Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9G_ATItCxfNLMHehP8ZskNYdcFc.roa
File:                     9G_ATItCxfNLMHehP8ZskNYdcFc.roa (raw, json)
Hash identifier:          cJM2QO91RZmpJHcxItW8CYWs5OLnCnKbD+3YrlUgj1I=
Subject key identifier:   F4:6F:C0:4C:8B:42:C5:F3:4B:30:77:A1:3F:C6:6C:90:D6:1D:70:57
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0197351C4F00EAD34DE7CB3F6A44B391FE85
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9G_ATItCxfNLMHehP8ZskNYdcFc.roa
Signing time:             Tue 03 Jun 2025 09:25:36 +0000
ROA not before:           Tue 03 Jun 2025 09:25:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203145
IP address blocks:        2a06:de07:8120::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 11:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:35:1c:4f:00:ea:d3:4d:e7:cb:3f:6a:44:b3:91:fe:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun  3 09:25:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f46fc04c8b42c5f34b3077a13fc66c90d61d7057
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:43:51:b4:47:06:be:6a:56:30:a3:0f:a4:7b:
                    dd:92:73:56:62:72:aa:8b:90:8e:c4:27:6e:c4:76:
                    b5:b7:79:9f:46:54:33:03:85:9c:24:54:54:64:22:
                    bd:eb:cb:2a:f4:95:23:97:e4:63:2b:83:8d:22:7c:
                    31:21:31:74:40:8d:f5:ff:0b:d6:46:a4:f0:df:d2:
                    f9:d9:15:dc:47:29:f8:ad:bf:ed:4e:db:8f:5e:7d:
                    fb:10:5f:f2:39:2d:fc:a3:53:6d:f2:e9:dc:70:2e:
                    5b:09:53:33:44:2e:e4:14:d2:32:dd:d8:e2:b8:a8:
                    9c:4e:c6:d9:90:e5:71:bd:08:c9:8c:21:1e:f5:78:
                    e8:6f:a3:ba:ea:ad:6e:52:35:7f:d4:82:73:3d:cb:
                    13:7e:9e:d7:cf:56:10:8f:cc:a1:c3:7a:af:bd:2a:
                    db:de:b6:aa:61:ca:f4:ed:54:b5:42:72:47:aa:f4:
                    68:d7:17:7b:99:3c:7c:be:38:a5:17:d4:ee:8d:10:
                    a3:db:d6:67:ea:74:ef:a9:c0:5a:24:13:af:38:80:
                    96:cd:23:da:8d:8c:aa:4d:13:53:33:7b:58:12:e3:
                    22:74:aa:28:68:6b:57:70:b5:1e:6c:3f:c3:44:e5:
                    ed:90:78:a1:67:1c:78:eb:3e:0a:0e:81:d2:0d:77:
                    5d:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:6F:C0:4C:8B:42:C5:F3:4B:30:77:A1:3F:C6:6C:90:D6:1D:70:57
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9G_ATItCxfNLMHehP8ZskNYdcFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de07:8120::/44

    Signature Algorithm: sha256WithRSAEncryption
         a9:77:4b:41:e7:f5:9b:35:65:3d:5b:31:8e:2e:87:de:ca:de:
         fa:e9:ec:d3:ab:b7:b7:39:1a:49:c7:b1:35:7f:41:02:93:6e:
         a3:5f:c7:4c:94:14:12:b8:5f:8b:b5:1d:c7:36:26:8c:e8:38:
         4c:72:40:af:26:f1:79:7e:e5:d4:ac:be:20:de:ac:5d:18:8c:
         40:62:f6:09:c1:82:2d:2a:b0:7f:44:99:a2:26:88:6c:0f:36:
         5b:9d:23:ff:50:a8:d6:e9:ee:5a:50:99:8b:cf:e1:b9:57:c5:
         1f:26:44:22:97:89:fb:55:20:35:ee:55:80:af:8c:4d:0b:5e:
         57:6b:64:c8:80:5c:b4:44:f8:1a:f9:33:48:38:43:db:e8:ca:
         62:6d:90:10:23:f3:c6:ea:9b:5c:6b:bd:1d:3f:7d:ff:04:cf:
         44:24:0b:47:f0:42:ac:7c:66:3e:31:05:c2:8a:ca:68:fc:26:
         d5:47:03:b2:3c:ca:ab:89:cd:7f:02:34:30:4d:8f:4b:25:38:
         9e:fb:8c:a7:2a:bf:f7:6f:35:25:c4:d4:e9:ab:c9:ca:b6:be:
         ac:4f:9e:1f:78:6a:15:1f:b0:7b:be:f6:f4:4e:c8:a7:47:11:
         0b:94:26:a4:4e:19:48:ac:a2:ea:47:fe:a0:fe:1b:0a:6d:43:
         70:f5:67:2a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZc1HE8A6tNN58s/akSzkf6FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNjAzMDkyNTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDZmYzA0YzhiNDJjNWYzNGIzMDc3YTEzZmM2NmM5MGQ2MWQ3MDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz0NRtEcGvmpWMKMPpHvdknNWYnKq
i5COxCduxHa1t3mfRlQzA4WcJFRUZCK968sq9JUjl+RjK4ONInwxITF0QI31/wvW
RqTw39L52RXcRyn4rb/tTtuPXn37EF/yOS38o1Nt8unccC5bCVMzRC7kFNIy3dji
uKicTsbZkOVxvQjJjCEe9Xjob6O66q1uUjV/1IJzPcsTfp7Xz1YQj8yhw3qvvSrb
3raqYcr07VS1QnJHqvRo1xd7mTx8vjilF9TujRCj29Zn6nTvqcBaJBOvOICWzSPa
jYyqTRNTM3tYEuMidKooaGtXcLUebD/DROXtkHihZxx46z4KDoHSDXddZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPRvwEyLQsXzSzB3oT/GbJDWHXBXMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOUdfQVRJdEN4Zk5MTUhlaFA4WnNrTllkY0ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgbeB4Eg
MA0GCSqGSIb3DQEBCwUAA4IBAQCpd0tB5/WbNWU9WzGOLofeyt766ezTq7e3ORpJ
x7E1f0ECk26jX8dMlBQSuF+LtR3HNiaM6DhMckCvJvF5fuXUrL4g3qxdGIxAYvYJ
wYItKrB/RJmiJohsDzZbnSP/UKjW6e5aUJmLz+G5V8UfJkQil4n7VSA17lWAr4xN
C15Xa2TIgFy0RPga+TNIOEPb6MpibZAQI/PG6ptca70dP33/BM9EJAtH8EKsfGY+
MQXCispo/CbVRwOyPMqric1/AjQwTY9LJTie+4ynKr/3bzUlxNTpq8nKtr6sT54f
eGoVH7B7vvb0TsinRxELlCakThlIrKLqR/6g/hsKbUNw9Wcq
-----END CERTIFICATE-----