Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GCvNyipTWO2sKMZnyyBbFHL5JCk.roa
File:                     GCvNyipTWO2sKMZnyyBbFHL5JCk.roa (raw, json)
Hash identifier:          F65SmKl1ldKBdKG5Y/rMRzEbp7I4Kl+dzFXXP0ZKtUw=
Subject key identifier:   18:2B:CD:CA:2A:53:58:ED:AC:28:C6:67:CB:20:5B:14:72:F9:24:29
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252244A4F64943F4AE78EA88587F5FDB
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GCvNyipTWO2sKMZnyyBbFHL5JCk.roa
Signing time:             Thu 02 Jan 2025 03:49:50 +0000
ROA not before:           Thu 02 Jan 2025 03:49:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210825
IP address blocks:        2a0e:b107:24f0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:44:a4:f6:49:43:f4:ae:78:ea:88:58:7f:5f:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=182bcdca2a5358edac28c667cb205b1472f92429
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:0c:bd:68:aa:da:5d:70:97:a8:a4:49:65:8f:
                    1d:9d:3a:c5:2b:de:b1:20:cc:6e:80:41:29:25:6a:
                    b4:b9:7a:e6:59:1b:cf:b2:05:c7:79:45:a8:e0:48:
                    c4:cc:55:96:8e:52:2c:b4:0f:ce:fa:27:6b:89:9e:
                    96:a2:53:34:56:d9:89:19:0b:28:8b:35:5f:93:46:
                    e5:b8:cb:43:c1:19:dd:2b:6d:0b:12:34:2e:7f:11:
                    1c:21:ac:50:a9:87:b2:4b:e1:55:59:9e:a1:6a:2a:
                    dd:86:9a:41:77:62:2c:16:ec:5c:a4:bc:fe:92:8b:
                    9d:1f:3d:e4:67:da:5b:73:1e:b9:01:68:78:4e:28:
                    e7:0a:d2:06:b1:81:fb:1a:aa:64:ac:c0:3c:0f:6d:
                    23:34:2b:17:df:67:5b:08:3b:bf:71:68:74:0d:19:
                    98:cb:1c:aa:2a:95:3b:02:8b:c2:58:e0:0d:f3:2c:
                    f7:7d:73:a0:c7:e0:89:97:63:af:f7:dc:df:a5:69:
                    95:99:31:12:92:27:b3:2d:91:c0:d9:7c:4a:52:9b:
                    c3:a1:44:93:03:57:48:7d:4b:57:81:06:aa:0e:d4:
                    6e:16:e6:1f:23:5a:73:a8:6b:0e:79:d9:95:ef:7f:
                    70:11:38:e9:ed:f5:37:d2:66:8c:dd:bf:ff:ba:2e:
                    5d:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:2B:CD:CA:2A:53:58:ED:AC:28:C6:67:CB:20:5B:14:72:F9:24:29
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GCvNyipTWO2sKMZnyyBbFHL5JCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:24f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:70:f7:ae:37:3a:ce:37:7a:ce:b5:f7:fb:7a:3b:72:a1:de:
         89:d1:e4:49:12:7a:4e:44:a6:7d:a9:76:24:c8:47:77:c4:5e:
         74:63:d7:f8:76:b4:b5:67:23:95:c1:b5:16:bc:27:00:2d:49:
         e3:aa:a7:a9:92:9a:16:5f:16:8c:ce:ce:c5:14:21:11:8a:04:
         90:c9:5a:ae:62:bb:48:58:71:a9:18:14:04:4a:d7:a1:f5:0b:
         15:8a:1b:08:38:37:c4:44:da:dd:1f:68:23:16:76:b8:76:08:
         ef:2c:07:b6:07:a9:b6:d7:b5:2f:a4:92:fe:98:ce:4d:c4:0f:
         5d:5b:bd:d8:b8:58:06:c2:50:64:64:bd:0e:5e:29:c1:23:29:
         11:a7:1d:fe:d3:86:e4:92:2c:4d:06:a6:33:8e:01:bd:29:50:
         32:a3:68:14:ce:41:af:6e:81:08:aa:cf:8c:f4:a4:9f:f4:8d:
         d4:6e:49:7c:40:9e:84:c5:8b:4d:cc:9d:6d:f0:a5:57:89:e5:
         7b:e7:fa:42:51:be:c8:f8:65:60:25:4a:5e:bf:f7:9e:a0:cd:
         71:80:da:fe:af:22:16:3a:cf:88:8e:da:f0:c8:04:4d:e3:81:
         fe:70:e7:80:72:6a:64:a7:2c:1b:57:b6:b7:65:d9:3e:51:5c:
         10:61:d1:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIkSk9klD9K546ohYf1/bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODJiY2RjYTJhNTM1OGVkYWMyOGM2NjdjYjIwNWIxNDcyZjkyNDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgy9aKraXXCXqKRJZY8dnTrFK96x
IMxugEEpJWq0uXrmWRvPsgXHeUWo4EjEzFWWjlIstA/O+idriZ6WolM0VtmJGQso
izVfk0bluMtDwRndK20LEjQufxEcIaxQqYeyS+FVWZ6hairdhppBd2IsFuxcpLz+
koudHz3kZ9pbcx65AWh4TijnCtIGsYH7GqpkrMA8D20jNCsX32dbCDu/cWh0DRmY
yxyqKpU7AovCWOAN8yz3fXOgx+CJl2Ov99zfpWmVmTESkiezLZHA2XxKUpvDoUST
A1dIfUtXgQaqDtRuFuYfI1pzqGsOedmV739wETjp7fU30maM3b//ui5doQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBgrzcoqU1jtrCjGZ8sgWxRy+SQpMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvR0N2TnlpcFRXTzJzS01abnl5QmJGSEw1SkNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xByTw
MA0GCSqGSIb3DQEBCwUAA4IBAQCKcPeuNzrON3rOtff7ejtyod6J0eRJEnpORKZ9
qXYkyEd3xF50Y9f4drS1ZyOVwbUWvCcALUnjqqepkpoWXxaMzs7FFCERigSQyVqu
YrtIWHGpGBQESteh9QsVihsIODfERNrdH2gjFna4dgjvLAe2B6m217UvpJL+mM5N
xA9dW73YuFgGwlBkZL0OXinBIykRpx3+04bkkixNBqYzjgG9KVAyo2gUzkGvboEI
qs+M9KSf9I3Ubkl8QJ6ExYtNzJ1t8KVXieV75/pCUb7I+GVgJUpev/eeoM1xgNr+
ryIWOs+IjtrwyARN44H+cOeAcmpkpywbV7a3Zdk+UVwQYdHD
-----END CERTIFICATE-----