Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/85MwwKw7weBXbtH37_oUXw_TvUM.roa
File:                     85MwwKw7weBXbtH37_oUXw_TvUM.roa (raw, json)
Hash identifier:          xXd0HfCllZ5b88s4yz9d82F/nBnOUiLekUOiz66i2Sk=
Subject key identifier:   F3:93:30:C0:AC:3B:C1:E0:57:6E:D1:F7:EF:FA:14:5F:0F:D3:BD:43
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521CF5D77C69DD6E0049FBB9FFE53BB
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/85MwwKw7weBXbtH37_oUXw_TvUM.roa
Signing time:             Thu 02 Jan 2025 03:49:20 +0000
ROA not before:           Thu 02 Jan 2025 03:49:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42641
IP address blocks:        2a0e:b107:17bf::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:cf:5d:77:c6:9d:d6:e0:04:9f:bb:9f:fe:53:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f39330c0ac3bc1e0576ed1f7effa145f0fd3bd43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:02:04:dc:cc:f5:f7:f8:4d:af:da:99:92:54:
                    81:ca:b9:28:13:a7:f2:22:65:cf:7d:b9:6c:c1:da:
                    df:53:57:2e:93:ca:e1:c7:58:1e:08:95:97:c6:b0:
                    e8:67:44:ad:7f:9e:8a:b9:11:75:ad:cd:24:ce:1d:
                    7d:19:eb:48:ad:19:17:9d:b9:15:51:72:f1:cd:d3:
                    cb:ad:af:45:60:19:22:b5:02:d5:ac:a5:f0:aa:d5:
                    26:1d:68:73:0b:b9:6a:7a:56:e8:9e:e0:ce:b4:92:
                    fa:04:dd:12:c7:8f:42:b5:3d:69:04:e5:72:23:af:
                    c9:49:e1:13:42:bc:d6:ff:55:2c:20:ab:c3:48:7d:
                    06:fd:ab:7f:5d:88:14:c2:aa:12:16:1e:39:c6:d0:
                    dc:46:d5:99:3f:30:f7:6f:77:02:d1:eb:3c:b2:31:
                    50:93:2d:e8:6e:32:0d:82:4c:c5:bf:cb:f5:1a:73:
                    b4:9a:ba:c2:52:07:ad:f4:a2:07:31:aa:a4:97:6f:
                    80:0f:7f:cb:a3:85:2f:b6:f2:d5:4d:94:69:a7:e7:
                    4f:03:c7:57:86:b1:2c:c2:0e:b8:40:d1:c8:fd:9c:
                    5a:d9:8f:51:74:52:fc:38:c0:49:00:0a:f1:0d:1b:
                    00:c2:56:6a:ca:2f:70:76:07:89:50:43:fc:fe:54:
                    62:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:93:30:C0:AC:3B:C1:E0:57:6E:D1:F7:EF:FA:14:5F:0F:D3:BD:43
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/85MwwKw7weBXbtH37_oUXw_TvUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:17bf::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:d3:7a:0f:2c:78:c3:cc:f7:f4:8f:b5:f2:ac:90:a1:a0:e4:
         59:e9:50:c6:9e:c9:f8:b2:b3:4f:f4:96:40:62:dc:c2:b9:d7:
         5f:c7:3f:d5:95:11:5e:bf:14:86:8d:57:0d:c8:fe:f8:cd:63:
         af:67:88:7c:20:a1:2a:e9:17:83:0c:fe:2a:bf:9e:0d:a6:8e:
         55:23:66:a4:6c:5a:8e:87:3a:1b:0a:2f:82:ee:18:5a:ec:bc:
         45:61:50:23:c5:9e:04:51:e6:1e:fb:5f:da:b3:c2:ab:83:b0:
         aa:b8:7a:cd:fb:cb:fe:ca:b4:20:ac:bc:8d:41:34:97:59:ed:
         ed:47:4b:8b:bc:d8:0e:7a:c7:1a:a9:bb:54:06:a9:41:ab:c5:
         7d:28:f7:27:3c:c1:72:73:5e:c0:99:71:6e:5a:b9:48:bc:db:
         78:44:30:d9:13:ba:0b:04:96:19:0e:e5:f6:ab:c3:8d:b6:79:
         6c:85:ae:e6:08:d3:20:9d:b0:1f:fc:cd:5b:21:c4:55:e0:70:
         78:75:e9:5f:9d:85:ac:d5:76:a1:49:75:26:2f:9e:51:17:16:
         ef:04:2c:09:a4:f9:a7:90:8d:f6:41:db:32:cc:cb:a3:49:0d:
         64:c1:29:7f:f9:f4:eb:ae:d8:f8:b7:fb:12:b9:e9:5a:5e:51:
         ca:d5:2e:d9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIc9dd8ad1uAEn7uf/lO7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzkzMzBjMGFjM2JjMWUwNTc2ZWQxZjdlZmZhMTQ1ZjBmZDNiZDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwIE3Mz19/hNr9qZklSByrkoE6fy
ImXPfblswdrfU1cuk8rhx1geCJWXxrDoZ0Stf56KuRF1rc0kzh19GetIrRkXnbkV
UXLxzdPLra9FYBkitQLVrKXwqtUmHWhzC7lqelbonuDOtJL6BN0Sx49CtT1pBOVy
I6/JSeETQrzW/1UsIKvDSH0G/at/XYgUwqoSFh45xtDcRtWZPzD3b3cC0es8sjFQ
ky3objINgkzFv8v1GnO0mrrCUget9KIHMaqkl2+AD3/Lo4UvtvLVTZRpp+dPA8dX
hrEswg64QNHI/Zxa2Y9RdFL8OMBJAArxDRsAwlZqyi9wdgeJUEP8/lRioQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPOTMMCsO8HgV27R9+/6FF8P071DMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvODVNd3dLdzd3ZUJYYnRIMzdfb1VYd19UdlVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBxe/
MA0GCSqGSIb3DQEBCwUAA4IBAQCC03oPLHjDzPf0j7XyrJChoORZ6VDGnsn4srNP
9JZAYtzCuddfxz/VlRFevxSGjVcNyP74zWOvZ4h8IKEq6ReDDP4qv54Npo5VI2ak
bFqOhzobCi+C7hha7LxFYVAjxZ4EUeYe+1/as8Krg7CquHrN+8v+yrQgrLyNQTSX
We3tR0uLvNgOescaqbtUBqlBq8V9KPcnPMFyc17AmXFuWrlIvNt4RDDZE7oLBJYZ
DuX2q8ONtnlsha7mCNMgnbAf/M1bIcRV4HB4delfnYWs1XahSXUmL55RFxbvBCwJ
pPmnkI32QdsyzMujSQ1kwSl/+fTrrtj4t/sSuelaXlHK1S7Z
-----END CERTIFICATE-----