Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/AGtpPMT_rKhkmc3XDv9zSBgcd7U.roa
File:                     AGtpPMT_rKhkmc3XDv9zSBgcd7U.roa (raw, json)
Hash identifier:          uxEL6zpAo3+kTGcxU8RARLaz65/o1SbKJgP6KvUAYHE=
Subject key identifier:   00:6B:69:3C:C4:FF:AC:A8:64:99:CD:D7:0E:FF:73:48:18:1C:77:B5
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522378131AC822C39F42C085132EEC7
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/AGtpPMT_rKhkmc3XDv9zSBgcd7U.roa
Signing time:             Thu 02 Jan 2025 03:49:46 +0000
ROA not before:           Thu 02 Jan 2025 03:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209460
IP address blocks:        2a0e:b107:19a1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:37:81:31:ac:82:2c:39:f4:2c:08:51:32:ee:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=006b693cc4ffaca86499cdd70eff7348181c77b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:90:a0:1a:a1:78:f9:2b:e7:91:ad:23:78:d3:
                    9c:4d:9a:36:06:14:18:c0:39:86:5f:dc:40:99:cb:
                    0b:06:34:e6:2c:7c:b1:ce:cc:14:17:32:55:1b:08:
                    3b:f3:69:f5:45:4a:8c:c5:0d:1f:14:39:ea:59:ee:
                    22:f0:45:57:d9:37:7d:51:b3:bb:05:e8:1c:f2:a5:
                    69:6b:94:c6:54:f6:68:38:c9:16:88:96:83:17:c6:
                    2c:91:52:af:f5:17:d5:2d:1b:bf:4e:b7:03:05:d0:
                    7c:88:fc:0b:40:c9:e6:bf:ce:bd:72:ad:de:a2:8a:
                    4c:be:02:a8:ef:53:75:45:2e:0a:c2:38:e9:2f:ab:
                    b2:d6:d5:b2:64:f4:6f:5d:7a:1f:97:e3:bd:1c:50:
                    4c:f4:4a:51:27:4a:80:63:47:3e:02:b6:06:ec:13:
                    57:a9:19:fd:7e:da:4b:1f:82:a5:4c:7d:6e:22:47:
                    98:d4:5f:fa:d0:e4:b8:d4:84:20:72:bf:1a:b8:09:
                    8f:24:dc:9a:64:f5:ea:98:50:8f:8a:54:c6:dd:cd:
                    f9:d3:b0:20:0e:22:b6:c5:cb:ad:61:fc:7d:64:22:
                    77:bc:ba:e1:f7:10:2c:99:16:1b:35:82:15:dc:b6:
                    0e:74:27:2f:09:f5:9d:d8:70:b9:6a:68:35:9c:2e:
                    c3:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:6B:69:3C:C4:FF:AC:A8:64:99:CD:D7:0E:FF:73:48:18:1C:77:B5
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/AGtpPMT_rKhkmc3XDv9zSBgcd7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:19a1::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:00:20:64:73:4d:48:10:89:38:80:a0:d1:21:6a:e9:eb:60:
         9d:53:2d:ab:b1:03:a4:6b:d5:2b:2a:30:a5:db:4a:b4:97:45:
         ce:c3:ce:01:ac:eb:a6:f1:15:d4:7b:fe:f4:03:e3:5c:e6:4c:
         20:ae:26:99:bc:4f:db:11:e1:49:70:55:f0:81:36:df:4e:bb:
         24:38:77:45:f6:58:c7:33:75:0e:92:29:5b:92:d3:dd:d1:28:
         9f:e6:cc:14:4b:4c:ee:e9:b7:36:76:99:dd:f6:4f:bf:e3:c7:
         0e:64:eb:3a:8d:a6:17:dc:de:07:c1:89:c6:9f:ea:99:d4:e3:
         0e:39:e7:8b:50:de:e6:d4:b3:ed:d0:f8:c3:58:ee:77:66:f2:
         3e:ce:53:d9:24:49:ce:9d:f3:23:9b:73:4f:3c:48:d7:49:b7:
         cc:bc:ed:a5:67:bf:86:83:4f:e0:ed:73:ac:0f:c8:cf:05:3d:
         63:e1:18:d2:5b:2d:a1:9b:ac:55:eb:0f:73:3a:97:4c:94:f8:
         77:fb:63:58:41:ec:61:a0:4d:41:f0:35:90:3f:84:56:6b:d6:
         35:58:38:b5:93:94:20:ed:ff:89:7f:86:62:77:7c:c4:b9:51:
         01:00:33:b0:c3:f4:4b:1c:07:dd:21:d2:42:79:29:5e:6e:31:
         3e:c6:f3:10
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIjeBMayCLDn0LAhRMu7HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDZiNjkzY2M0ZmZhY2E4NjQ5OWNkZDcwZWZmNzM0ODE4MWM3N2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5pCgGqF4+Svnka0jeNOcTZo2BhQY
wDmGX9xAmcsLBjTmLHyxzswUFzJVGwg782n1RUqMxQ0fFDnqWe4i8EVX2Td9UbO7
Begc8qVpa5TGVPZoOMkWiJaDF8YskVKv9RfVLRu/TrcDBdB8iPwLQMnmv869cq3e
oopMvgKo71N1RS4KwjjpL6uy1tWyZPRvXXofl+O9HFBM9EpRJ0qAY0c+ArYG7BNX
qRn9ftpLH4KlTH1uIkeY1F/60OS41IQgcr8auAmPJNyaZPXqmFCPilTG3c3507Ag
DiK2xcutYfx9ZCJ3vLrh9xAsmRYbNYIV3LYOdCcvCfWd2HC5amg1nC7DeQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFABraTzE/6yoZJnN1w7/c0gYHHe1MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQUd0cFBNVF9yS2hrbWMzWER2OXpTQmdjZDdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBxmh
MA0GCSqGSIb3DQEBCwUAA4IBAQApACBkc01IEIk4gKDRIWrp62CdUy2rsQOka9Ur
KjCl20q0l0XOw84BrOum8RXUe/70A+Nc5kwgriaZvE/bEeFJcFXwgTbfTrskOHdF
9ljHM3UOkilbktPd0Sif5swUS0zu6bc2dpnd9k+/48cOZOs6jaYX3N4HwYnGn+qZ
1OMOOeeLUN7m1LPt0PjDWO53ZvI+zlPZJEnOnfMjm3NPPEjXSbfMvO2lZ7+Gg0/g
7XOsD8jPBT1j4RjSWy2hm6xV6w9zOpdMlPh3+2NYQexhoE1B8DWQP4RWa9Y1WDi1
k5Qg7f+Jf4Zid3zEuVEBADOww/RLHAfdIdJCeSlebjE+xvMQ
-----END CERTIFICATE-----