Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9olBSbVETfQsOMvvPhKYmwa95PY.roa
File:                     9olBSbVETfQsOMvvPhKYmwa95PY.roa (raw, json)
Hash identifier:          n5i0qf/fg/HzaAdwtysqht320hA2LiMZ7SFH8qJ4Bu8=
Subject key identifier:   F6:89:41:49:B5:44:4D:F4:2C:38:CB:EF:3E:12:98:9B:06:BD:E4:F6
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425222805A7B009D30527F9DCE2614141
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9olBSbVETfQsOMvvPhKYmwa95PY.roa
Signing time:             Thu 02 Jan 2025 03:49:42 +0000
ROA not before:           Thu 02 Jan 2025 03:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207564
IP address blocks:        2a0e:b107:ed0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:28:05:a7:b0:09:d3:05:27:f9:dc:e2:61:41:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f6894149b5444df42c38cbef3e12989b06bde4f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:23:86:e9:f6:40:a6:31:c2:af:66:ab:0a:f3:
                    1a:3f:b8:a8:9e:2e:b5:c8:31:e1:39:b3:70:28:a1:
                    a4:a9:bf:f0:a6:7a:38:99:1b:02:12:25:f1:31:90:
                    9f:28:92:7b:c1:31:13:64:38:32:7d:ca:18:b9:36:
                    4b:dc:04:7f:e8:0c:ce:8a:60:eb:16:27:3b:b0:9a:
                    4b:c6:ae:6a:02:93:f8:bc:48:67:4c:5d:79:cf:34:
                    78:56:2b:24:61:4a:9f:11:f9:3d:36:f2:de:95:b4:
                    92:c6:8f:27:db:05:ec:20:d6:f0:25:dd:80:cc:69:
                    2f:b9:90:87:cf:40:f6:48:5b:9f:ee:b9:a3:5d:bc:
                    a6:df:c5:85:7a:a8:4b:63:4d:60:4e:55:3f:c7:46:
                    01:78:2d:20:60:52:3c:24:32:db:53:61:8a:46:d0:
                    90:36:65:8d:a5:fc:88:eb:a1:15:be:9c:ed:5a:af:
                    af:d6:fa:bb:fb:e0:a4:c0:09:a7:3f:b5:54:79:4e:
                    f3:8a:ec:96:7b:cc:74:64:a0:70:13:40:98:4f:cc:
                    62:ec:c2:86:a2:25:ab:52:dd:dc:cd:b0:da:70:63:
                    14:d3:02:f4:29:9d:53:02:a5:c1:7c:95:8d:b9:81:
                    a8:68:34:1f:85:35:b6:35:30:47:59:d4:c2:b8:f1:
                    6a:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:89:41:49:B5:44:4D:F4:2C:38:CB:EF:3E:12:98:9B:06:BD:E4:F6
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9olBSbVETfQsOMvvPhKYmwa95PY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:ed0::/44

    Signature Algorithm: sha256WithRSAEncryption
         16:1c:a0:84:50:25:1f:29:59:07:75:4e:ca:b4:af:00:61:3c:
         af:9f:86:d0:cc:5b:8e:2d:87:64:9f:07:f8:26:19:af:bf:9c:
         78:f5:d9:1e:be:69:f7:d9:fa:a2:32:35:9c:63:af:75:3a:bf:
         25:89:71:1c:38:ae:bc:08:f2:71:38:7b:74:3d:f6:e4:0b:0e:
         f5:79:ca:96:cd:ac:aa:1b:0d:05:b2:78:8b:66:fc:4d:aa:0d:
         e3:55:64:e3:b2:a1:e3:a7:b6:71:04:b6:55:b2:ea:af:52:d5:
         05:8a:ba:28:1a:6b:f0:24:87:54:8c:3d:d6:a2:11:5f:96:91:
         ca:4e:45:9d:41:20:c9:6c:3f:55:3f:59:3b:36:bf:9b:e8:79:
         d0:6b:8e:d7:23:75:0a:8d:5e:39:2a:f9:b6:8c:a2:7e:fc:b5:
         3c:49:bb:32:7d:d4:08:a7:b8:0b:1a:07:d0:7c:5d:c1:b3:d6:
         a6:a3:e4:1d:0c:e4:85:ad:ea:a8:0d:2d:79:9c:89:f6:a3:be:
         97:50:b5:43:e1:38:22:7c:6e:3d:36:e0:b8:c4:5d:0d:5f:a4:
         20:67:8a:c3:ef:c7:ac:67:d8:b5:61:28:25:8f:ae:69:ce:f7:
         61:2b:1f:cb:49:72:b2:f4:55:ee:b3:4a:73:50:cc:69:a0:e6:
         70:74:e6:38
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIigFp7AJ0wUn+dziYUFBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjg5NDE0OWI1NDQ0ZGY0MmMzOGNiZWYzZTEyOTg5YjA2YmRlNGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSOG6fZApjHCr2arCvMaP7ioni61
yDHhObNwKKGkqb/wpno4mRsCEiXxMZCfKJJ7wTETZDgyfcoYuTZL3AR/6AzOimDr
Fic7sJpLxq5qApP4vEhnTF15zzR4ViskYUqfEfk9NvLelbSSxo8n2wXsINbwJd2A
zGkvuZCHz0D2SFuf7rmjXbym38WFeqhLY01gTlU/x0YBeC0gYFI8JDLbU2GKRtCQ
NmWNpfyI66EVvpztWq+v1vq7++CkwAmnP7VUeU7ziuyWe8x0ZKBwE0CYT8xi7MKG
oiWrUt3czbDacGMU0wL0KZ1TAqXBfJWNuYGoaDQfhTW2NTBHWdTCuPFq8wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPaJQUm1RE30LDjL7z4SmJsGveT2MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOW9sQlNiVkVUZlFzT012dlBoS1ltd2E5NVBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBw7Q
MA0GCSqGSIb3DQEBCwUAA4IBAQAWHKCEUCUfKVkHdU7KtK8AYTyvn4bQzFuOLYdk
nwf4Jhmvv5x49dkevmn32fqiMjWcY691Or8liXEcOK68CPJxOHt0PfbkCw71ecqW
zayqGw0FsniLZvxNqg3jVWTjsqHjp7ZxBLZVsuqvUtUFirooGmvwJIdUjD3WohFf
lpHKTkWdQSDJbD9VP1k7Nr+b6HnQa47XI3UKjV45Kvm2jKJ+/LU8SbsyfdQIp7gL
GgfQfF3Bs9amo+QdDOSFreqoDS15nIn2o76XULVD4TgifG49NuC4xF0NX6QgZ4rD
78esZ9i1YSglj65pzvdhKx/LSXKy9FXus0pzUMxpoOZwdOY4
-----END CERTIFICATE-----