Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/E39o1bCLN3AXdHmqyT_DzaY1y8s.roa
File:                     E39o1bCLN3AXdHmqyT_DzaY1y8s.roa (raw, json)
Hash identifier:          hyeEahCHoSq4QRS42/Jh5YlXgvlgGsCy78uQXFuXIr8=
Subject key identifier:   13:7F:68:D5:B0:8B:37:70:17:74:79:AA:C9:3F:C3:CD:A6:35:CB:CB
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521FE2B1EAB4AB6012B220701DBDBE3
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/E39o1bCLN3AXdHmqyT_DzaY1y8s.roa
Signing time:             Thu 02 Jan 2025 03:49:32 +0000
ROA not before:           Thu 02 Jan 2025 03:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200516
IP address blocks:        2a0e:b107:f60::/48 maxlen: 48
                          2a0e:b107:f61::/48 maxlen: 48
                          2a0e:b107:f65::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:fe:2b:1e:ab:4a:b6:01:2b:22:07:01:db:db:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=137f68d5b08b3770177479aac93fc3cda635cbcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:60:0f:8e:20:3d:02:68:ae:5e:8b:ec:16:10:
                    6e:80:ff:5d:1f:75:af:23:d7:d8:ff:30:0f:39:7b:
                    14:62:17:24:0c:d4:6c:36:10:0f:a2:cd:a9:e5:4f:
                    03:85:8d:31:8f:c9:dc:89:61:d9:df:7f:9d:30:c4:
                    ae:5e:db:fe:a0:81:63:19:8c:21:1f:48:b0:2e:02:
                    ea:3a:e1:b7:9d:b3:86:b4:21:45:15:46:65:c5:72:
                    df:80:8a:e3:a7:02:45:98:5a:2e:fd:0e:53:db:d3:
                    d9:79:3a:bf:dd:bf:a4:b4:f1:6c:cf:b1:c8:62:c2:
                    f2:af:b6:61:e9:f6:a2:14:b2:44:b4:0d:08:95:5b:
                    18:54:3c:42:4e:c3:11:f0:b2:a8:67:53:dc:7f:ee:
                    35:fd:40:aa:e9:52:e9:8f:64:59:57:3c:30:b5:52:
                    b0:9f:65:64:cc:62:b6:93:99:98:01:60:43:9e:88:
                    ac:2d:08:eb:03:bc:bd:ff:11:5a:7c:e3:b3:46:31:
                    23:1d:19:be:e2:6d:02:20:e2:20:31:f0:19:38:a1:
                    cd:18:8f:88:85:f1:b5:d7:53:4d:68:ea:e1:e2:15:
                    55:8c:01:91:80:61:8c:16:d5:ef:bc:d5:9a:d9:a4:
                    40:13:e5:37:43:72:7d:cf:f0:af:8c:4b:f6:37:4d:
                    0b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:7F:68:D5:B0:8B:37:70:17:74:79:AA:C9:3F:C3:CD:A6:35:CB:CB
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/E39o1bCLN3AXdHmqyT_DzaY1y8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:f60::/47
                  2a0e:b107:f65::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:f0:48:8c:a6:d9:0a:c3:cf:5b:49:94:d8:f2:a5:7e:b8:db:
         50:d6:f8:b3:71:0b:9d:08:29:d5:e9:e9:01:1d:43:23:5d:5e:
         3b:a0:a3:17:80:12:35:5a:be:b8:1c:79:83:9e:2d:2f:b9:8c:
         4e:40:30:f9:3e:fd:08:82:46:77:65:c0:a5:22:b5:85:fd:cf:
         5a:4f:d6:86:3e:e3:03:75:a2:42:be:6c:87:e0:07:76:2f:bb:
         61:84:19:9d:68:29:bd:20:2d:1d:44:05:da:09:17:30:53:5f:
         d1:d7:d3:92:cb:9a:f6:24:0b:ae:f0:a0:e9:c8:72:60:61:8a:
         4e:8a:cd:5d:32:29:68:6e:8c:9c:06:e0:bc:fa:aa:85:08:2b:
         07:c8:27:81:3d:8d:7e:a8:e1:a5:af:43:6b:56:07:16:6a:d0:
         49:97:23:52:c9:61:bc:44:7f:c2:98:2a:3d:ed:a8:a3:45:a9:
         81:5f:7e:41:d1:fc:55:d2:7a:a2:b7:9d:8a:e4:7b:e2:44:9b:
         89:e1:17:b8:9a:94:a9:40:61:14:ec:ef:96:45:e3:f7:80:7e:
         31:93:d2:48:71:e9:61:d0:72:90:36:dd:60:7e:34:4a:dd:46:
         d5:ae:34:be:7e:db:e7:30:a4:71:4c:ba:7d:22:90:1c:77:af:
         c9:c0:47:4e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIf4rHqtKtgErIgcB29vjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzdmNjhkNWIwOGIzNzcwMTc3NDc5YWFjOTNmYzNjZGE2MzVjYmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWAPjiA9AmiuXovsFhBugP9dH3Wv
I9fY/zAPOXsUYhckDNRsNhAPos2p5U8DhY0xj8nciWHZ33+dMMSuXtv+oIFjGYwh
H0iwLgLqOuG3nbOGtCFFFUZlxXLfgIrjpwJFmFou/Q5T29PZeTq/3b+ktPFsz7HI
YsLyr7Zh6faiFLJEtA0IlVsYVDxCTsMR8LKoZ1Pcf+41/UCq6VLpj2RZVzwwtVKw
n2VkzGK2k5mYAWBDnoisLQjrA7y9/xFafOOzRjEjHRm+4m0CIOIgMfAZOKHNGI+I
hfG111NNaOrh4hVVjAGRgGGMFtXvvNWa2aRAE+U3Q3J9z/CvjEv2N00LQwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBN/aNWwizdwF3R5qsk/w82mNcvLMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRTM5bzFiQ0xOM0FYZEhtcXlUX0R6YVkxeThzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcBKg6xBw9g
AwcAKg6xBw9lMA0GCSqGSIb3DQEBCwUAA4IBAQBi8EiMptkKw89bSZTY8qV+uNtQ
1vizcQudCCnV6ekBHUMjXV47oKMXgBI1Wr64HHmDni0vuYxOQDD5Pv0IgkZ3ZcCl
IrWF/c9aT9aGPuMDdaJCvmyH4Ad2L7thhBmdaCm9IC0dRAXaCRcwU1/R19OSy5r2
JAuu8KDpyHJgYYpOis1dMiloboycBuC8+qqFCCsHyCeBPY1+qOGlr0NrVgcWatBJ
lyNSyWG8RH/CmCo97aijRamBX35B0fxV0nqit52K5HviRJuJ4Re4mpSpQGEU7O+W
ReP3gH4xk9JIcelh0HKQNt1gfjRK3UbVrjS+ftvnMKRxTLp9IpAcd6/JwEdO
-----END CERTIFICATE-----