Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/DDvkmT--Nynt5xskpkqs8KSyRi4.roa
File:                     DDvkmT--Nynt5xskpkqs8KSyRi4.roa (raw, json)
Hash identifier:          R1wBYYjAvk3eYh/+iEmmxblr47Jeq6hvHVgWVS0HXac=
Subject key identifier:   0C:3B:E4:99:3F:BE:37:29:ED:E7:1B:24:A6:4A:AC:F0:A4:B2:46:2E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252217F004288DD7473D4FBB912FB4D1
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/DDvkmT--Nynt5xskpkqs8KSyRi4.roa
Signing time:             Thu 02 Jan 2025 03:49:38 +0000
ROA not before:           Thu 02 Jan 2025 03:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204406
IP address blocks:        2a0e:b107:1b94::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:17:f0:04:28:8d:d7:47:3d:4f:bb:91:2f:b4:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c3be4993fbe3729ede71b24a64aacf0a4b2462e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:08:d6:72:cd:8c:8e:cf:c2:40:cd:d4:35:e0:
                    e2:de:6f:6e:84:46:ef:09:bd:db:f2:96:15:b6:80:
                    bf:f7:22:db:c9:3e:2a:d8:af:52:60:e4:da:4f:7c:
                    1c:e4:b9:c9:53:2f:dc:86:79:ee:0e:87:70:75:ec:
                    ca:be:1c:fe:3a:a1:9f:e8:90:24:f4:4b:e5:aa:6d:
                    ee:47:45:53:a5:98:06:24:2d:3e:9f:51:c2:47:46:
                    a4:49:f3:de:e8:36:bc:7b:ec:1d:5e:85:5e:4f:77:
                    77:56:c6:33:b6:fc:a1:59:57:a2:8d:e1:8e:c6:b2:
                    c2:19:c1:4e:3b:86:25:a2:de:d4:48:b1:65:6f:68:
                    79:e4:14:3f:40:6e:65:35:63:38:63:6d:24:23:ab:
                    d4:94:f5:58:0a:a1:2a:64:c8:e8:cf:d8:13:3a:0d:
                    a3:81:cb:24:4a:1b:82:f6:76:f1:a9:a3:09:b1:f6:
                    2c:df:1a:43:ef:a6:2c:97:72:c3:76:7f:1d:a5:25:
                    3c:d2:3c:30:ea:cd:13:37:f7:6d:ce:26:8b:ad:86:
                    15:5a:23:11:5e:bf:8d:2b:17:88:56:c8:f0:77:de:
                    90:74:ca:73:4f:4e:8e:2a:ac:c2:e2:0c:02:86:c1:
                    03:e7:53:4c:b9:15:aa:db:f3:ac:f9:86:b5:fe:24:
                    c2:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:3B:E4:99:3F:BE:37:29:ED:E7:1B:24:A6:4A:AC:F0:A4:B2:46:2E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/DDvkmT--Nynt5xskpkqs8KSyRi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1b94::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:9d:fa:34:56:95:ce:5b:ee:b9:14:d4:19:1c:10:58:13:22:
         be:10:82:2f:eb:0a:fa:3c:a4:33:33:d6:2b:c5:25:e1:68:18:
         7e:0c:6d:df:8e:63:de:1b:b6:7d:78:ed:18:01:8f:71:96:d3:
         be:50:2c:64:f8:20:6c:2b:01:f6:72:fe:40:4c:0f:c6:33:f1:
         6a:31:72:b5:28:63:79:89:a6:17:8e:13:e4:44:ee:77:5c:18:
         b9:ab:bd:05:62:71:94:dd:a9:4f:35:2e:ca:9e:ab:a2:5d:ff:
         24:2d:d2:5f:e7:21:69:b1:45:21:ca:ec:a7:0b:31:e7:1b:b4:
         bc:8b:6c:f6:54:4b:c8:bf:59:fb:a8:c8:9f:26:57:83:b7:47:
         57:13:8b:03:f6:63:4e:b1:34:15:71:6e:3c:6c:f3:27:5a:e0:
         02:c6:f7:1f:bb:29:e5:e1:04:f1:4a:f0:47:a6:7c:bb:5f:36:
         7d:bc:70:10:1a:74:cd:4d:a6:de:ba:57:a6:75:67:94:30:4d:
         35:42:d4:db:b9:67:ea:46:01:4e:15:b2:32:7c:9c:fc:93:4f:
         6e:1d:86:0d:88:22:f4:d4:c3:7c:37:28:0d:65:9d:c6:5c:e3:
         09:30:0d:ef:db:c0:08:0e:c3:6f:c2:a0:c6:20:c8:f9:6d:92:
         58:47:f5:7a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIhfwBCiN10c9T7uRL7TRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzNiZTQ5OTNmYmUzNzI5ZWRlNzFiMjRhNjRhYWNmMGE0YjI0NjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAjWcs2Mjs/CQM3UNeDi3m9uhEbv
Cb3b8pYVtoC/9yLbyT4q2K9SYOTaT3wc5LnJUy/chnnuDodwdezKvhz+OqGf6JAk
9Evlqm3uR0VTpZgGJC0+n1HCR0akSfPe6Da8e+wdXoVeT3d3VsYztvyhWVeijeGO
xrLCGcFOO4Ylot7USLFlb2h55BQ/QG5lNWM4Y20kI6vUlPVYCqEqZMjoz9gTOg2j
gcskShuC9nbxqaMJsfYs3xpD76Ysl3LDdn8dpSU80jww6s0TN/dtziaLrYYVWiMR
Xr+NKxeIVsjwd96QdMpzT06OKqzC4gwChsED51NMuRWq2/Os+Ya1/iTCtQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAw75Jk/vjcp7ecbJKZKrPCkskYuMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRER2a21ULS1OeW50NXhza3BrcXM4S1N5Umk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBxuU
MA0GCSqGSIb3DQEBCwUAA4IBAQAGnfo0VpXOW+65FNQZHBBYEyK+EIIv6wr6PKQz
M9YrxSXhaBh+DG3fjmPeG7Z9eO0YAY9xltO+UCxk+CBsKwH2cv5ATA/GM/FqMXK1
KGN5iaYXjhPkRO53XBi5q70FYnGU3alPNS7KnquiXf8kLdJf5yFpsUUhyuynCzHn
G7S8i2z2VEvIv1n7qMifJleDt0dXE4sD9mNOsTQVcW48bPMnWuACxvcfuynl4QTx
SvBHpny7XzZ9vHAQGnTNTabeulemdWeUME01QtTbuWfqRgFOFbIyfJz8k09uHYYN
iCL01MN8NygNZZ3GXOMJMA3v28AIDsNvwqDGIMj5bZJYR/V6
-----END CERTIFICATE-----