Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/FYIrkRtHaqbre-k6Yk4Uvm9C4as.roa
File:                     FYIrkRtHaqbre-k6Yk4Uvm9C4as.roa (raw, json)
Hash identifier:          refr1FbT4+pHGoJuSVJfCczHrYz1LuXnwlR7mRzOTbc=
Subject key identifier:   15:82:2B:91:1B:47:6A:A6:EB:7B:E9:3A:62:4E:14:BE:6F:42:E1:AB
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521CC08EA75CC13EEBDE122153FE5B5
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/FYIrkRtHaqbre-k6Yk4Uvm9C4as.roa
Signing time:             Thu 02 Jan 2025 03:49:19 +0000
ROA not before:           Thu 02 Jan 2025 03:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38255
IP address blocks:        2a0e:b107:740::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:cc:08:ea:75:cc:13:ee:bd:e1:22:15:3f:e5:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15822b911b476aa6eb7be93a624e14be6f42e1ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:5e:4a:0e:38:75:f3:df:33:12:16:16:4e:6e:
                    f4:1d:07:b8:78:d7:87:f8:57:4d:5a:c1:bc:a0:c9:
                    ee:33:0a:78:c6:ed:9c:47:bf:ae:06:43:69:9f:00:
                    46:5b:8e:c3:2d:04:e6:9f:c2:88:04:d3:37:a5:b7:
                    26:6e:ee:38:2c:ec:ea:3b:b1:6d:3e:61:9a:eb:bc:
                    c1:e8:3b:0d:ad:2e:08:ad:f0:17:19:29:85:cc:91:
                    31:d4:59:5e:4c:61:50:79:34:e0:1d:fb:a3:46:1b:
                    61:b5:6c:72:e1:d1:4d:28:a1:bc:bd:eb:c3:23:a9:
                    0f:44:a4:d1:27:40:04:34:da:f9:85:e1:32:5d:84:
                    17:f3:78:1e:2d:40:a4:ef:9f:d6:93:dd:b0:01:13:
                    fa:78:25:40:b0:bb:cd:be:77:21:75:69:e8:70:47:
                    e8:b0:bf:f3:52:c3:64:bb:cb:47:b6:9a:00:69:a5:
                    5b:41:8b:d8:81:3d:1d:3c:b8:a3:76:8c:e0:e4:07:
                    56:00:09:eb:4a:b0:f9:6d:85:ac:f4:97:cb:58:89:
                    26:4a:8d:be:6d:f7:aa:ed:60:01:95:d9:f4:fc:d7:
                    d9:91:41:ed:45:c2:7d:d0:4b:e2:3e:4e:eb:db:1f:
                    52:13:ba:71:9e:7c:c0:7d:fc:fa:a9:40:1d:1c:b3:
                    3e:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:82:2B:91:1B:47:6A:A6:EB:7B:E9:3A:62:4E:14:BE:6F:42:E1:AB
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/FYIrkRtHaqbre-k6Yk4Uvm9C4as.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:740::/44

    Signature Algorithm: sha256WithRSAEncryption
         43:f0:4f:38:4f:be:c7:25:aa:60:9b:69:48:c0:3e:7c:66:55:
         27:03:75:3f:db:25:3a:7b:20:e7:a2:57:73:10:b8:57:ee:aa:
         db:38:29:8e:9e:ac:f3:77:1c:42:ce:78:01:bf:6a:e5:45:47:
         0f:b5:eb:5b:58:5c:c9:39:c5:4e:36:c7:14:14:b9:83:f7:b3:
         cf:4a:28:60:76:d2:2f:d0:93:0a:95:d6:b3:6e:bf:f8:68:a7:
         57:db:5f:b2:f2:f2:7f:81:a4:e6:4f:76:d8:20:3f:7a:9c:40:
         96:ef:72:1e:77:54:0f:0c:ae:f5:e3:aa:80:24:36:c0:0d:b8:
         04:a9:e2:76:69:f0:04:7b:8f:f0:06:ed:12:6d:36:f3:e1:6f:
         35:a7:86:e4:08:2c:26:65:d0:42:4e:f2:80:2a:ba:dd:92:6b:
         7d:55:b2:7a:1e:30:28:1a:a9:97:c6:a6:a7:1f:63:75:df:16:
         af:49:3a:f1:35:a8:db:42:de:d2:de:2e:82:01:60:7a:31:14:
         c6:0a:45:91:5c:eb:9d:40:d6:4b:59:c6:f0:cc:af:af:32:98:
         8e:96:54:4d:59:c8:7e:8c:1f:a3:41:75:70:27:7b:03:8d:3a:
         17:2d:24:d3:8c:1e:e5:f2:70:7c:cd:de:89:19:4f:ee:8c:16:
         35:6c:d7:61
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIcwI6nXME+694SIVP+W1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTgyMmI5MTFiNDc2YWE2ZWI3YmU5M2E2MjRlMTRiZTZmNDJlMWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuF5KDjh1898zEhYWTm70HQe4eNeH
+FdNWsG8oMnuMwp4xu2cR7+uBkNpnwBGW47DLQTmn8KIBNM3pbcmbu44LOzqO7Ft
PmGa67zB6DsNrS4IrfAXGSmFzJEx1FleTGFQeTTgHfujRhthtWxy4dFNKKG8vevD
I6kPRKTRJ0AENNr5heEyXYQX83geLUCk75/Wk92wARP6eCVAsLvNvnchdWnocEfo
sL/zUsNku8tHtpoAaaVbQYvYgT0dPLijdozg5AdWAAnrSrD5bYWs9JfLWIkmSo2+
bfeq7WABldn0/NfZkUHtRcJ90EviPk7r2x9SE7pxnnzAffz6qUAdHLM+dQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBWCK5EbR2qm63vpOmJOFL5vQuGrMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRllJcmtSdEhhcWJyZS1rNllrNFV2bTlDNGFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBwdA
MA0GCSqGSIb3DQEBCwUAA4IBAQBD8E84T77HJapgm2lIwD58ZlUnA3U/2yU6eyDn
oldzELhX7qrbOCmOnqzzdxxCzngBv2rlRUcPtetbWFzJOcVONscUFLmD97PPSihg
dtIv0JMKldazbr/4aKdX21+y8vJ/gaTmT3bYID96nECW73Ied1QPDK7146qAJDbA
DbgEqeJ2afAEe4/wBu0SbTbz4W81p4bkCCwmZdBCTvKAKrrdkmt9VbJ6HjAoGqmX
xqanH2N13xavSTrxNajbQt7S3i6CAWB6MRTGCkWRXOudQNZLWcbwzK+vMpiOllRN
Wch+jB+jQXVwJ3sDjToXLSTTjB7l8nB8zd6JGU/ujBY1bNdh
-----END CERTIFICATE-----