Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8BLldELwqihA6MsFJbU50yaw4oc.roa
File:                     8BLldELwqihA6MsFJbU50yaw4oc.roa (raw, json)
Hash identifier:          xBJqhe8VEDgU3Qg556xb9u304HuhV0KlqeQ7uO/njPE=
Subject key identifier:   F0:12:E5:74:42:F0:AA:28:40:E8:CB:05:25:B5:39:D3:26:B0:E2:87
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425221EC354982B1968C0A746D6D1ACCC
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8BLldELwqihA6MsFJbU50yaw4oc.roa
Signing time:             Thu 02 Jan 2025 03:49:40 +0000
ROA not before:           Thu 02 Jan 2025 03:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205121
IP address blocks:        2a0e:97c0:ad0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:1e:c3:54:98:2b:19:68:c0:a7:46:d6:d1:ac:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f012e57442f0aa2840e8cb0525b539d326b0e287
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:4d:7c:9c:be:92:29:c0:72:03:ea:3b:f9:af:
                    2e:88:0d:b9:44:f5:66:03:20:b0:95:da:bb:09:78:
                    af:f0:cb:ea:04:10:24:ee:38:8e:28:2e:83:80:19:
                    48:b7:83:1c:2e:5b:bf:58:3c:ed:14:02:6b:cb:c3:
                    6f:55:70:92:ae:c2:a5:a5:91:c6:bd:c7:02:e5:37:
                    ae:e8:c2:35:10:18:b7:c7:30:14:0e:f6:e3:31:e4:
                    0b:b6:cf:42:c2:75:0e:67:ec:85:03:43:c9:66:12:
                    60:41:7b:f3:ed:26:cc:6c:2c:33:37:67:7e:00:ee:
                    87:42:7e:0a:c5:e3:94:18:96:8a:b5:45:41:83:3c:
                    49:6e:9c:17:fd:48:d9:0f:a9:77:33:b7:d2:8d:47:
                    75:1a:7b:98:09:e5:2f:8f:e5:4d:e5:2d:a3:52:96:
                    f6:05:17:52:50:11:dd:8e:7a:57:ed:0c:fb:c2:3d:
                    44:8f:d2:49:e3:dc:99:aa:d3:e3:b4:34:d1:e8:f3:
                    07:3b:37:fc:3d:58:14:fc:64:3a:3e:8f:f9:87:8d:
                    a5:5f:e8:90:78:72:dc:dc:38:5a:20:5e:f5:6f:1f:
                    87:a6:f4:0a:1e:91:2b:06:2f:33:08:10:14:14:9d:
                    e6:75:ad:f2:8e:fb:da:33:b5:3d:78:3f:5b:0c:4d:
                    26:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:12:E5:74:42:F0:AA:28:40:E8:CB:05:25:B5:39:D3:26:B0:E2:87
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8BLldELwqihA6MsFJbU50yaw4oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:ad0::/44

    Signature Algorithm: sha256WithRSAEncryption
         62:eb:86:4e:91:ec:77:0a:c5:1d:83:14:c1:58:cf:0f:d0:d9:
         88:67:78:97:16:cb:6f:5b:3d:7a:c5:cf:29:6a:72:f1:d0:53:
         91:9b:60:2d:20:b4:2f:60:a4:c0:83:c5:44:ba:0b:3e:b6:b2:
         6e:8c:a5:c1:53:a9:f0:4e:ff:e0:c9:f6:20:d3:65:94:ad:4c:
         d7:fb:0d:cb:7b:49:f3:25:d8:c0:fc:48:ed:3c:ea:a7:c0:cc:
         58:78:7e:c1:e8:fe:f2:4b:c8:2b:33:5e:4a:bb:9e:6d:40:a9:
         80:21:13:55:04:3f:98:e1:27:84:89:47:bf:37:56:94:89:5c:
         1a:b0:86:78:5d:77:fe:6d:56:76:78:77:ea:b6:2d:de:8f:85:
         b7:90:5c:e1:c4:b0:52:23:11:af:a4:7a:e4:c9:e2:49:52:f2:
         05:65:42:e7:8b:c6:90:96:e8:63:66:e4:9f:5b:22:67:d3:25:
         ed:ea:18:70:0a:d4:17:05:6f:21:a3:44:02:df:9d:cf:d1:2d:
         1c:a2:b2:09:7e:33:03:7a:01:98:66:95:c3:8b:47:56:4d:30:
         2e:4d:46:61:21:9f:5f:01:8b:56:7a:f4:67:ca:3b:cb:14:1a:
         23:ee:5a:ed:d8:05:98:20:b0:b8:63:1b:06:23:03:75:0c:45:
         63:55:87:4f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIh7DVJgrGWjAp0bW0azMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDEyZTU3NDQyZjBhYTI4NDBlOGNiMDUyNWI1MzlkMzI2YjBlMjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApE18nL6SKcByA+o7+a8uiA25RPVm
AyCwldq7CXiv8MvqBBAk7jiOKC6DgBlIt4McLlu/WDztFAJry8NvVXCSrsKlpZHG
vccC5Teu6MI1EBi3xzAUDvbjMeQLts9CwnUOZ+yFA0PJZhJgQXvz7SbMbCwzN2d+
AO6HQn4KxeOUGJaKtUVBgzxJbpwX/UjZD6l3M7fSjUd1GnuYCeUvj+VN5S2jUpb2
BRdSUBHdjnpX7Qz7wj1Ej9JJ49yZqtPjtDTR6PMHOzf8PVgU/GQ6Po/5h42lX+iQ
eHLc3DhaIF71bx+HpvQKHpErBi8zCBAUFJ3mda3yjvvaM7U9eD9bDE0msQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPAS5XRC8KooQOjLBSW1OdMmsOKHMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOEJMbGRFTHdxaWhBNk1zRkpiVTUweWF3NG9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwArQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBi64ZOkex3CsUdgxTBWM8P0NmIZ3iXFstvWz16
xc8panLx0FORm2AtILQvYKTAg8VEugs+trJujKXBU6nwTv/gyfYg02WUrUzX+w3L
e0nzJdjA/EjtPOqnwMxYeH7B6P7yS8grM15Ku55tQKmAIRNVBD+Y4SeEiUe/N1aU
iVwasIZ4XXf+bVZ2eHfqti3ej4W3kFzhxLBSIxGvpHrkyeJJUvIFZULni8aQluhj
ZuSfWyJn0yXt6hhwCtQXBW8ho0QC353P0S0corIJfjMDegGYZpXDi0dWTTAuTUZh
IZ9fAYtWevRnyjvLFBoj7lrt2AWYILC4YxsGIwN1DEVjVYdP
-----END CERTIFICATE-----