Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GZmF2BChNR8dKXcAFklfG3RmyFk.roa
File:                     GZmF2BChNR8dKXcAFklfG3RmyFk.roa (raw, json)
Hash identifier:          s43pBeZAgKBBQEyRRxN4fDGAwd/P9Xsyr0+EoYOzK18=
Subject key identifier:   19:99:85:D8:10:A1:35:1F:1D:29:77:00:16:49:5F:1B:74:66:C8:59
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522239483F7C71EB1DDF5A9FC83C9AD
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GZmF2BChNR8dKXcAFklfG3RmyFk.roa
Signing time:             Thu 02 Jan 2025 03:49:41 +0000
ROA not before:           Thu 02 Jan 2025 03:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206569
IP address blocks:        2a0e:b107:19b0::/48 maxlen: 48
                          2a0e:b107:19b1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:23:94:83:f7:c7:1e:b1:dd:f5:a9:fc:83:c9:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=199985d810a1351f1d29770016495f1b7466c859
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:0f:b2:0a:d0:7b:df:6d:7c:87:c6:47:9d:6f:
                    92:32:bd:61:4c:90:71:e3:77:34:b6:a3:f6:97:47:
                    1d:0b:a9:d4:53:8c:7f:54:ea:f6:98:45:ec:a1:2c:
                    39:44:84:bc:b3:18:98:f3:de:ea:7a:c2:5c:12:34:
                    95:16:7c:12:6d:91:da:5b:1f:eb:83:98:f9:80:ac:
                    6b:a3:41:ae:54:90:f2:47:ae:db:0d:e4:80:c2:53:
                    81:58:20:7d:e1:8b:94:a2:2b:ec:26:77:54:fa:e8:
                    92:ee:5b:d3:36:3d:9a:33:c5:d6:e7:c1:a7:b3:27:
                    26:96:8c:09:1a:83:91:43:b1:93:00:f4:26:15:42:
                    ad:d3:79:c5:30:c5:fd:13:77:6f:dc:32:f1:da:e8:
                    e8:7c:c1:ef:b7:95:0e:dd:a7:cf:ba:24:61:c2:26:
                    f0:16:f4:bb:e8:87:9a:55:f6:42:de:a8:d2:c4:6c:
                    2e:df:12:19:b6:19:a2:5e:5f:f1:f7:5b:d2:b8:90:
                    c1:3d:1e:c1:58:52:f8:ad:82:81:ca:85:5f:83:aa:
                    50:bb:19:92:a0:96:ad:27:f5:a6:7d:1b:d0:7a:a5:
                    cf:da:4c:46:00:87:ec:d9:9b:70:9a:e3:06:53:06:
                    d6:a7:b4:d0:8b:23:4d:62:ea:7d:b8:cd:05:15:cd:
                    b3:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:99:85:D8:10:A1:35:1F:1D:29:77:00:16:49:5F:1B:74:66:C8:59
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GZmF2BChNR8dKXcAFklfG3RmyFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:19b0::/47

    Signature Algorithm: sha256WithRSAEncryption
         b0:ef:df:ea:21:14:44:54:d6:9f:3b:4b:2f:ad:fe:e1:15:c7:
         7e:55:ae:26:ac:6b:69:a3:35:f5:0e:30:cb:1c:c0:fe:a1:3d:
         4f:1b:f8:45:7f:cc:d7:d6:cf:07:b6:58:57:2b:89:ed:6e:3b:
         93:af:0a:50:4b:5b:df:fa:60:d4:7e:a1:f6:bf:8f:c7:53:21:
         b5:c2:fc:8f:e9:14:57:1b:60:b2:17:21:af:2b:c5:6c:61:3c:
         aa:ab:dc:07:9d:9b:8a:ad:5e:e9:5f:13:6b:db:de:d3:7d:5d:
         ca:ab:b9:61:7d:f6:4b:88:d6:b4:3a:bf:d2:5d:0d:6e:9e:fa:
         54:a4:18:a7:ff:27:77:16:5a:53:05:7e:70:ab:90:56:a7:4b:
         e6:8e:82:80:2e:dc:93:7b:ed:0b:a8:ad:e5:b9:cd:72:c1:ab:
         53:de:67:91:66:63:4e:0d:98:b6:3d:c3:0d:ac:6e:aa:16:45:
         a8:32:3d:8d:09:0e:74:d8:b6:96:5b:a0:60:8a:8b:e2:d3:ec:
         eb:c3:30:1a:08:70:a5:46:9d:53:60:ad:df:c4:b5:2d:5a:11:
         cc:cf:d0:bc:a1:98:4c:79:d4:71:d6:c7:42:f0:82:9f:89:a3:
         cc:75:18:5a:3c:83:73:5f:11:e1:5f:6d:29:ac:a1:2e:ae:46:
         b3:8b:2d:73
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIiOUg/fHHrHd9an8g8mtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTk5ODVkODEwYTEzNTFmMWQyOTc3MDAxNjQ5NWYxYjc0NjZjODU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzw+yCtB73218h8ZHnW+SMr1hTJBx
43c0tqP2l0cdC6nUU4x/VOr2mEXsoSw5RIS8sxiY897qesJcEjSVFnwSbZHaWx/r
g5j5gKxro0GuVJDyR67bDeSAwlOBWCB94YuUoivsJndU+uiS7lvTNj2aM8XW58Gn
sycmlowJGoORQ7GTAPQmFUKt03nFMMX9E3dv3DLx2ujofMHvt5UO3afPuiRhwibw
FvS76IeaVfZC3qjSxGwu3xIZthmiXl/x91vSuJDBPR7BWFL4rYKByoVfg6pQuxmS
oJatJ/WmfRvQeqXP2kxGAIfs2ZtwmuMGUwbWp7TQiyNNYup9uM0FFc2zeQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBmZhdgQoTUfHSl3ABZJXxt0ZshZMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvR1ptRjJCQ2hOUjhkS1hjQUZrbGZHM1JteUZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKg6xBxmw
MA0GCSqGSIb3DQEBCwUAA4IBAQCw79/qIRREVNafO0svrf7hFcd+Va4mrGtpozX1
DjDLHMD+oT1PG/hFf8zX1s8HtlhXK4ntbjuTrwpQS1vf+mDUfqH2v4/HUyG1wvyP
6RRXG2CyFyGvK8VsYTyqq9wHnZuKrV7pXxNr297TfV3Kq7lhffZLiNa0Or/SXQ1u
nvpUpBin/yd3FlpTBX5wq5BWp0vmjoKALtyTe+0LqK3luc1ywatT3meRZmNODZi2
PcMNrG6qFkWoMj2NCQ502LaWW6Bgiovi0+zrwzAaCHClRp1TYK3fxLUtWhHMz9C8
oZhMedRx1sdC8IKfiaPMdRhaPINzXxHhX20prKEurkaziy1z
-----END CERTIFICATE-----