Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7XA36hrs_jaJo239mLsf_GHMvlA.roa
File:                     7XA36hrs_jaJo239mLsf_GHMvlA.roa (raw, json)
Hash identifier:          tS96y7pzScey9suhKNC2z0Zv9dHdXw4X2KSjubad++M=
Subject key identifier:   ED:70:37:EA:1A:EC:FE:36:89:A3:6D:FD:98:BB:1F:FC:61:CC:BE:50
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252262CA0EDDF349B1F7403DA7697B07
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7XA36hrs_jaJo239mLsf_GHMvlA.roa
Signing time:             Thu 02 Jan 2025 03:49:57 +0000
ROA not before:           Thu 02 Jan 2025 03:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212477
IP address blocks:        2a0e:97c0:180::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:62:ca:0e:dd:f3:49:b1:f7:40:3d:a7:69:7b:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed7037ea1aecfe3689a36dfd98bb1ffc61ccbe50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:cc:00:b6:00:37:19:07:a1:fc:d4:08:0b:ee:
                    83:fe:20:92:81:7c:33:eb:b9:ee:99:17:0a:fe:fd:
                    8a:55:c7:91:2e:a1:11:ba:aa:f1:5f:7f:4d:76:58:
                    ba:16:9c:cf:dc:94:ea:90:44:3e:ff:04:fa:5d:dc:
                    2e:db:d8:82:84:ab:58:6b:14:7a:d5:b9:a2:b8:e2:
                    64:01:6e:fc:6d:02:25:cc:ee:d3:58:e6:3f:20:e1:
                    4a:3e:b8:42:a9:96:0b:b7:48:41:49:e0:52:f2:f6:
                    1c:ec:f8:a4:89:8f:16:51:c4:c1:8a:0c:1c:21:2c:
                    bf:39:85:c3:03:57:0e:b1:7a:32:aa:ce:5e:15:d4:
                    2e:2b:3d:e4:44:47:04:43:2d:4f:f6:e6:64:81:1f:
                    68:7e:ee:43:81:33:6b:ee:b5:94:5a:1f:07:9b:64:
                    bc:16:1c:d3:71:12:d2:ed:29:c0:8d:6b:45:b0:31:
                    8c:db:d3:0b:0f:ca:1f:7c:c0:b0:dc:a8:13:c8:1b:
                    44:e6:13:6f:f7:8a:23:70:52:bc:b6:c6:ec:b0:30:
                    8a:8e:11:07:eb:fc:b3:89:2c:5a:0b:70:72:2d:e7:
                    cb:61:8e:27:a1:63:02:31:df:97:bb:3c:53:e5:3b:
                    0f:1f:4f:e9:06:ba:9c:86:e5:7d:45:b9:1d:40:80:
                    b7:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:70:37:EA:1A:EC:FE:36:89:A3:6D:FD:98:BB:1F:FC:61:CC:BE:50
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7XA36hrs_jaJo239mLsf_GHMvlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:180::/44

    Signature Algorithm: sha256WithRSAEncryption
         59:8e:f8:d2:28:ae:2c:69:ec:52:4a:19:7c:be:d7:a3:e2:18:
         55:d4:0d:cf:13:55:ac:f5:5d:8c:08:e3:f4:cc:cc:ad:d1:cd:
         59:cd:d4:1e:25:ad:5e:fc:c2:98:a3:b1:19:75:b3:0d:5a:8d:
         b8:bc:35:94:c5:cf:b5:25:34:6a:c6:03:3f:70:bf:12:85:33:
         d4:0e:ba:3a:d9:78:13:94:1b:7a:b6:91:7f:96:6e:93:d7:1c:
         03:f3:b3:a9:cd:b3:b1:ae:26:08:91:7e:2d:0f:cc:5b:18:bf:
         29:97:63:02:32:c4:2f:ef:fb:07:fa:c9:6d:c2:60:7b:58:fe:
         02:6d:13:62:9e:20:17:6c:a8:4a:94:bf:59:6b:8a:f3:5d:9a:
         ac:b6:01:d1:71:45:f9:15:7f:db:14:e3:ed:6f:7c:30:de:64:
         f0:3f:f2:f2:3b:c0:03:04:cc:92:fe:4c:f3:d2:ec:46:a4:92:
         9c:a3:29:d5:96:69:49:ae:b6:bd:53:8a:97:b8:a8:8e:59:f7:
         8e:05:8a:b5:fa:76:a2:35:37:a2:11:ee:34:3f:6f:bf:93:de:
         9d:8a:06:7e:45:51:ff:de:2f:17:fc:0b:16:32:8f:a5:cf:4f:
         3a:8d:30:ae:91:d8:2e:46:d1:cc:14:cb:ec:6e:55:a3:3c:a0:
         4c:2b:d7:9f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlImLKDt3zSbH3QD2naXsHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDcwMzdlYTFhZWNmZTM2ODlhMzZkZmQ5OGJiMWZmYzYxY2NiZTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3cwAtgA3GQeh/NQIC+6D/iCSgXwz
67numRcK/v2KVceRLqERuqrxX39Ndli6FpzP3JTqkEQ+/wT6Xdwu29iChKtYaxR6
1bmiuOJkAW78bQIlzO7TWOY/IOFKPrhCqZYLt0hBSeBS8vYc7PikiY8WUcTBigwc
ISy/OYXDA1cOsXoyqs5eFdQuKz3kREcEQy1P9uZkgR9ofu5DgTNr7rWUWh8Hm2S8
FhzTcRLS7SnAjWtFsDGM29MLD8offMCw3KgTyBtE5hNv94ojcFK8tsbssDCKjhEH
6/yziSxaC3ByLefLYY4noWMCMd+XuzxT5TsPH0/pBrqchuV9RbkdQIC3ZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO1wN+oa7P42iaNt/Zi7H/xhzL5QMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvN1hBMzZocnNfamFKbzIzOW1Mc2ZfR0hNdmxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAGA
MA0GCSqGSIb3DQEBCwUAA4IBAQBZjvjSKK4saexSShl8vtej4hhV1A3PE1Ws9V2M
COP0zMyt0c1ZzdQeJa1e/MKYo7EZdbMNWo24vDWUxc+1JTRqxgM/cL8ShTPUDro6
2XgTlBt6tpF/lm6T1xwD87OpzbOxriYIkX4tD8xbGL8pl2MCMsQv7/sH+sltwmB7
WP4CbRNiniAXbKhKlL9Za4rzXZqstgHRcUX5FX/bFOPtb3ww3mTwP/LyO8ADBMyS
/kzz0uxGpJKcoynVlmlJrra9U4qXuKiOWfeOBYq1+naiNTeiEe40P2+/k96digZ+
RVH/3i8X/AsWMo+lz086jTCukdguRtHMFMvsblWjPKBMK9ef
-----END CERTIFICATE-----