Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/FIqg7iQvaC-AYrYBtfHtclTIY6Y.roa
File:                     FIqg7iQvaC-AYrYBtfHtclTIY6Y.roa (raw, json)
Hash identifier:          QFEJakzjd7+ziIy2pnfjrqkp3Aa9eA6Zeqkr/HgoZpU=
Subject key identifier:   14:8A:A0:EE:24:2F:68:2F:80:62:B6:01:B5:F1:ED:72:54:C8:63:A6
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019914663701406E52E358D88643EA2D58DB
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/FIqg7iQvaC-AYrYBtfHtclTIY6Y.roa
Signing time:             Thu 04 Sep 2025 11:04:26 +0000
ROA not before:           Thu 04 Sep 2025 11:04:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202673
IP address blocks:        2a0e:97c0:4a0::/44 maxlen: 48
                          2a0e:97c0:c40::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 03:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:14:66:37:01:40:6e:52:e3:58:d8:86:43:ea:2d:58:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Sep  4 11:04:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=148aa0ee242f682f8062b601b5f1ed7254c863a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:95:4d:71:39:00:1b:60:60:29:32:5e:32:82:
                    5e:27:de:4c:41:ce:a1:63:2b:31:fb:37:27:ed:9e:
                    d7:48:bb:b8:7e:67:50:5c:21:ab:3b:60:85:10:9a:
                    22:60:ca:47:e6:b8:e0:6e:3b:0c:21:60:0c:20:13:
                    c5:37:ac:d8:6d:05:20:b5:9f:a3:a5:9f:bf:79:61:
                    e0:d4:78:37:6e:4f:52:b2:ad:c6:e0:92:6e:41:b6:
                    6d:e4:97:7d:dd:ec:12:75:76:de:fc:04:aa:07:eb:
                    69:cf:b3:a4:a6:c7:4f:ad:a4:35:d9:3e:36:9d:15:
                    24:5b:c8:f9:14:96:c7:15:60:4d:f8:04:20:72:f8:
                    a3:05:95:cd:45:fc:34:b2:de:e8:c9:e0:9d:77:16:
                    9e:b9:87:89:42:99:bb:4b:71:c1:c9:6a:f6:49:f9:
                    68:2b:6e:a8:38:bc:5a:08:e4:00:70:6b:99:b1:11:
                    ee:d7:d0:63:18:9c:aa:b3:46:ae:c3:fe:0f:c8:66:
                    62:6b:d5:0d:e5:ac:f2:6b:40:28:26:7a:14:69:33:
                    90:7f:6d:7a:03:2c:0e:b9:9b:5f:68:71:dc:70:1b:
                    5b:90:c3:5b:41:60:bb:f5:bd:d1:e8:1b:92:79:7f:
                    70:0d:f7:37:af:2e:99:de:63:e8:1c:21:32:c3:30:
                    6a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:8A:A0:EE:24:2F:68:2F:80:62:B6:01:B5:F1:ED:72:54:C8:63:A6
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/FIqg7iQvaC-AYrYBtfHtclTIY6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:4a0::/44
                  2a0e:97c0:c40::/44

    Signature Algorithm: sha256WithRSAEncryption
         a4:67:63:05:9e:79:08:70:1a:98:93:75:a3:03:13:c5:2e:b7:
         3b:1a:8a:ad:aa:7e:ed:a5:86:bb:1e:5a:65:5e:65:7e:12:c2:
         36:f1:e9:ba:7b:c8:ec:bc:3c:3c:bf:00:ee:9f:e6:90:c9:4d:
         f3:75:aa:a4:84:a1:d7:1a:63:bd:47:ec:72:8a:73:87:97:4a:
         10:ce:b1:5a:2c:19:5f:cc:6f:e9:c8:2d:f7:2a:da:ba:ae:d2:
         d5:73:cc:e8:aa:14:01:12:bc:3e:2f:b2:f5:3c:58:a4:f7:f1:
         85:06:4c:3b:15:e9:d1:68:51:7e:b5:60:65:b2:10:a7:f8:12:
         50:97:b2:bc:84:2b:b1:8d:ba:dc:ee:44:a8:41:2d:be:84:9d:
         5e:c7:f5:64:1b:40:b2:8b:ca:65:07:f7:96:4c:c0:e9:47:b4:
         d6:72:5e:0e:5e:ad:b6:a1:63:43:14:fe:da:b5:22:b7:a6:8e:
         8c:1b:92:63:4d:0b:ed:21:6c:45:51:a7:85:d3:89:e2:c4:26:
         16:21:38:69:34:dc:ef:29:db:91:85:7a:98:c9:35:77:2e:57:
         a4:d1:66:30:2f:2b:6f:08:12:a3:0c:75:f1:be:15:18:f4:b9:
         e4:ab:8d:63:43:7a:e0:54:39:4c:a4:ef:ec:c5:02:00:a0:ee:
         c9:41:25:a8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkUZjcBQG5S41jYhkPqLVjbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwOTA0MTEwNDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDhhYTBlZTI0MmY2ODJmODA2MmI2MDFiNWYxZWQ3MjU0Yzg2M2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpVNcTkAG2BgKTJeMoJeJ95MQc6h
Yysx+zcn7Z7XSLu4fmdQXCGrO2CFEJoiYMpH5rjgbjsMIWAMIBPFN6zYbQUgtZ+j
pZ+/eWHg1Hg3bk9Ssq3G4JJuQbZt5Jd93ewSdXbe/ASqB+tpz7OkpsdPraQ12T42
nRUkW8j5FJbHFWBN+AQgcvijBZXNRfw0st7oyeCddxaeuYeJQpm7S3HByWr2Sflo
K26oOLxaCOQAcGuZsRHu19BjGJyqs0auw/4PyGZia9UN5azya0AoJnoUaTOQf216
AywOuZtfaHHccBtbkMNbQWC79b3R6BuSeX9wDfc3ry6Z3mPoHCEywzBqKwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBSKoO4kL2gvgGK2AbXx7XJUyGOmMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRklxZzdpUXZhQy1BWXJZQnRmSHRjbFRJWTZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6XwASg
AwcEKg6XwAxAMA0GCSqGSIb3DQEBCwUAA4IBAQCkZ2MFnnkIcBqYk3WjAxPFLrc7
Goqtqn7tpYa7HlplXmV+EsI28em6e8jsvDw8vwDun+aQyU3zdaqkhKHXGmO9R+xy
inOHl0oQzrFaLBlfzG/pyC33Ktq6rtLVc8zoqhQBErw+L7L1PFik9/GFBkw7FenR
aFF+tWBlshCn+BJQl7K8hCuxjbrc7kSoQS2+hJ1ex/VkG0Cyi8plB/eWTMDpR7TW
cl4OXq22oWNDFP7atSK3po6MG5JjTQvtIWxFUaeF04nixCYWIThpNNzvKduRhXqY
yTV3Llek0WYwLytvCBKjDHXxvhUY9Lnkq41jQ3rgVDlMpO/sxQIAoO7JQSWo
-----END CERTIFICATE-----