Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BioABqdPfFg3H50hwtImpa8EaMw.roa
File:                     BioABqdPfFg3H50hwtImpa8EaMw.roa (raw, json)
Hash identifier:          ju1fh0/fAWjFyRhpDnua+ISgMwxqBikv/qTQZ8gqKtk=
Subject key identifier:   06:2A:00:06:A7:4F:7C:58:37:1F:9D:21:C2:D2:26:A5:AF:04:68:CC
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425229159677B359C076ECE68D83E02B7
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BioABqdPfFg3H50hwtImpa8EaMw.roa
Signing time:             Thu 02 Jan 2025 03:50:09 +0000
ROA not before:           Thu 02 Jan 2025 03:50:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215852
IP address blocks:        2a0e:97c0:630::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:91:59:67:7b:35:9c:07:6e:ce:68:d8:3e:02:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=062a0006a74f7c58371f9d21c2d226a5af0468cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a1:f6:bb:ae:fb:10:64:8a:a8:83:cc:4e:51:
                    93:ef:45:68:f1:6a:2e:c0:62:0f:c8:30:b6:92:dc:
                    6a:83:af:aa:5d:6d:8d:af:e1:1b:de:59:6c:3c:94:
                    d7:77:df:8e:ba:37:de:18:b5:b9:10:3d:ee:f0:cd:
                    03:93:b3:00:d4:f6:bb:2c:20:3d:70:35:61:ad:9d:
                    2c:0c:a5:89:3b:bd:c7:b9:b2:19:5f:ee:f4:23:57:
                    6c:6d:6c:70:de:0c:71:dc:a8:6b:04:11:8c:ce:bb:
                    84:33:4d:dc:28:86:19:ef:58:3d:38:cf:58:09:dc:
                    0b:76:9f:1f:c0:66:26:6d:c5:11:5e:9c:a6:ca:6b:
                    f2:19:30:ef:d2:a9:fe:75:cf:30:2b:2e:f8:ca:1d:
                    43:5a:bd:5d:57:2a:37:92:e8:2c:87:94:ee:98:1a:
                    e1:09:d6:1e:c9:58:53:bd:af:2a:8e:13:53:d2:a4:
                    d5:52:7e:3e:d5:3e:c7:87:23:ff:c1:8a:86:3d:90:
                    09:ed:1b:d6:23:ad:af:a2:8b:86:d0:da:32:1c:cc:
                    e6:24:c0:ae:09:50:a5:11:b5:33:86:40:3e:42:e4:
                    e0:2a:25:a2:60:74:27:7b:b8:9d:17:04:c4:1c:d9:
                    08:79:c0:78:63:e0:b3:30:83:01:c4:b6:0b:0a:97:
                    85:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:2A:00:06:A7:4F:7C:58:37:1F:9D:21:C2:D2:26:A5:AF:04:68:CC
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BioABqdPfFg3H50hwtImpa8EaMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:630::/44

    Signature Algorithm: sha256WithRSAEncryption
         ac:c2:70:47:21:c9:b4:78:4b:0f:7e:cb:33:79:95:9b:cd:f1:
         12:44:7d:6b:87:f5:89:f8:d8:a2:c6:de:47:73:c0:92:c8:50:
         4a:e7:c2:4c:94:25:aa:1c:e6:c5:81:81:a7:62:31:61:f1:27:
         74:08:18:fd:69:24:59:e3:f8:1c:0c:bb:87:cb:fc:36:80:72:
         5c:d0:4c:69:c6:ab:23:4b:e2:9c:99:13:29:65:61:de:ff:6d:
         9d:50:03:5b:65:a1:4e:6a:a7:ac:06:9c:ea:0d:fe:45:d9:4a:
         39:66:2f:c9:6d:23:1f:58:66:27:58:f7:7b:8a:9c:27:0d:4f:
         9b:ea:14:8d:8d:81:b2:b7:0d:23:62:5c:d7:73:4a:0c:c4:ab:
         eb:ea:84:25:33:64:2b:f9:d4:ec:6a:f2:9c:7b:f0:2f:09:4a:
         9d:f1:0e:63:b7:99:9b:cd:dd:0f:e2:4a:ff:ac:5d:55:68:b8:
         08:22:fb:f1:32:a6:a3:62:cb:a2:96:8d:f8:86:1c:94:23:a3:
         3b:81:8c:30:9c:24:87:14:77:07:d1:40:ef:1d:6d:77:60:5d:
         ea:f8:a2:66:6c:cd:80:e1:23:d0:ea:f0:1c:08:e7:41:e7:c4:
         70:ae:1a:f4:8b:39:16:10:48:84:0e:a5:05:0f:ce:b0:21:12:
         59:e4:89:c5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIpFZZ3s1nAduzmjYPgK3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjJhMDAwNmE3NGY3YzU4MzcxZjlkMjFjMmQyMjZhNWFmMDQ2OGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1KH2u677EGSKqIPMTlGT70Vo8Wou
wGIPyDC2ktxqg6+qXW2Nr+Eb3llsPJTXd9+OujfeGLW5ED3u8M0Dk7MA1Pa7LCA9
cDVhrZ0sDKWJO73HubIZX+70I1dsbWxw3gxx3KhrBBGMzruEM03cKIYZ71g9OM9Y
CdwLdp8fwGYmbcURXpymymvyGTDv0qn+dc8wKy74yh1DWr1dVyo3kugsh5TumBrh
CdYeyVhTva8qjhNT0qTVUn4+1T7HhyP/wYqGPZAJ7RvWI62voouG0NoyHMzmJMCu
CVClEbUzhkA+QuTgKiWiYHQne7idFwTEHNkIecB4Y+CzMIMBxLYLCpeFlwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAYqAAanT3xYNx+dIcLSJqWvBGjMMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQmlvQUJxZFBmRmczSDUwaHd0SW1wYThFYU13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAYw
MA0GCSqGSIb3DQEBCwUAA4IBAQCswnBHIcm0eEsPfsszeZWbzfESRH1rh/WJ+Nii
xt5Hc8CSyFBK58JMlCWqHObFgYGnYjFh8Sd0CBj9aSRZ4/gcDLuHy/w2gHJc0Exp
xqsjS+KcmRMpZWHe/22dUANbZaFOaqesBpzqDf5F2Uo5Zi/JbSMfWGYnWPd7ipwn
DU+b6hSNjYGytw0jYlzXc0oMxKvr6oQlM2Qr+dTsavKce/AvCUqd8Q5jt5mbzd0P
4kr/rF1VaLgIIvvxMqajYsuilo34hhyUI6M7gYwwnCSHFHcH0UDvHW13YF3q+KJm
bM2A4SPQ6vAcCOdB58Rwrhr0izkWEEiEDqUFD86wIRJZ5InF
-----END CERTIFICATE-----