Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BtiutBJ_XqJYTFJc0r-DqoefCwg.roa
File:                     BtiutBJ_XqJYTFJc0r-DqoefCwg.roa (raw, json)
Hash identifier:          E1I+IldO0DYYMIo2CMb1QtSGePHVT5NCW2NbYXlPzFA=
Subject key identifier:   06:D8:AE:B4:12:7F:5E:A2:58:4C:52:5C:D2:BF:83:AA:87:9F:0B:08
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019437DC6ACD22D73C4DB99C855A518B6D37
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BtiutBJ_XqJYTFJc0r-DqoefCwg.roa
Signing time:             Sun 05 Jan 2025 19:06:19 +0000
ROA not before:           Sun 05 Jan 2025 19:06:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215576
IP address blocks:        2a0e:97c0:db0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:37:dc:6a:cd:22:d7:3c:4d:b9:9c:85:5a:51:8b:6d:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  5 19:06:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06d8aeb4127f5ea2584c525cd2bf83aa879f0b08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:ed:46:56:2a:54:fb:93:79:4b:9b:55:d0:83:
                    13:62:c8:c6:3f:18:e6:a7:c7:ca:19:80:94:e8:70:
                    d5:8c:5c:45:f1:39:93:ed:b5:19:68:e2:fb:8a:30:
                    02:e7:3e:43:06:f6:2f:1b:d9:66:f3:76:ee:d4:da:
                    d1:13:38:cb:4b:06:a1:80:c4:b8:54:a4:5c:07:e2:
                    ec:80:1c:b9:c0:b3:8d:bc:21:ee:ad:22:bb:c0:76:
                    7e:eb:74:c3:40:11:7a:31:ac:2c:ac:ba:17:50:4d:
                    c6:8c:cb:49:93:d2:a4:ae:f1:d4:1f:48:3f:32:ee:
                    50:ab:15:a5:d8:d6:2e:12:4f:5f:07:d3:cf:c4:7a:
                    4d:d4:f3:da:70:05:99:70:e3:9b:65:33:89:1c:1d:
                    4f:aa:54:1f:79:c9:b6:a7:ac:c0:15:f2:60:2a:08:
                    9f:0b:38:11:50:cf:4b:ed:ac:67:04:02:3f:3d:75:
                    90:10:76:2d:58:df:65:fb:69:1c:88:55:b6:57:48:
                    52:e4:1a:c2:3f:08:9b:be:26:c1:b4:5c:0f:d0:11:
                    e6:8a:fc:57:9d:aa:88:9e:dd:a7:d7:83:e7:21:ba:
                    9d:9a:c1:fa:e0:b6:6c:a2:58:f3:fa:88:19:b4:15:
                    e2:98:c2:e9:20:6a:39:2e:de:71:16:3b:28:11:38:
                    2f:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:D8:AE:B4:12:7F:5E:A2:58:4C:52:5C:D2:BF:83:AA:87:9F:0B:08
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BtiutBJ_XqJYTFJc0r-DqoefCwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:db0::/48

    Signature Algorithm: sha256WithRSAEncryption
         bc:a9:82:55:51:c1:30:d0:ab:dc:bc:79:30:e5:d6:3b:52:96:
         96:d5:22:e3:31:69:46:63:60:29:f1:f2:69:2b:79:48:67:58:
         89:9e:47:2c:03:7d:2f:1a:2b:ed:7f:17:2f:8d:7a:5e:81:bf:
         9d:55:04:63:8a:74:f7:b4:ed:92:0a:9e:c8:66:56:c8:f6:84:
         23:15:6f:a4:52:fd:09:55:da:90:86:40:2f:99:81:18:fc:94:
         99:34:b9:2d:b6:1f:55:91:0c:b7:2c:b9:ce:a8:d7:c6:2f:da:
         35:e3:77:27:43:06:30:f3:00:4b:95:7c:07:c7:9d:d3:28:dc:
         8b:3c:28:70:52:43:71:ae:ed:0c:11:77:4a:a8:38:e9:02:b0:
         84:50:a2:85:44:09:4a:ea:58:a7:b8:aa:e6:6b:91:8f:d8:b3:
         86:f4:cc:3e:bf:48:97:4c:75:2d:c6:d4:83:d5:a4:80:05:c4:
         95:15:36:74:f9:7c:5d:8a:52:88:59:7b:8b:c7:55:96:69:61:
         b9:e8:f6:ef:88:61:21:7b:53:41:10:b0:77:07:8b:da:6e:2c:
         97:96:f2:ea:6e:06:f8:2b:88:a3:5e:a8:6c:aa:77:6e:72:44:
         a9:3c:24:4f:ad:8a:4c:b6:d4:65:7b:bc:c6:1b:21:77:5c:c3:
         bd:93:b7:d0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQ33GrNItc8TbmchVpRi203MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTA1MTkwNjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmQ4YWViNDEyN2Y1ZWEyNTg0YzUyNWNkMmJmODNhYTg3OWYwYjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+1GVipU+5N5S5tV0IMTYsjGPxjm
p8fKGYCU6HDVjFxF8TmT7bUZaOL7ijAC5z5DBvYvG9lm83bu1NrREzjLSwahgMS4
VKRcB+LsgBy5wLONvCHurSK7wHZ+63TDQBF6MawsrLoXUE3GjMtJk9KkrvHUH0g/
Mu5QqxWl2NYuEk9fB9PPxHpN1PPacAWZcOObZTOJHB1PqlQfecm2p6zAFfJgKgif
CzgRUM9L7axnBAI/PXWQEHYtWN9l+2kciFW2V0hS5BrCPwibvibBtFwP0BHmivxX
naqInt2n14PnIbqdmsH64LZsoljz+ogZtBXimMLpIGo5Lt5xFjsoETgvDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAbYrrQSf16iWExSXNK/g6qHnwsIMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQnRpdXRCSl9YcUpZVEZKYzByLURxb2VmQ3dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6XwA2w
MA0GCSqGSIb3DQEBCwUAA4IBAQC8qYJVUcEw0KvcvHkw5dY7UpaW1SLjMWlGY2Ap
8fJpK3lIZ1iJnkcsA30vGivtfxcvjXpegb+dVQRjinT3tO2SCp7IZlbI9oQjFW+k
Uv0JVdqQhkAvmYEY/JSZNLktth9VkQy3LLnOqNfGL9o143cnQwYw8wBLlXwHx53T
KNyLPChwUkNxru0MEXdKqDjpArCEUKKFRAlK6linuKrma5GP2LOG9Mw+v0iXTHUt
xtSD1aSABcSVFTZ0+XxdilKIWXuLx1WWaWG56PbviGEhe1NBELB3B4vabiyXlvLq
bgb4K4ijXqhsqnduckSpPCRPrYpMttRle7zGGyF3XMO9k7fQ
-----END CERTIFICATE-----