Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ALxWDHWzUVf_jA9gifVFzfgm3H8.roa
File:                     ALxWDHWzUVf_jA9gifVFzfgm3H8.roa (raw, json)
Hash identifier:          nJfQn6Ni/Yew3fClBJSF7cGUCi+vdPfftaAoUtQ5Dxk=
Subject key identifier:   00:BC:56:0C:75:B3:51:57:FF:8C:0F:60:89:F5:45:CD:F8:26:DC:7F
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522824CBEDAFE26DB93BCD6B173C54A
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ALxWDHWzUVf_jA9gifVFzfgm3H8.roa
Signing time:             Thu 02 Jan 2025 03:50:06 +0000
ROA not before:           Thu 02 Jan 2025 03:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215015
IP address blocks:        2a0e:97c0:260::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:82:4c:be:da:fe:26:db:93:bc:d6:b1:73:c5:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00bc560c75b35157ff8c0f6089f545cdf826dc7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:01:23:43:38:2a:a0:87:0e:3c:2e:82:be:6c:
                    09:4c:12:bb:6f:51:e4:9a:46:35:2e:fa:da:99:70:
                    5c:1c:fb:18:0e:62:ba:aa:90:22:cd:6b:4a:00:06:
                    ac:73:ca:e0:05:d3:54:4a:85:dd:7e:2f:2a:68:6a:
                    8a:b0:d0:0c:01:99:0d:37:34:62:50:a8:a3:c5:1f:
                    0b:4b:00:c1:bc:93:79:00:fb:a2:39:2a:c1:bd:fa:
                    3f:ff:b2:41:71:93:49:4b:9c:0b:35:a9:6b:8c:e1:
                    b8:51:b1:c6:6d:12:fe:c7:7d:fe:6a:c5:3f:6a:63:
                    25:ce:4b:0e:58:e1:e4:24:b0:c6:6c:b9:96:73:ca:
                    8b:2e:b5:77:08:cb:e0:72:28:4b:46:40:81:93:b4:
                    fd:a4:80:67:48:3b:32:1b:ad:48:ea:b6:9d:6b:6d:
                    fe:51:59:2c:81:c1:0d:38:7f:9a:49:4e:55:d1:5b:
                    31:8c:21:22:e9:0d:07:ae:9f:97:77:80:e1:09:f4:
                    f0:ce:36:d5:e3:a5:c8:94:56:8f:af:31:d1:5a:9a:
                    18:b4:9a:a8:1f:45:3e:db:c3:cc:30:1c:2c:57:ff:
                    3b:39:07:2e:ca:c5:53:39:42:70:cc:0c:ec:08:24:
                    a2:f5:10:ba:77:49:a3:6d:1b:4a:51:8b:b6:4f:42:
                    26:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:BC:56:0C:75:B3:51:57:FF:8C:0F:60:89:F5:45:CD:F8:26:DC:7F
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ALxWDHWzUVf_jA9gifVFzfgm3H8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:260::/44

    Signature Algorithm: sha256WithRSAEncryption
         5c:72:e7:cd:41:8f:be:9c:46:c2:15:0e:d3:36:ae:ff:c9:58:
         b9:da:a8:25:1c:c8:b3:0f:a1:0f:fc:8e:78:b9:74:60:b3:52:
         0b:ff:2a:cc:f8:eb:22:f0:2b:b8:d1:d1:3c:af:b0:c0:55:2f:
         de:19:18:18:4c:07:28:ed:2e:97:13:14:71:e9:45:a2:e2:af:
         d7:67:12:11:c4:eb:94:57:b1:cc:24:6f:7e:07:d9:7e:1f:19:
         7c:52:c2:ba:d0:7e:b5:41:1d:b2:c8:3f:5a:e9:a9:63:5d:d9:
         d6:8c:78:07:d8:73:8d:74:8e:3f:12:78:9c:c7:0c:d2:d5:9c:
         06:72:90:6f:6b:05:58:41:12:f0:c4:fc:4d:42:a0:8a:e3:ea:
         be:ba:77:1f:6f:be:77:58:9a:c9:20:67:38:a4:f0:79:9d:19:
         c3:e5:26:7f:61:94:5b:0e:18:71:a4:6b:d5:ca:b5:92:0c:24:
         92:08:06:75:8c:af:64:e7:85:89:db:a6:99:d9:9b:d1:19:d1:
         48:ca:57:0f:cb:9a:48:07:5b:d1:80:70:0d:05:f5:e3:be:d3:
         ac:9b:fa:72:16:c7:3c:97:08:bd:97:f8:35:d3:07:3a:83:40:
         a3:b6:6f:e0:2e:7a:ab:c3:c0:c4:4f:38:94:4c:a2:1d:06:3d:
         9c:a5:1a:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIoJMvtr+JtuTvNaxc8VKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGJjNTYwYzc1YjM1MTU3ZmY4YzBmNjA4OWY1NDVjZGY4MjZkYzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgEjQzgqoIcOPC6CvmwJTBK7b1Hk
mkY1LvramXBcHPsYDmK6qpAizWtKAAasc8rgBdNUSoXdfi8qaGqKsNAMAZkNNzRi
UKijxR8LSwDBvJN5APuiOSrBvfo//7JBcZNJS5wLNalrjOG4UbHGbRL+x33+asU/
amMlzksOWOHkJLDGbLmWc8qLLrV3CMvgcihLRkCBk7T9pIBnSDsyG61I6rada23+
UVksgcENOH+aSU5V0VsxjCEi6Q0Hrp+Xd4DhCfTwzjbV46XIlFaPrzHRWpoYtJqo
H0U+28PMMBwsV/87OQcuysVTOUJwzAzsCCSi9RC6d0mjbRtKUYu2T0ImbwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAC8Vgx1s1FX/4wPYIn1Rc34Jtx/MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQUx4V0RIV3pVVmZfakE5Z2lmVkZ6ZmdtM0g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAJg
MA0GCSqGSIb3DQEBCwUAA4IBAQBccufNQY++nEbCFQ7TNq7/yVi52qglHMizD6EP
/I54uXRgs1IL/yrM+Osi8Cu40dE8r7DAVS/eGRgYTAco7S6XExRx6UWi4q/XZxIR
xOuUV7HMJG9+B9l+Hxl8UsK60H61QR2yyD9a6aljXdnWjHgH2HONdI4/EnicxwzS
1ZwGcpBvawVYQRLwxPxNQqCK4+q+uncfb753WJrJIGc4pPB5nRnD5SZ/YZRbDhhx
pGvVyrWSDCSSCAZ1jK9k54WJ26aZ2ZvRGdFIylcPy5pIB1vRgHANBfXjvtOsm/py
Fsc8lwi9l/g10wc6g0Cjtm/gLnqrw8DETziUTKIdBj2cpRqC
-----END CERTIFICATE-----