Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7GfhuA6XPAmGaXHiXLiI8qJxzSA.roa
File:                     7GfhuA6XPAmGaXHiXLiI8qJxzSA.roa (raw, json)
Hash identifier:          m69T8e8A1vrQ67SCKXm9+Cc44NxDnFqJ/Q8cV8zGGeU=
Subject key identifier:   EC:67:E1:B8:0E:97:3C:09:86:69:71:E2:5C:B8:88:F2:A2:71:CD:20
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425223A46075CF53BCD627D972FF53305
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7GfhuA6XPAmGaXHiXLiI8qJxzSA.roa
Signing time:             Thu 02 Jan 2025 03:49:47 +0000
ROA not before:           Thu 02 Jan 2025 03:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209710
IP address blocks:        2a0e:b107:340::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:3a:46:07:5c:f5:3b:cd:62:7d:97:2f:f5:33:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec67e1b80e973c09866971e25cb888f2a271cd20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:61:bc:88:13:8f:8e:4a:6c:47:8d:95:11:d2:
                    47:8f:4d:19:b0:5f:82:da:e1:e9:35:c2:34:62:0e:
                    34:dd:f3:79:69:a8:a4:1c:da:5f:7f:2a:b4:91:59:
                    64:81:5a:a4:73:dd:2a:b3:75:d5:c2:96:bc:0c:e7:
                    60:d9:23:8c:af:d1:64:f7:67:73:f1:71:39:98:33:
                    60:06:00:2b:36:2b:c4:2e:92:28:14:3c:e0:46:8b:
                    5a:60:2e:ce:24:17:3d:2f:86:38:cb:68:71:48:48:
                    03:60:f9:45:a4:06:68:80:7c:30:54:7b:5e:78:8b:
                    31:ab:13:cf:b3:11:ff:34:10:56:ea:93:33:c9:46:
                    dc:96:ae:49:5c:d5:76:30:87:a5:22:77:38:af:4d:
                    f4:79:85:e5:0e:a7:69:57:39:fc:65:38:15:c4:50:
                    26:44:22:0d:39:ba:30:be:41:3a:7c:11:c0:ad:92:
                    d2:b4:d1:91:ed:a4:6e:8c:14:46:34:e6:30:dc:7d:
                    2a:6d:96:d7:36:d7:6c:1f:5f:2f:4e:8c:4c:5a:ea:
                    14:93:1f:ad:dd:86:af:1b:00:0a:4a:08:27:50:db:
                    ee:65:f7:20:42:71:65:36:1f:e3:d1:37:0d:50:9e:
                    3b:68:e6:5f:5a:35:10:89:6a:ba:7d:e4:0f:03:66:
                    da:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:67:E1:B8:0E:97:3C:09:86:69:71:E2:5C:B8:88:F2:A2:71:CD:20
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7GfhuA6XPAmGaXHiXLiI8qJxzSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:340::/44

    Signature Algorithm: sha256WithRSAEncryption
         95:62:86:27:89:57:59:a7:f5:2a:ef:ac:3a:f3:08:94:a1:e1:
         dd:bb:1f:78:71:14:a0:9d:54:dd:af:04:14:61:07:e6:a3:a4:
         c4:b1:a1:d1:3a:8b:a4:d8:62:f3:57:c5:d9:a7:82:5d:81:c9:
         bb:33:7f:43:36:fe:49:0c:b9:c1:49:7e:72:51:f3:36:11:7e:
         84:8b:75:72:53:b2:2d:55:ff:43:cf:f2:43:68:89:de:09:80:
         3c:4d:8d:da:16:61:3a:42:8a:37:d7:4c:39:8b:72:cc:3e:e0:
         a4:e2:1a:5f:33:d9:57:91:1b:4b:c3:39:5f:54:1f:81:d3:d1:
         61:d8:5f:3d:ff:b5:7d:a8:2f:2f:ed:44:c2:0f:b8:0a:fd:20:
         9c:6e:4b:90:f4:9e:f7:6b:26:ef:84:52:e0:81:d5:17:11:c5:
         0c:dd:26:4e:d5:bf:e6:0d:2b:c0:fb:a1:18:f4:25:c1:c4:b8:
         ea:d1:74:7e:8d:52:87:21:ab:fb:a5:b6:39:9d:e9:8b:2f:b8:
         4c:0c:42:29:d8:81:4c:44:30:55:a9:c4:93:17:f2:2f:cc:25:
         3e:32:3b:96:71:56:9c:43:72:89:a1:a4:75:30:a2:24:47:c0:
         57:02:1c:94:38:dc:85:fb:74:1b:65:36:ac:da:0b:ea:80:f9:
         fc:5e:34:d0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIjpGB1z1O81ifZcv9TMFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzY3ZTFiODBlOTczYzA5ODY2OTcxZTI1Y2I4ODhmMmEyNzFjZDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGG8iBOPjkpsR42VEdJHj00ZsF+C
2uHpNcI0Yg403fN5aaikHNpffyq0kVlkgVqkc90qs3XVwpa8DOdg2SOMr9Fk92dz
8XE5mDNgBgArNivELpIoFDzgRotaYC7OJBc9L4Y4y2hxSEgDYPlFpAZogHwwVHte
eIsxqxPPsxH/NBBW6pMzyUbclq5JXNV2MIelInc4r030eYXlDqdpVzn8ZTgVxFAm
RCINObowvkE6fBHArZLStNGR7aRujBRGNOYw3H0qbZbXNtdsH18vToxMWuoUkx+t
3YavGwAKSggnUNvuZfcgQnFlNh/j0TcNUJ47aOZfWjUQiWq6feQPA2baCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOxn4bgOlzwJhmlx4ly4iPKicc0gMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvN0dmaHVBNlhQQW1HYVhIaVhMaUk4cUp4elNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBwNA
MA0GCSqGSIb3DQEBCwUAA4IBAQCVYoYniVdZp/Uq76w68wiUoeHdux94cRSgnVTd
rwQUYQfmo6TEsaHROouk2GLzV8XZp4Jdgcm7M39DNv5JDLnBSX5yUfM2EX6Ei3Vy
U7ItVf9Dz/JDaIneCYA8TY3aFmE6Qoo310w5i3LMPuCk4hpfM9lXkRtLwzlfVB+B
09Fh2F89/7V9qC8v7UTCD7gK/SCcbkuQ9J73aybvhFLggdUXEcUM3SZO1b/mDSvA
+6EY9CXBxLjq0XR+jVKHIav7pbY5nemLL7hMDEIp2IFMRDBVqcSTF/IvzCU+MjuW
cVacQ3KJoaR1MKIkR8BXAhyUONyF+3QbZTas2gvqgPn8XjTQ
-----END CERTIFICATE-----