Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/FRo5_wsRXkWUTMmvpr1WXDDO6Yw.roa
File:                     FRo5_wsRXkWUTMmvpr1WXDDO6Yw.roa (raw, json)
Hash identifier:          9s6iQ2SuuYEEb76jIjykN+8cucxbT2XGDS0I7BpqbLA=
Subject key identifier:   15:1A:39:FF:0B:11:5E:45:94:4C:C9:AF:A6:BD:56:5C:30:CE:E9:8C
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522199762B1099266F4965F668A263B
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/FRo5_wsRXkWUTMmvpr1WXDDO6Yw.roa
Signing time:             Thu 02 Jan 2025 03:49:39 +0000
ROA not before:           Thu 02 Jan 2025 03:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204617
IP address blocks:        2a0e:97c0:b40::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:19:97:62:b1:09:92:66:f4:96:5f:66:8a:26:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=151a39ff0b115e45944cc9afa6bd565c30cee98c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:1a:4b:56:55:03:60:3e:ca:d7:4f:0c:eb:17:
                    24:1e:6a:fa:d6:ab:bb:8e:5c:da:dd:a2:d6:3d:34:
                    83:c7:b0:ba:b8:c4:53:87:10:94:68:3b:a0:95:ad:
                    72:cb:77:f9:3b:31:14:61:e7:8f:f8:7c:63:02:ae:
                    ad:9b:34:e2:2d:60:08:ee:f8:6b:cb:f3:a8:97:18:
                    9f:d3:f8:0d:87:c8:a4:3b:7c:ba:1d:70:eb:3d:80:
                    c9:dc:7b:d3:04:23:bd:09:50:72:9f:d0:b5:01:ac:
                    41:f3:6a:75:fa:e2:cd:80:d6:6e:2f:4b:ca:50:da:
                    24:3f:59:4f:f4:e7:95:e2:d3:94:d8:08:54:44:a1:
                    c8:ad:3d:58:f4:df:41:e1:c4:89:ca:42:db:c1:5e:
                    d3:26:54:dc:ba:6c:ba:f7:e2:e3:aa:4c:29:d6:9c:
                    ae:50:e8:e5:25:4c:bd:94:7f:7b:fb:ef:6d:83:1b:
                    53:55:80:c5:13:1b:8a:38:c9:c3:55:c3:14:3b:be:
                    3f:21:52:88:88:94:38:88:f7:72:0d:07:be:a3:ae:
                    89:14:cc:48:ad:0d:4b:4f:49:c8:f9:26:96:a9:be:
                    2a:f9:ea:7d:20:9a:55:3a:59:5b:49:24:f3:2e:b8:
                    3f:f0:b1:9d:98:20:75:51:2e:19:7e:b1:4a:37:95:
                    0c:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:1A:39:FF:0B:11:5E:45:94:4C:C9:AF:A6:BD:56:5C:30:CE:E9:8C
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/FRo5_wsRXkWUTMmvpr1WXDDO6Yw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:b40::/44

    Signature Algorithm: sha256WithRSAEncryption
         b3:df:81:5c:f8:9b:92:61:43:e8:21:52:40:8a:f4:d4:9d:cc:
         d1:28:22:20:9a:2c:22:4b:9e:dc:92:bc:5d:0d:50:68:bd:1b:
         68:1b:4b:53:31:a7:0b:0d:24:64:15:ec:b9:fb:ec:33:3b:d6:
         6a:49:09:e8:09:e0:e7:68:89:da:0d:2b:1b:40:da:68:51:30:
         28:1c:54:dc:14:ad:39:bd:e7:37:16:49:85:9f:6a:96:ac:bf:
         a9:a9:31:32:01:97:c6:2f:c1:39:26:be:2a:3f:11:08:a1:a3:
         0c:65:a7:bb:9c:4e:00:96:ec:56:19:cd:fd:17:41:af:06:d8:
         ba:b8:2a:f7:76:17:bf:05:74:0a:43:dc:86:35:b9:39:03:5d:
         c6:04:9d:f6:76:42:39:fd:65:26:77:7d:63:48:51:7d:d2:2f:
         bf:89:50:7e:b5:2c:30:07:2e:52:5c:56:bc:5b:4b:32:5e:36:
         c6:6c:88:eb:49:e7:fc:97:59:d0:1b:8a:9f:0b:a4:d5:1e:95:
         01:0e:ef:3b:7f:6f:c1:61:5e:a3:8e:15:2b:a6:8d:26:0f:4d:
         81:38:59:a4:d8:0f:bc:10:6c:90:e5:6c:8b:8b:29:f0:c6:47:
         fb:e9:3b:fd:63:40:05:5a:19:c3:1c:72:8e:a7:f3:87:1d:24:
         70:06:c6:87
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIhmXYrEJkmb0ll9miiY7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTFhMzlmZjBiMTE1ZTQ1OTQ0Y2M5YWZhNmJkNTY1YzMwY2VlOThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRpLVlUDYD7K108M6xckHmr61qu7
jlza3aLWPTSDx7C6uMRThxCUaDugla1yy3f5OzEUYeeP+HxjAq6tmzTiLWAI7vhr
y/Oolxif0/gNh8ikO3y6HXDrPYDJ3HvTBCO9CVByn9C1AaxB82p1+uLNgNZuL0vK
UNokP1lP9OeV4tOU2AhURKHIrT1Y9N9B4cSJykLbwV7TJlTcumy69+Ljqkwp1pyu
UOjlJUy9lH97++9tgxtTVYDFExuKOMnDVcMUO74/IVKIiJQ4iPdyDQe+o66JFMxI
rQ1LT0nI+SaWqb4q+ep9IJpVOllbSSTzLrg/8LGdmCB1US4ZfrFKN5UMVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBUaOf8LEV5FlEzJr6a9VlwwzumMMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRlJvNV93c1JYa1dVVE1tdnByMVdYRERPNll3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAtA
MA0GCSqGSIb3DQEBCwUAA4IBAQCz34Fc+JuSYUPoIVJAivTUnczRKCIgmiwiS57c
krxdDVBovRtoG0tTMacLDSRkFey5++wzO9ZqSQnoCeDnaInaDSsbQNpoUTAoHFTc
FK05vec3FkmFn2qWrL+pqTEyAZfGL8E5Jr4qPxEIoaMMZae7nE4AluxWGc39F0Gv
Bti6uCr3dhe/BXQKQ9yGNbk5A13GBJ32dkI5/WUmd31jSFF90i+/iVB+tSwwBy5S
XFa8W0syXjbGbIjrSef8l1nQG4qfC6TVHpUBDu87f2/BYV6jjhUrpo0mD02BOFmk
2A+8EGyQ5WyLiynwxkf76Tv9Y0AFWhnDHHKOp/OHHSRwBsaH
-----END CERTIFICATE-----