Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/85arVS9b-2vZ0jD_aVI6OSA8Q0A.roa
File:                     85arVS9b-2vZ0jD_aVI6OSA8Q0A.roa (raw, json)
Hash identifier:          LccGJOjqEt7bb3dzWuSR8Uy4zAHp9nw1T3+/+RB1by4=
Subject key identifier:   F3:96:AB:55:2F:5B:FB:6B:D9:D2:30:FF:69:52:3A:39:20:3C:43:40
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522393ECC9A29568206338360882221
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/85arVS9b-2vZ0jD_aVI6OSA8Q0A.roa
Signing time:             Thu 02 Jan 2025 03:49:47 +0000
ROA not before:           Thu 02 Jan 2025 03:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209669
IP address blocks:        2a0e:97c0:a1f::/48 maxlen: 48
                          2a10:cc40:150::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:39:3e:cc:9a:29:56:82:06:33:83:60:88:22:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f396ab552f5bfb6bd9d230ff69523a39203c4340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:79:81:a4:7c:d9:e4:9b:e8:9a:84:aa:b2:2d:
                    5a:97:1a:b9:52:8b:31:f6:89:c9:51:8e:ad:79:75:
                    7d:5d:4c:85:6a:0e:ac:92:be:7f:37:8c:2c:b6:ca:
                    7b:56:c5:53:03:29:e4:16:27:ad:7c:b6:a8:1a:65:
                    02:7b:13:e8:a0:4a:b9:cf:8c:43:9d:c9:5b:c0:2c:
                    4f:6c:e5:72:ce:82:d3:0b:54:a2:31:dc:41:bf:85:
                    08:ef:6b:13:21:6c:80:3e:39:70:0a:f3:5f:a6:77:
                    13:55:9b:a2:70:4e:6b:04:c6:05:20:e9:8c:d4:bf:
                    83:6e:83:57:e9:c4:10:c7:e0:7b:c2:fd:3d:d1:c2:
                    35:5f:bd:69:fe:62:a3:12:d2:24:9a:06:cf:9e:17:
                    db:60:f5:e9:5d:90:df:fd:79:96:ab:9d:1f:56:c7:
                    c4:ad:22:41:78:09:7d:87:03:c0:a9:b1:6b:9f:cc:
                    d6:db:89:c8:4f:62:0f:6b:92:b7:89:54:4a:0c:22:
                    ab:72:ae:19:98:2d:3f:f5:45:f0:7e:68:79:bb:9d:
                    5b:45:dd:2f:51:0a:69:5e:62:9c:d9:e5:b0:c8:a1:
                    d3:cb:40:db:50:75:cd:5c:b5:43:d8:7e:8f:fd:7a:
                    a8:59:e2:d0:7b:ea:e1:cf:3a:df:6a:5f:01:42:8b:
                    75:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:96:AB:55:2F:5B:FB:6B:D9:D2:30:FF:69:52:3A:39:20:3C:43:40
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/85arVS9b-2vZ0jD_aVI6OSA8Q0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:a1f::/48
                  2a10:cc40:150::/48

    Signature Algorithm: sha256WithRSAEncryption
         c1:32:6f:5c:2a:1f:0d:e3:d1:5f:0a:c4:76:87:4b:d4:94:2b:
         fa:1e:fb:58:8a:c1:c0:36:9a:e5:4f:66:c2:1b:93:e2:2f:6a:
         22:f1:d5:f6:7b:82:94:d0:9b:98:99:71:ca:dd:ce:24:74:68:
         ee:67:82:73:8d:8c:56:5e:3c:ce:0b:07:2d:0a:6b:23:3a:33:
         a2:98:57:ae:9c:92:52:e6:6d:c1:93:9d:71:71:97:cf:5f:cd:
         c8:fb:25:8d:95:e7:be:1e:ae:bd:11:39:53:cf:15:84:9f:98:
         6c:a8:f1:00:6c:c8:48:82:23:64:60:88:1e:be:4d:d2:26:e0:
         64:b4:79:15:a8:e5:17:da:6b:19:57:fe:52:41:39:23:fd:34:
         83:7a:c5:09:fb:ad:2e:19:b0:33:f4:a7:e0:78:e1:7c:6f:0d:
         a6:63:85:18:e5:39:e8:9d:df:06:e8:e4:b8:9d:59:2a:b2:2a:
         7c:a7:48:00:1a:5b:2e:c2:af:9d:30:ba:9e:49:e8:1a:24:b5:
         df:72:b9:24:85:4b:24:b0:b2:45:24:ef:6a:7f:21:1c:40:cb:
         36:bd:a4:e2:4a:c6:77:31:33:30:12:91:a7:aa:8b:31:57:fc:
         4e:a2:1e:23:3e:3c:6b:de:4c:76:f3:60:fa:e5:20:68:c6:9a:
         e8:e2:ed:6e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIjk+zJopVoIGM4NgiCIhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzk2YWI1NTJmNWJmYjZiZDlkMjMwZmY2OTUyM2EzOTIwM2M0MzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3mBpHzZ5JvomoSqsi1alxq5Uosx
9onJUY6teXV9XUyFag6skr5/N4wstsp7VsVTAynkFietfLaoGmUCexPooEq5z4xD
nclbwCxPbOVyzoLTC1SiMdxBv4UI72sTIWyAPjlwCvNfpncTVZuicE5rBMYFIOmM
1L+DboNX6cQQx+B7wv090cI1X71p/mKjEtIkmgbPnhfbYPXpXZDf/XmWq50fVsfE
rSJBeAl9hwPAqbFrn8zW24nIT2IPa5K3iVRKDCKrcq4ZmC0/9UXwfmh5u51bRd0v
UQppXmKc2eWwyKHTy0DbUHXNXLVD2H6P/XqoWeLQe+rhzzrfal8BQot13QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPOWq1UvW/tr2dIw/2lSOjkgPENAMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvODVhclZTOWItMnZaMGpEX2FWSTZPU0E4UTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6XwAof
AwcAKhDMQAFQMA0GCSqGSIb3DQEBCwUAA4IBAQDBMm9cKh8N49FfCsR2h0vUlCv6
HvtYisHANprlT2bCG5PiL2oi8dX2e4KU0JuYmXHK3c4kdGjuZ4JzjYxWXjzOCwct
CmsjOjOimFeunJJS5m3Bk51xcZfPX83I+yWNlee+Hq69ETlTzxWEn5hsqPEAbMhI
giNkYIgevk3SJuBktHkVqOUX2msZV/5SQTkj/TSDesUJ+60uGbAz9KfgeOF8bw2m
Y4UY5Tnond8G6OS4nVkqsip8p0gAGlsuwq+dMLqeSegaJLXfcrkkhUsksLJFJO9q
fyEcQMs2vaTiSsZ3MTMwEpGnqosxV/xOoh4jPjxr3kx282D65SBoxpro4u1u
-----END CERTIFICATE-----