Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Cb_KEiHSO6Z6CIjqfGxdlZJQZ0E.roa
File:                     Cb_KEiHSO6Z6CIjqfGxdlZJQZ0E.roa (raw, json)
Hash identifier:          w+5ag4W4coU++YxiLfHKJ9snHkBWmROjOgPZpp4WZ8U=
Subject key identifier:   09:BF:CA:12:21:D2:3B:A6:7A:08:88:EA:7C:6C:5D:95:92:50:67:41
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521EA49FA90619F16E3FB5C056FA687
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Cb_KEiHSO6Z6CIjqfGxdlZJQZ0E.roa
Signing time:             Thu 02 Jan 2025 03:49:27 +0000
ROA not before:           Thu 02 Jan 2025 03:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142588
IP address blocks:        2a0e:b107:1991::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ea:49:fa:90:61:9f:16:e3:fb:5c:05:6f:a6:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=09bfca1221d23ba67a0888ea7c6c5d9592506741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:48:ea:35:9e:6f:b3:7f:ec:00:03:38:bc:3f:
                    88:2a:d8:6c:2d:4a:ba:b1:0f:a2:0c:9d:b9:77:a0:
                    5f:15:bd:4c:d2:67:b0:40:ca:ec:2b:ef:61:7f:51:
                    ad:7b:be:68:70:40:39:17:8f:11:93:40:6d:33:f5:
                    20:6c:42:a8:12:eb:59:01:e8:bf:60:0b:4a:eb:cc:
                    80:9c:2d:bc:da:a0:0b:25:d1:83:0e:e4:36:c0:75:
                    c4:09:91:d6:6c:68:47:44:39:fa:30:bb:96:19:c7:
                    41:8c:90:80:57:2a:60:44:97:12:d4:65:e2:31:23:
                    af:d9:e5:57:b9:6e:95:3f:7c:ac:88:2b:e6:69:bc:
                    b5:af:d7:34:e1:4b:d8:00:3e:56:4e:2d:d9:c5:b6:
                    49:78:54:41:e2:d3:8a:bf:18:a2:0e:76:54:e3:c6:
                    8f:fa:67:ac:20:a2:ab:b3:d1:d1:4d:b6:d9:75:75:
                    fc:07:7f:7a:e9:0d:05:bc:c3:29:b0:af:0e:eb:75:
                    2e:63:e4:7b:e2:2a:4a:33:b9:bb:be:fd:26:2f:0b:
                    23:39:39:f9:a1:e8:bb:c7:31:fd:3d:1e:c2:a0:17:
                    0a:03:4c:60:6a:da:3e:39:fb:f6:05:9e:fb:79:c5:
                    02:24:fd:e5:be:7a:37:48:01:24:fa:0b:b8:86:76:
                    75:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:BF:CA:12:21:D2:3B:A6:7A:08:88:EA:7C:6C:5D:95:92:50:67:41
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Cb_KEiHSO6Z6CIjqfGxdlZJQZ0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1991::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:22:f5:89:d1:e2:7a:9f:a4:e3:f1:0d:fc:f9:cb:3b:a9:46:
         23:13:57:f6:9f:94:ce:26:e7:51:88:65:c9:12:4d:89:bf:9c:
         59:84:2e:00:b8:6c:dc:84:60:d1:0a:6a:6e:82:34:f6:17:d3:
         08:b7:fb:5f:f4:0e:1e:41:9b:7a:9c:e8:4b:9a:8c:ca:c1:5a:
         d9:a0:39:7d:e8:aa:3f:3b:53:7a:74:01:19:02:76:b0:87:39:
         7e:28:59:c0:2b:d8:42:2f:f1:48:41:28:d7:c7:aa:a8:d8:28:
         b3:43:ff:cd:86:4d:c4:d1:56:23:aa:f2:72:4f:63:cc:65:24:
         a4:2d:ae:d7:2d:ec:c2:f5:b2:12:e1:fe:41:9f:64:b7:71:7c:
         7c:b3:29:2b:de:72:e2:e4:24:89:6a:41:d2:70:36:70:38:14:
         25:80:c3:a8:12:d2:57:0e:5a:6a:df:3a:29:25:cd:d0:35:09:
         6c:2a:79:7e:c2:9b:93:42:14:79:97:43:1d:05:cd:aa:9e:5c:
         8a:30:c9:59:dd:ed:e5:9c:dc:03:d5:93:e4:0c:db:b3:fb:9b:
         7d:e2:2e:97:0e:1a:20:a7:04:0f:78:35:da:1c:dd:de:53:04:
         3f:75:5e:f8:ad:63:44:d1:d7:06:ad:93:c7:c5:48:b4:a1:dc:
         22:52:03:f2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIepJ+pBhnxbj+1wFb6aHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWJmY2ExMjIxZDIzYmE2N2EwODg4ZWE3YzZjNWQ5NTkyNTA2NzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkjqNZ5vs3/sAAM4vD+IKthsLUq6
sQ+iDJ25d6BfFb1M0mewQMrsK+9hf1Gte75ocEA5F48Rk0BtM/UgbEKoEutZAei/
YAtK68yAnC282qALJdGDDuQ2wHXECZHWbGhHRDn6MLuWGcdBjJCAVypgRJcS1GXi
MSOv2eVXuW6VP3ysiCvmaby1r9c04UvYAD5WTi3ZxbZJeFRB4tOKvxiiDnZU48aP
+mesIKKrs9HRTbbZdXX8B3966Q0FvMMpsK8O63UuY+R74ipKM7m7vv0mLwsjOTn5
oei7xzH9PR7CoBcKA0xgato+Ofv2BZ77ecUCJP3lvno3SAEk+gu4hnZ1vQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAm/yhIh0jumegiI6nxsXZWSUGdBMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQ2JfS0VpSFNPNlo2Q0lqcWZHeGRsWkpRWjBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBxmR
MA0GCSqGSIb3DQEBCwUAA4IBAQBVIvWJ0eJ6n6Tj8Q38+cs7qUYjE1f2n5TOJudR
iGXJEk2Jv5xZhC4AuGzchGDRCmpugjT2F9MIt/tf9A4eQZt6nOhLmozKwVrZoDl9
6Ko/O1N6dAEZAnawhzl+KFnAK9hCL/FIQSjXx6qo2CizQ//Nhk3E0VYjqvJyT2PM
ZSSkLa7XLezC9bIS4f5Bn2S3cXx8sykr3nLi5CSJakHScDZwOBQlgMOoEtJXDlpq
3zopJc3QNQlsKnl+wpuTQhR5l0MdBc2qnlyKMMlZ3e3lnNwD1ZPkDNuz+5t94i6X
DhogpwQPeDXaHN3eUwQ/dV74rWNE0dcGrZPHxUi0odwiUgPy
-----END CERTIFICATE-----