Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7q0VD3-D_UzCBG5T15LWKH1Fwww.roa
File:                     7q0VD3-D_UzCBG5T15LWKH1Fwww.roa (raw, json)
Hash identifier:          wx41nM3hLybNEsR9D/Ix0F/+62H7KV1yyfSpViPfc84=
Subject key identifier:   EE:AD:15:0F:7F:83:FD:4C:C2:04:6E:53:D7:92:D6:28:7D:45:C3:0C
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252275F0BE80F9E597861491BAC89CAA
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7q0VD3-D_UzCBG5T15LWKH1Fwww.roa
Signing time:             Thu 02 Jan 2025 03:50:02 +0000
ROA not before:           Thu 02 Jan 2025 03:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213928
IP address blocks:        2a0e:97c0:190::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:75:f0:be:80:f9:e5:97:86:14:91:ba:c8:9c:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eead150f7f83fd4cc2046e53d792d6287d45c30c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:1b:19:7b:18:a5:d7:66:a8:e1:83:de:2f:73:
                    20:fd:2b:f4:8f:12:fc:13:74:e8:54:bd:25:22:cb:
                    15:28:c2:8b:3e:dc:ce:8f:f7:2d:ca:20:18:99:bd:
                    98:86:56:ce:ee:96:8c:09:bf:b9:c2:9f:87:d6:bf:
                    7b:a3:e5:2c:ae:a2:92:50:da:07:46:3d:25:7c:87:
                    d2:b8:94:81:85:16:c0:38:f6:05:22:92:cf:eb:3e:
                    f2:e9:37:29:0c:cc:c9:02:bb:e7:db:dd:04:fd:1b:
                    81:7e:24:05:d7:92:cd:e5:9e:84:4b:7b:f8:88:a4:
                    99:9a:4d:a9:a5:5b:26:49:a8:5c:c2:32:19:cf:90:
                    02:7b:65:33:1f:c7:81:88:5a:1f:fa:b1:0e:84:c7:
                    d6:78:40:a0:8b:e5:b4:57:0b:8f:30:ee:3f:c1:6a:
                    76:88:7a:2c:d0:97:41:58:dc:4d:49:6e:24:4a:5d:
                    d4:6f:75:52:ad:ef:e6:b4:b4:05:76:dd:d0:8e:1c:
                    94:ea:f4:a8:57:b0:f6:73:5d:a3:e5:94:9c:97:90:
                    72:41:0a:81:94:01:b5:dc:31:bd:5d:99:13:df:45:
                    52:9e:6d:95:5f:52:f6:fc:18:e7:98:f0:79:19:2f:
                    5b:64:dd:74:3d:de:44:f0:64:a0:f4:07:0f:be:58:
                    bf:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:AD:15:0F:7F:83:FD:4C:C2:04:6E:53:D7:92:D6:28:7D:45:C3:0C
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7q0VD3-D_UzCBG5T15LWKH1Fwww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:190::/44

    Signature Algorithm: sha256WithRSAEncryption
         ca:79:28:40:c6:a0:21:c7:cb:9a:38:95:12:2b:ef:6d:cf:b7:
         48:6e:34:2a:72:96:78:4d:15:29:99:e9:be:ad:b7:05:f4:cc:
         6d:14:86:e1:70:03:40:14:00:15:08:4e:e5:4a:58:59:88:82:
         47:dc:37:d2:b7:02:df:36:70:a9:89:b8:85:38:ea:c8:55:7f:
         dd:ef:13:09:a3:98:ac:f8:fc:21:41:e3:92:da:f3:6d:1d:b3:
         cb:ac:30:b3:bd:93:17:0f:85:d9:74:91:f6:a5:25:46:a6:b8:
         b8:6d:c2:67:b8:d8:ac:80:3a:ae:fb:e7:00:de:b0:c4:b5:2e:
         ea:28:76:6a:25:c5:d4:98:10:d2:82:c2:20:b1:4e:76:3b:b2:
         96:8c:be:00:77:90:66:de:30:aa:6d:18:14:2d:7b:c7:c1:62:
         cb:7e:97:85:d1:cc:7c:d7:ed:ab:e1:54:99:36:a9:76:f1:af:
         f0:66:08:22:54:5f:39:05:4d:58:c0:08:39:b7:ce:ba:19:ef:
         39:ae:95:0d:81:46:33:85:a4:ae:8f:6c:94:55:aa:dc:c3:99:
         5f:3d:46:a3:d2:08:db:2a:b5:d2:a7:40:d4:7b:e4:75:e9:a8:
         60:5e:db:23:14:d8:7e:84:c2:ff:e1:e6:c0:3e:76:c2:ec:96:
         2f:7e:5b:5a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlInXwvoD55ZeGFJG6yJyqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWFkMTUwZjdmODNmZDRjYzIwNDZlNTNkNzkyZDYyODdkNDVjMzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRsZexil12ao4YPeL3Mg/Sv0jxL8
E3ToVL0lIssVKMKLPtzOj/ctyiAYmb2YhlbO7paMCb+5wp+H1r97o+UsrqKSUNoH
Rj0lfIfSuJSBhRbAOPYFIpLP6z7y6TcpDMzJArvn290E/RuBfiQF15LN5Z6ES3v4
iKSZmk2ppVsmSahcwjIZz5ACe2UzH8eBiFof+rEOhMfWeECgi+W0VwuPMO4/wWp2
iHos0JdBWNxNSW4kSl3Ub3VSre/mtLQFdt3QjhyU6vSoV7D2c12j5ZScl5ByQQqB
lAG13DG9XZkT30VSnm2VX1L2/BjnmPB5GS9bZN10Pd5E8GSg9AcPvli/4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO6tFQ9/g/1MwgRuU9eS1ih9RcMMMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvN3EwVkQzLURfVXpDQkc1VDE1TFdLSDFGd3d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAGQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDKeShAxqAhx8uaOJUSK+9tz7dIbjQqcpZ4TRUp
mem+rbcF9MxtFIbhcANAFAAVCE7lSlhZiIJH3DfStwLfNnCpibiFOOrIVX/d7xMJ
o5is+PwhQeOS2vNtHbPLrDCzvZMXD4XZdJH2pSVGpri4bcJnuNisgDqu++cA3rDE
tS7qKHZqJcXUmBDSgsIgsU52O7KWjL4Ad5Bm3jCqbRgULXvHwWLLfpeF0cx81+2r
4VSZNql28a/wZggiVF85BU1YwAg5t866Ge85rpUNgUYzhaSuj2yUVarcw5lfPUaj
0gjbKrXSp0DUe+R16ahgXtsjFNh+hML/4ebAPnbC7JYvflta
-----END CERTIFICATE-----