3:de:6a:c3:e5:90:1c:01:6c:d8:7f:
                    b2:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:D8:61:0C:E3:03:E5:6C:D8:52:A2:F6:B5:5F:AB:23:BF:84:F4:F9
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6thhDOMD5WzYUqL2tV-rI7-E9Pk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1470::/44

    Signature Algorithm: sha256WithRSAEncryption
         5c:b0:c3:3f:22:a4:3d:28:34:75:68:e7:56:44:50:68:3a:62:
         d6:17:03:0f:38:14:c7:c8:b1:9b:d8:f1:53:a0:66:1b:1a:9f:
         2f:ae:29:25:f1:a7:98:3f:70:47:29:ca:a2:74:45:14:39:ea:
         3c:a9:46:19:3e:88:7e:c3:b2:75:f9:ed:59:44:c6:c0:c9:a5:
         b7:0f:ee:b0:b9:e0:39:81:f2:e2:7f:03:60:d7:ec:ae:18:b1:
         d9:72:d4:4e:d1:9b:6b:74:0d:2d:4f:a4:9a:be:3a:24:33:10:
         d0:71:5e:0f:ad:0f:42:01:83:85:e6:76:24:f2:b8:1f:28:e5:
         70:20:45:42:51:69:da:6a:9d:9d:aa:3b:2c:1b:6f:3e:de:a0:
         38:68:ab:36:07:27:f0:8b:b4:f1:96:7c:4c:ec:b3:7c:28:d4:
         03:88:b0:83:dd:2c:cb:bf:52:77:de:b0:81:15:5d:4b:12:2b:
         24:dc:a3:d0:9d:8c:67:13:a4:1d:5b:a9:0d:75:50:90:b1:45:
         09:02:b6:f3:2d:19:c4:41:a2:ea:b1:d5:04:ee:10:bd:17:b6:
         92:fe:a4:18:ae:25:e1:bd:02:63:1a:ff:51:51:02:7a:b2:72:
         a2:16:31:b2:ef:60:c0:28:00:54:35:f0:b2:96:8f:63:88:2e:
         30:28:40:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIeifPrEw9aZZ+1smL3PAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWQ4NjEwY2UzMDNlNTZjZDg1MmEyZjZiNTVmYWIyM2JmODRmNGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Z6bTlBIPJQgHNYM5b0axQFgyUe7
IHJNGU1ZTEEmGM5lt2yN+6nfnWiygLJTeZEuiAFArEpX3RTwF/qGR92uUy45mpt4
Foxp8ZkRtP35xw5ZkhXcNSS+GKCC8aApKzF5k+/2r4sQBe7dK2Hqp14Std4xVf/h
ah24UtS251l11iANkcC4Cj7LE2x524cahEBfqkVnqtZ7u/2ctT7n2mtpjNmWd/aM
UUsdTPpCU8pzhUUbVltVxIIyzD/Fn65F2wRBzHGqaWZrD6ZcOjEp9pjo4+FohbMD
SLf06L+1itVWDmMkgd7CXnjub3uxSAIAAdMx/COW095qw+WQHAFs2H+yWwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOrYYQzjA+Vs2FKi9rVfqyO/hPT5MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNnRoaERPTUQ1V3pZVXFMMnRWLXJJNy1FOVBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxRw
MA0GCSqGSIb3DQEBCwUAA4IBAQBcsMM/IqQ9KDR1aOdWRFBoOmLWFwMPOBTHyLGb
2PFToGYbGp8vrikl8aeYP3BHKcqidEUUOeo8qUYZPoh+w7J1+e1ZRMbAyaW3D+6w
ueA5gfLifwNg1+yuGLHZctRO0ZtrdA0tT6SavjokMxDQcV4PrQ9CAYOF5nYk8rgf
KOVwIEVCUWnaap2dqjssG28+3qA4aKs2Byfwi7TxlnxM7LN8KNQDiLCD3SzLv1J3
3rCBFV1LEisk3KPQnYxnE6QdW6kNdVCQsUUJArbzLRnEQaLqsdUE7hC9F7aS/qQY
riXhvQJjGv9RUQJ6snKiFjGy72DAKABUNfCylo9jiC4wKEAN
-----END CERTIFICATE-----