Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/CmHbzPufjV1Pm5uKdCMvtG5bO_U.roa
File:                     CmHbzPufjV1Pm5uKdCMvtG5bO_U.roa (raw, json)
Hash identifier:          84i+vaP2DTQHJJnD9wNOkfjuyKRVvmvRR9XpwH/J+I8=
Subject key identifier:   0A:61:DB:CC:FB:9F:8D:5D:4F:9B:9B:8A:74:23:2F:B4:6E:5B:3B:F5
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0198B1A1C541D1E6F2973B8DC84696168734
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/CmHbzPufjV1Pm5uKdCMvtG5bO_U.roa
Signing time:             Sat 16 Aug 2025 06:47:05 +0000
ROA not before:           Sat 16 Aug 2025 06:47:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205548
IP address blocks:        2a0e:97c0:3f0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 22:40:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b1:a1:c5:41:d1:e6:f2:97:3b:8d:c8:46:96:16:87:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Aug 16 06:47:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a61dbccfb9f8d5d4f9b9b8a74232fb46e5b3bf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:51:7e:81:d3:53:d7:54:3a:3b:b7:cd:b2:e1:
                    60:29:b2:fe:fd:a1:29:1d:bf:cb:95:2e:37:04:2d:
                    6a:a8:86:2b:68:fc:6f:51:cb:93:df:de:24:0d:2f:
                    9f:f8:65:66:87:20:e4:d9:3e:d5:1e:da:7e:59:1a:
                    a7:a6:96:a4:53:a0:b8:b5:d4:f6:ff:a7:ad:46:b9:
                    ee:9c:3b:8b:f2:3a:6d:56:cd:8a:42:2c:3c:21:02:
                    40:a1:5e:1e:e4:69:29:cc:11:4d:20:dd:f9:3f:b1:
                    07:0b:de:89:af:0c:c7:4e:e4:cf:c8:b1:94:35:12:
                    94:6f:ab:c9:32:0c:16:04:44:e0:e8:f0:17:9f:9e:
                    3c:1d:cb:5b:e6:97:d9:29:d1:fb:d9:6a:3e:c8:a8:
                    94:6c:de:0b:65:7c:4e:7e:1c:bc:d4:23:b4:a3:a7:
                    2a:85:a3:31:af:4b:7e:24:36:e7:79:3e:35:38:87:
                    21:64:7a:64:0e:68:09:33:c8:0c:f1:55:60:e4:75:
                    96:8e:b6:16:02:5d:55:fe:ca:be:49:52:31:21:ed:
                    70:e5:7b:c2:2b:af:b9:ef:f9:c8:c3:dd:15:09:59:
                    77:9e:43:1a:75:d7:d6:aa:6b:7b:db:94:07:2a:3a:
                    02:de:6f:65:83:76:fa:c0:a7:34:66:18:43:e7:3b:
                    f7:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:61:DB:CC:FB:9F:8D:5D:4F:9B:9B:8A:74:23:2F:B4:6E:5B:3B:F5
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/CmHbzPufjV1Pm5uKdCMvtG5bO_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:3f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         b7:a8:17:82:bc:eb:7f:7c:4f:9c:11:1a:f6:c8:9c:b9:d5:9e:
         75:13:fb:13:e3:f7:fd:91:84:c2:14:5c:0c:ec:c1:93:ea:55:
         d2:b0:31:39:41:4e:8b:5e:17:5e:b1:6c:b3:ed:d1:6a:1e:62:
         05:ed:86:b6:9e:4c:12:3c:4e:c1:f1:93:87:dc:83:9f:43:70:
         1a:ad:d3:0d:5a:fb:1a:7d:23:32:ba:db:c4:ba:78:bd:b8:f5:
         16:e0:a1:51:f4:fc:7a:0f:05:fc:e8:5c:d7:2d:7c:44:95:7b:
         55:72:ed:45:0c:52:d9:50:08:e2:e9:5a:32:bc:c7:0a:98:4c:
         e4:7b:07:b9:ac:b2:ba:21:37:be:81:86:a5:a4:18:d7:a7:23:
         9e:ec:4f:0d:2c:e7:82:59:47:d0:51:8a:07:b1:9c:0b:a8:31:
         57:23:17:c2:0e:db:fd:76:82:90:27:38:c9:d6:89:18:d1:7d:
         b3:74:5b:14:1e:89:38:a8:fc:40:ce:06:2a:e7:31:2d:30:88:
         53:35:13:8d:b1:27:52:70:70:d4:38:3e:54:58:94:3d:39:a4:
         2a:fe:0b:4f:70:9a:78:59:e0:3f:d6:5a:46:02:8f:82:8d:e1:
         42:d8:3b:75:a0:28:a2:bf:cc:cf:6b:4b:91:46:42:97:1e:2c:
         5d:72:8e:40
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZixocVB0ebylzuNyEaWFoc0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwODE2MDY0NzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTYxZGJjY2ZiOWY4ZDVkNGY5YjliOGE3NDIzMmZiNDZlNWIzYmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFF+gdNT11Q6O7fNsuFgKbL+/aEp
Hb/LlS43BC1qqIYraPxvUcuT394kDS+f+GVmhyDk2T7VHtp+WRqnppakU6C4tdT2
/6etRrnunDuL8jptVs2KQiw8IQJAoV4e5GkpzBFNIN35P7EHC96JrwzHTuTPyLGU
NRKUb6vJMgwWBETg6PAXn548Hctb5pfZKdH72Wo+yKiUbN4LZXxOfhy81CO0o6cq
haMxr0t+JDbneT41OIchZHpkDmgJM8gM8VVg5HWWjrYWAl1V/sq+SVIxIe1w5XvC
K6+57/nIw90VCVl3nkMaddfWqmt725QHKjoC3m9lg3b6wKc0ZhhD5zv3SQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAph28z7n41dT5ubinQjL7RuWzv1MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQ21IYnpQdWZqVjFQbTV1S2RDTXZ0RzViT19VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAPw
MA0GCSqGSIb3DQEBCwUAA4IBAQC3qBeCvOt/fE+cERr2yJy51Z51E/sT4/f9kYTC
FFwM7MGT6lXSsDE5QU6LXhdesWyz7dFqHmIF7Ya2nkwSPE7B8ZOH3IOfQ3AardMN
WvsafSMyutvEuni9uPUW4KFR9Px6DwX86FzXLXxElXtVcu1FDFLZUAji6VoyvMcK
mEzkewe5rLK6ITe+gYalpBjXpyOe7E8NLOeCWUfQUYoHsZwLqDFXIxfCDtv9doKQ
JzjJ1okY0X2zdFsUHok4qPxAzgYq5zEtMIhTNRONsSdScHDUOD5UWJQ9OaQq/gtP
cJp4WeA/1lpGAo+CjeFC2Dt1oCiiv8zPa0uRRkKXHixdco5A
-----END CERTIFICATE-----