Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Geo2ZBVW4uRBbcJSk5I6BwDRCu8.roa
File:                     Geo2ZBVW4uRBbcJSk5I6BwDRCu8.roa (raw, json)
Hash identifier:          SMqFMX9xHMhomF31RErdCZBbX9Ij85rFhPOMR0bZvaE=
Subject key identifier:   19:EA:36:64:15:56:E2:E4:41:6D:C2:52:93:92:3A:07:00:D1:0A:EF
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01991C13D530E343DE6894BE2C747B3A88C8
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Geo2ZBVW4uRBbcJSk5I6BwDRCu8.roa
Signing time:             Fri 05 Sep 2025 22:51:25 +0000
ROA not before:           Fri 05 Sep 2025 22:51:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211688
IP address blocks:        2a0e:97c0:240::/44 maxlen: 48
                          2a10:ccc0:120::/44 maxlen: 48
                          2a10:ccc0:130::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 22:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:1c:13:d5:30:e3:43:de:68:94:be:2c:74:7b:3a:88:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Sep  5 22:51:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19ea36641556e2e4416dc25293923a0700d10aef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:0e:40:01:1d:b3:2d:73:70:dc:a7:ad:c6:c2:
                    96:90:68:e3:a5:6d:a8:df:82:e0:e1:6f:d3:6f:6c:
                    00:3f:26:95:f0:8e:88:f0:74:63:60:03:6e:90:8b:
                    ac:a9:6f:c7:64:d5:ad:a2:c2:bd:cf:b2:79:01:ab:
                    59:2c:82:ee:41:31:91:cb:87:f8:9e:da:57:58:81:
                    05:82:a9:da:11:bd:47:37:b2:82:fd:b2:d0:5e:5c:
                    48:42:10:58:ee:c3:ad:39:9d:2b:e3:ee:ce:25:2b:
                    2b:ab:ab:ef:c5:36:82:71:50:49:0f:a5:bd:ef:70:
                    65:62:8f:c0:fe:94:90:f2:ec:38:04:f5:56:bf:e9:
                    16:7a:4e:1f:18:39:7b:6a:fd:7a:97:7b:32:52:55:
                    f0:60:8e:4e:e2:17:09:f4:36:b3:53:4c:0e:88:38:
                    b0:ee:0e:b3:98:e1:6e:40:1c:22:5a:65:a8:7c:e2:
                    b9:77:06:b7:18:0c:c2:a9:79:2f:22:ab:42:14:0c:
                    12:e0:3a:c4:4b:e6:7b:58:9a:51:48:53:50:b6:5d:
                    44:f1:f0:25:47:ee:69:bc:cb:0a:f8:bf:5e:55:2d:
                    d8:62:1f:6c:da:77:a8:46:21:97:20:11:bd:e2:26:
                    58:32:03:02:2b:d4:c0:00:6e:22:9e:24:bc:b8:1c:
                    10:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:EA:36:64:15:56:E2:E4:41:6D:C2:52:93:92:3A:07:00:D1:0A:EF
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Geo2ZBVW4uRBbcJSk5I6BwDRCu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:240::/44
                  2a10:ccc0:120::/43

    Signature Algorithm: sha256WithRSAEncryption
         46:92:d0:00:26:b7:92:9c:9b:3f:b7:de:ab:32:0f:39:41:49:
         32:5f:e2:de:b8:8d:d2:d4:1a:11:72:f9:35:ab:ae:1c:78:a0:
         2a:ba:37:b6:80:8b:3d:dd:15:7a:08:3c:c0:7d:f8:28:b1:53:
         f4:fd:73:1e:ca:ec:44:c0:e6:6d:23:97:74:79:e5:a2:2b:de:
         ef:f5:3c:27:13:49:5c:7d:84:8f:45:f7:0c:35:96:d2:58:6d:
         8d:9f:e8:7a:b3:af:4e:75:b5:aa:97:0d:77:56:be:bc:f2:d2:
         65:2b:a3:43:88:3f:96:fe:84:e3:3c:31:7f:5d:1e:ba:2e:34:
         2b:18:e3:ed:6e:ec:3b:81:19:eb:12:df:0a:56:7b:91:db:72:
         21:30:1a:19:b8:54:fb:24:ed:7b:b0:22:c7:f9:6c:75:cc:1a:
         8d:98:91:3e:9e:f1:27:25:bb:84:70:0a:ba:ec:b0:2b:4d:50:
         80:18:c7:9f:5f:0a:c2:8e:54:50:75:1f:58:2d:2a:bc:8a:63:
         a6:c6:87:b8:69:9a:50:d0:3a:1b:2e:7d:a1:70:10:06:59:15:
         c4:a9:6b:b4:45:80:d7:db:10:b8:6c:15:da:40:43:fc:04:f8:
         53:d5:1d:bc:16:b0:6b:ac:7a:d3:08:cb:a8:bb:9a:5d:84:00:
         a8:34:0b:6f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZkcE9Uw40PeaJS+LHR7OojIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwOTA1MjI1MTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWVhMzY2NDE1NTZlMmU0NDE2ZGMyNTI5MzkyM2EwNzAwZDEwYWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxw5AAR2zLXNw3KetxsKWkGjjpW2o
34Lg4W/Tb2wAPyaV8I6I8HRjYANukIusqW/HZNWtosK9z7J5AatZLILuQTGRy4f4
ntpXWIEFgqnaEb1HN7KC/bLQXlxIQhBY7sOtOZ0r4+7OJSsrq6vvxTaCcVBJD6W9
73BlYo/A/pSQ8uw4BPVWv+kWek4fGDl7av16l3syUlXwYI5O4hcJ9DazU0wOiDiw
7g6zmOFuQBwiWmWofOK5dwa3GAzCqXkvIqtCFAwS4DrES+Z7WJpRSFNQtl1E8fAl
R+5pvMsK+L9eVS3YYh9s2neoRiGXIBG94iZYMgMCK9TAAG4iniS8uBwQVwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBnqNmQVVuLkQW3CUpOSOgcA0QrvMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvR2VvMlpCVlc0dVJCYmNKU2s1STZCd0RSQ3U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6XwAJA
AwcFKhDMwAEgMA0GCSqGSIb3DQEBCwUAA4IBAQBGktAAJreSnJs/t96rMg85QUky
X+LeuI3S1BoRcvk1q64ceKAquje2gIs93RV6CDzAffgosVP0/XMeyuxEwOZtI5d0
eeWiK97v9TwnE0lcfYSPRfcMNZbSWG2Nn+h6s69OdbWqlw13Vr688tJlK6NDiD+W
/oTjPDF/XR66LjQrGOPtbuw7gRnrEt8KVnuR23IhMBoZuFT7JO17sCLH+Wx1zBqN
mJE+nvEnJbuEcAq67LArTVCAGMefXwrCjlRQdR9YLSq8imOmxoe4aZpQ0DobLn2h
cBAGWRXEqWu0RYDX2xC4bBXaQEP8BPhT1R28FrBrrHrTCMuou5pdhACoNAtv
-----END CERTIFICATE-----