Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GXmUxUa8OrGz_93Rdn134KKzyC4.roa
File:                     GXmUxUa8OrGz_93Rdn134KKzyC4.roa (raw, json)
Hash identifier:          WupXu9O8QetouCT+301x4M1XIEkqMPojm3NEohuu5wQ=
Subject key identifier:   19:79:94:C5:46:BC:3A:B1:B3:FF:DD:D1:76:7D:77:E0:A2:B3:C8:2E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522515298A0A95117884126F15C934E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GXmUxUa8OrGz_93Rdn134KKzyC4.roa
Signing time:             Thu 02 Jan 2025 03:49:53 +0000
ROA not before:           Thu 02 Jan 2025 03:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211486
IP address blocks:        2a0e:b107:dc6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:51:52:98:a0:a9:51:17:88:41:26:f1:5c:93:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=197994c546bc3ab1b3ffddd1767d77e0a2b3c82e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:50:f9:e9:43:47:85:87:16:8b:9a:7a:36:e7:
                    e2:2b:02:2e:42:1a:ef:7f:a4:58:2b:40:e4:a4:ac:
                    d0:72:0d:86:b3:4c:c3:6b:e1:23:ec:17:a3:12:23:
                    b7:18:68:61:3b:1d:32:19:1a:22:a1:6f:fc:30:84:
                    1b:6b:64:19:29:ff:ef:0f:3f:d9:31:71:3c:70:38:
                    ad:c8:e8:f6:f3:e8:ee:9d:f7:c9:71:4c:3d:20:6f:
                    07:b5:b5:c3:e4:26:bd:cd:3e:98:07:e7:07:d2:4f:
                    d3:85:26:33:8e:e5:f4:fd:6a:4e:c7:28:fb:03:8f:
                    35:14:0a:99:40:43:2e:43:87:75:88:35:4f:10:a9:
                    ab:35:a5:13:71:e3:23:83:f6:fe:87:ed:73:25:50:
                    70:8f:55:b6:3a:22:1f:ed:b4:94:23:08:d9:63:ce:
                    66:e1:36:31:e3:de:40:ff:d5:ee:85:96:e2:5f:1e:
                    65:9b:21:1a:d6:e9:29:b0:3e:56:ec:a3:53:c8:d7:
                    c3:c2:e6:cf:db:bb:23:af:41:c1:23:49:68:c4:b4:
                    b5:c0:03:9b:8a:c8:d7:7a:be:81:1d:68:5f:ed:ea:
                    02:d2:eb:f1:ce:e3:57:9a:aa:3b:4b:e8:35:09:e1:
                    17:98:8b:90:bb:aa:b8:df:24:1e:e3:1e:a0:72:3b:
                    66:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:79:94:C5:46:BC:3A:B1:B3:FF:DD:D1:76:7D:77:E0:A2:B3:C8:2E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GXmUxUa8OrGz_93Rdn134KKzyC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:dc6::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:df:8a:9b:48:ad:f8:e0:a8:c4:ed:cb:35:89:19:32:4b:a3:
         49:62:68:a6:d2:74:e0:97:41:dc:cd:dc:ea:c8:17:88:2f:00:
         b3:87:08:91:95:42:03:2f:54:d3:87:69:db:14:f5:66:c5:08:
         e2:ee:b4:27:4d:60:c8:37:60:d8:5c:bf:96:b4:70:15:9a:cb:
         e7:bd:f8:59:fd:9f:e7:34:f8:15:2a:69:d9:bb:b5:38:0c:4b:
         64:a9:d2:3d:1e:74:7a:c9:8b:84:02:d8:15:3f:68:c7:83:7a:
         52:bc:28:7a:26:45:2b:22:d4:93:93:a9:43:05:d9:26:58:e3:
         d9:2c:9c:68:d3:df:56:9b:b9:ed:4b:fe:2b:8c:21:9b:a6:8d:
         d5:6a:6e:52:9f:7b:af:f2:2f:09:f6:a9:8b:22:80:8e:0c:cf:
         be:c0:05:d6:2d:c1:fb:ee:24:47:62:8b:ef:1d:b1:46:03:1e:
         c5:8b:2f:81:78:bb:8e:25:8f:8c:7e:6b:06:7f:41:90:82:3b:
         f3:8a:9c:9e:96:a3:6f:c6:31:cc:d9:58:dc:3d:f5:1b:59:b6:
         59:3a:aa:0d:ae:8a:e9:bd:07:46:20:44:4b:51:6c:5c:64:6c:
         71:d9:a1:70:3c:10:48:66:b4:f1:32:73:a7:06:33:20:bf:74:
         f8:a0:6c:1c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIlFSmKCpUReIQSbxXJNOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTc5OTRjNTQ2YmMzYWIxYjNmZmRkZDE3NjdkNzdlMGEyYjNjODJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlD56UNHhYcWi5p6NufiKwIuQhrv
f6RYK0DkpKzQcg2Gs0zDa+Ej7BejEiO3GGhhOx0yGRoioW/8MIQba2QZKf/vDz/Z
MXE8cDityOj28+junffJcUw9IG8HtbXD5Ca9zT6YB+cH0k/ThSYzjuX0/WpOxyj7
A481FAqZQEMuQ4d1iDVPEKmrNaUTceMjg/b+h+1zJVBwj1W2OiIf7bSUIwjZY85m
4TYx495A/9XuhZbiXx5lmyEa1ukpsD5W7KNTyNfDwubP27sjr0HBI0loxLS1wAOb
isjXer6BHWhf7eoC0uvxzuNXmqo7S+g1CeEXmIuQu6q43yQe4x6gcjtmiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBl5lMVGvDqxs//d0XZ9d+Cis8guMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvR1htVXhVYThPckd6XzkzUmRuMTM0S0t6eUM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBw3G
MA0GCSqGSIb3DQEBCwUAA4IBAQBj34qbSK344KjE7cs1iRkyS6NJYmim0nTgl0Hc
zdzqyBeILwCzhwiRlUIDL1TTh2nbFPVmxQji7rQnTWDIN2DYXL+WtHAVmsvnvfhZ
/Z/nNPgVKmnZu7U4DEtkqdI9HnR6yYuEAtgVP2jHg3pSvCh6JkUrItSTk6lDBdkm
WOPZLJxo099Wm7ntS/4rjCGbpo3Vam5Sn3uv8i8J9qmLIoCODM++wAXWLcH77iRH
YovvHbFGAx7Fiy+BeLuOJY+MfmsGf0GQgjvzipyelqNvxjHM2VjcPfUbWbZZOqoN
rorpvQdGIERLUWxcZGxx2aFwPBBIZrTxMnOnBjMgv3T4oGwc
-----END CERTIFICATE-----