Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/CNdbdZph9aP2P_b1ZJ4fd3StiL8.roa
File:                     CNdbdZph9aP2P_b1ZJ4fd3StiL8.roa (raw, json)
Hash identifier:          5bobWWQ0HAtHdJPR5NdrZG6HnNhDQVG5cyclTtEDqU0=
Subject key identifier:   08:D7:5B:75:9A:61:F5:A3:F6:3F:F6:F5:64:9E:1F:77:74:AD:88:BF
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522979BB308C9F75FC17FA0AAB9EB13
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/CNdbdZph9aP2P_b1ZJ4fd3StiL8.roa
Signing time:             Thu 02 Jan 2025 03:50:11 +0000
ROA not before:           Thu 02 Jan 2025 03:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216411
IP address blocks:        2a0e:b107:2050::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:97:9b:b3:08:c9:f7:5f:c1:7f:a0:aa:b9:eb:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08d75b759a61f5a3f63ff6f5649e1f7774ad88bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a4:ed:d9:80:ce:d8:ee:06:98:c0:ba:1c:83:
                    f9:86:48:70:a2:aa:46:ee:73:63:97:3d:2a:87:e7:
                    ac:3a:eb:e8:f8:f6:db:a0:b1:41:e5:f2:b1:eb:60:
                    05:d3:9f:de:f8:2b:88:28:1b:40:58:02:7e:46:6e:
                    de:ff:5b:36:21:e4:19:39:05:22:9f:f6:6f:de:71:
                    fb:b2:70:b7:da:1e:23:b9:87:34:cc:e0:f9:14:ff:
                    c7:7a:f5:88:f0:30:15:c6:7a:0d:cf:92:2f:ab:b8:
                    b5:ac:ee:0d:16:70:85:c6:18:8b:1a:dd:29:e8:e7:
                    20:78:52:bb:e4:16:01:c1:a9:42:aa:26:d5:53:50:
                    48:47:17:d1:13:2b:99:57:ed:d1:6d:cc:1b:a1:55:
                    5e:99:c5:b9:79:31:04:5c:ef:56:57:f0:00:1f:36:
                    74:b6:83:10:a7:a6:69:0b:8f:ac:44:60:18:35:a5:
                    23:7d:7e:f1:b7:63:9e:a3:34:77:c5:2a:0d:25:7a:
                    98:1c:ad:4f:9e:2b:5a:23:d6:62:f5:55:a5:d0:9c:
                    b3:e9:cf:fe:fb:e9:e5:34:d5:c7:51:fe:76:c6:e3:
                    db:8b:03:18:f1:92:a1:69:69:2a:77:d5:9b:63:83:
                    d7:7b:f9:a0:a9:e6:10:46:d3:0a:19:8b:2c:12:5c:
                    cd:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:D7:5B:75:9A:61:F5:A3:F6:3F:F6:F5:64:9E:1F:77:74:AD:88:BF
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/CNdbdZph9aP2P_b1ZJ4fd3StiL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:2050::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:26:7e:16:b9:9f:a5:a9:28:d0:f0:7d:c1:b9:18:20:3c:b6:
         48:ee:7c:8f:66:e8:64:cc:34:81:01:2c:ff:02:c0:2f:ad:35:
         af:ce:ab:7f:9b:f7:2a:5c:7c:dc:93:8d:9d:f0:a3:3f:c7:ee:
         28:6a:c0:ef:a0:67:d1:a2:4d:68:3c:d3:81:9f:c0:da:45:d4:
         36:4d:e0:53:cc:84:4b:79:45:27:6c:6e:8c:92:36:0b:d6:dd:
         9c:32:d3:7a:e7:1e:b2:9c:ce:a6:cf:0f:b0:2e:20:12:56:e5:
         07:39:ca:4f:87:f6:f0:58:90:b7:a2:b2:63:c8:65:0c:93:dd:
         8b:10:2e:3d:c2:a2:90:94:e3:e9:ba:7f:be:5c:70:2a:31:35:
         52:16:df:d1:61:53:0a:f0:f6:33:a1:e0:13:c6:e0:23:d6:6d:
         cc:05:c0:5c:39:c9:d5:5b:2b:20:3f:f2:2b:a2:4c:29:e6:8f:
         b8:65:bb:5e:6c:b4:2e:30:88:0a:82:07:3b:4c:e5:80:2b:a7:
         17:0a:30:1b:a7:3d:c1:cb:bf:56:7f:5a:0c:11:7f:74:45:79:
         49:c0:88:f1:00:99:f2:ac:f9:0f:03:69:72:8d:71:90:04:b1:
         5c:cd:35:fc:91:ef:a3:ff:ee:bb:b4:97:c6:01:08:1d:a3:a7:
         5d:ed:ae:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIpebswjJ91/Bf6CquesTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGQ3NWI3NTlhNjFmNWEzZjYzZmY2ZjU2NDllMWY3Nzc0YWQ4OGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6Tt2YDO2O4GmMC6HIP5hkhwoqpG
7nNjlz0qh+esOuvo+PbboLFB5fKx62AF05/e+CuIKBtAWAJ+Rm7e/1s2IeQZOQUi
n/Zv3nH7snC32h4juYc0zOD5FP/HevWI8DAVxnoNz5Ivq7i1rO4NFnCFxhiLGt0p
6OcgeFK75BYBwalCqibVU1BIRxfREyuZV+3RbcwboVVemcW5eTEEXO9WV/AAHzZ0
toMQp6ZpC4+sRGAYNaUjfX7xt2OeozR3xSoNJXqYHK1PnitaI9Zi9VWl0Jyz6c/+
++nlNNXHUf52xuPbiwMY8ZKhaWkqd9WbY4PXe/mgqeYQRtMKGYssElzNwQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAjXW3WaYfWj9j/29WSeH3d0rYi/MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQ05kYmRacGg5YVAyUF9iMVpKNGZkM1N0aUw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xByBQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCcJn4WuZ+lqSjQ8H3BuRggPLZI7nyPZuhkzDSB
ASz/AsAvrTWvzqt/m/cqXHzck42d8KM/x+4oasDvoGfRok1oPNOBn8DaRdQ2TeBT
zIRLeUUnbG6MkjYL1t2cMtN65x6ynM6mzw+wLiASVuUHOcpPh/bwWJC3orJjyGUM
k92LEC49wqKQlOPpun++XHAqMTVSFt/RYVMK8PYzoeATxuAj1m3MBcBcOcnVWysg
P/Irokwp5o+4ZbtebLQuMIgKggc7TOWAK6cXCjAbpz3By79Wf1oMEX90RXlJwIjx
AJnyrPkPA2lyjXGQBLFczTX8ke+j/+67tJfGAQgdo6dd7a4y
-----END CERTIFICATE-----