Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EiETTqG4z9zOK63DS5W0PHwWqWM.roa
File:                     EiETTqG4z9zOK63DS5W0PHwWqWM.roa (raw, json)
Hash identifier:          r/Dw5hWyhaCMKAh/QCaxurx2v2jPEXpSvu9C+aHV6ug=
Subject key identifier:   12:21:13:4E:A1:B8:CF:DC:CE:2B:AD:C3:4B:95:B4:3C:7C:16:A9:63
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521F7ECB32C423E00935CBB9185AC83
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EiETTqG4z9zOK63DS5W0PHwWqWM.roa
Signing time:             Thu 02 Jan 2025 03:49:30 +0000
ROA not before:           Thu 02 Jan 2025 03:49:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198747
IP address blocks:        2a0e:97c0:388::/48 maxlen: 48
                          2a0e:97c0:38f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:f7:ec:b3:2c:42:3e:00:93:5c:bb:91:85:ac:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1221134ea1b8cfdcce2badc34b95b43c7c16a963
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:79:5b:60:c4:db:26:0d:10:3d:08:67:9c:80:
                    e8:5a:54:e3:47:f9:2c:93:85:5b:05:45:61:da:f2:
                    67:91:62:22:eb:50:7a:90:fb:8f:2c:a5:ca:ba:65:
                    f7:93:cb:42:3c:b4:9f:77:0c:b9:98:f1:25:2d:a8:
                    53:47:fc:47:cf:62:44:cd:60:7a:d8:e5:b6:58:13:
                    7f:f2:96:62:96:70:fc:89:e2:30:79:96:ad:da:97:
                    1c:91:00:60:e0:52:52:ad:21:01:e5:97:90:a9:64:
                    25:5b:17:bf:93:8d:36:cd:c4:f8:de:20:1e:ee:2b:
                    89:55:04:e9:1c:d6:83:f0:bb:18:19:ba:da:cf:4e:
                    04:c9:57:9f:b4:7f:15:b7:64:9c:5c:22:e9:60:bd:
                    ac:4f:b6:d1:a7:4a:7c:e9:52:2f:89:bf:a6:d5:2c:
                    52:8a:22:27:67:26:6d:06:10:a2:7a:cc:b9:be:2e:
                    b2:94:de:66:43:9b:37:fd:af:13:41:0e:fa:15:f0:
                    d9:26:69:2a:32:b6:1e:0d:21:a9:9c:ba:18:7a:4b:
                    1a:c7:58:7e:42:03:e3:6e:1b:e0:67:00:be:3c:a7:
                    54:aa:bc:f8:d0:3e:9f:17:ea:1b:de:23:37:d6:34:
                    d2:e0:f2:89:90:ad:07:05:d8:b5:ea:37:62:31:0a:
                    0e:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:21:13:4E:A1:B8:CF:DC:CE:2B:AD:C3:4B:95:B4:3C:7C:16:A9:63
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EiETTqG4z9zOK63DS5W0PHwWqWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:388::/48
                  2a0e:97c0:38f::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:70:8c:5e:5f:c5:93:06:88:07:3e:e0:f8:75:80:5e:ab:a5:
         0a:d1:7b:80:28:7c:81:d1:72:57:0e:77:98:e2:82:f9:4c:ea:
         44:6f:7e:da:c3:c5:c1:c3:52:98:1e:d2:8a:07:6e:f7:fb:10:
         01:7c:89:a1:36:eb:3f:a4:9f:36:74:bb:48:3f:42:d4:56:48:
         0c:c3:23:f9:4e:00:f7:6b:e8:41:4c:4f:f1:07:79:9c:2c:7b:
         ea:16:18:b5:22:4f:0a:65:77:d9:cf:51:3b:3b:21:52:f9:b7:
         04:0a:be:a6:b6:d6:d3:e4:84:9c:7b:2f:3b:5c:bf:a2:34:04:
         bb:6d:a8:0c:e3:20:0f:2b:76:4d:88:96:6a:77:1a:3e:92:36:
         66:6b:b2:39:d6:ef:a0:5d:2f:df:96:cf:20:97:28:37:40:26:
         d7:dc:e6:b7:a3:e8:5e:e0:e1:51:5e:ec:d7:13:36:00:29:de:
         7c:2e:87:e8:77:fc:3d:58:91:e8:91:e7:f2:7a:2b:5f:a4:c5:
         ea:eb:88:fb:0d:c4:45:e0:d8:c8:ae:b1:c3:1e:c3:10:8e:ee:
         fc:6f:fb:b6:5a:d7:66:bd:7e:6c:70:8a:70:c2:7f:a3:7a:08:
         a8:c7:6a:be:8a:51:32:53:2b:f1:bc:41:0e:0d:a9:62:33:91:
         df:fc:ea:7d
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIffssyxCPgCTXLuRhayDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjIxMTM0ZWExYjhjZmRjY2UyYmFkYzM0Yjk1YjQzYzdjMTZhOTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHlbYMTbJg0QPQhnnIDoWlTjR/ks
k4VbBUVh2vJnkWIi61B6kPuPLKXKumX3k8tCPLSfdwy5mPElLahTR/xHz2JEzWB6
2OW2WBN/8pZilnD8ieIweZat2pcckQBg4FJSrSEB5ZeQqWQlWxe/k402zcT43iAe
7iuJVQTpHNaD8LsYGbraz04EyVeftH8Vt2ScXCLpYL2sT7bRp0p86VIvib+m1SxS
iiInZyZtBhCiesy5vi6ylN5mQ5s3/a8TQQ76FfDZJmkqMrYeDSGpnLoYeksax1h+
QgPjbhvgZwC+PKdUqrz40D6fF+ob3iM31jTS4PKJkK0HBdi16jdiMQoOfwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBIhE06huM/cziutw0uVtDx8FqljMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRWlFVFRxRzR6OXpPSzYzRFM1VzBQSHdXcVdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6XwAOI
AwcAKg6XwAOPMA0GCSqGSIb3DQEBCwUAA4IBAQBicIxeX8WTBogHPuD4dYBeq6UK
0XuAKHyB0XJXDneY4oL5TOpEb37aw8XBw1KYHtKKB273+xABfImhNus/pJ82dLtI
P0LUVkgMwyP5TgD3a+hBTE/xB3mcLHvqFhi1Ik8KZXfZz1E7OyFS+bcECr6mttbT
5IScey87XL+iNAS7bagM4yAPK3ZNiJZqdxo+kjZma7I51u+gXS/fls8glyg3QCbX
3Oa3o+he4OFRXuzXEzYAKd58Lofod/w9WJHokefyeitfpMXq64j7DcRF4NjIrrHD
HsMQju78b/u2WtdmvX5scIpwwn+jegiox2q+ilEyUyvxvEEODaliM5Hf/Op9
-----END CERTIFICATE-----