Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Gl5LkcCiRNQzqnTOLzlhON1JBwE.roa
File:                     Gl5LkcCiRNQzqnTOLzlhON1JBwE.roa (raw, json)
Hash identifier:          o77DEMmRxq2Oo6R6KLQZv42Hqnv672hiaq4GP8nokzI=
Subject key identifier:   1A:5E:4B:91:C0:A2:44:D4:33:AA:74:CE:2F:39:61:38:DD:49:07:01
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252262228209EF2C6A71FA344916967C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Gl5LkcCiRNQzqnTOLzlhON1JBwE.roa
Signing time:             Thu 02 Jan 2025 03:49:57 +0000
ROA not before:           Thu 02 Jan 2025 03:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212427
IP address blocks:        2a0e:97c0:810::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:62:22:82:09:ef:2c:6a:71:fa:34:49:16:96:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a5e4b91c0a244d433aa74ce2f396138dd490701
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c1:56:26:86:34:4d:ac:c8:81:4d:6c:dd:c5:
                    57:64:aa:71:be:5f:7e:5c:84:2e:59:f4:18:d1:31:
                    bf:71:42:a0:a6:71:2a:17:66:f1:3a:45:2d:dc:15:
                    c9:9c:d1:40:eb:a5:1d:55:04:26:62:61:52:ba:a9:
                    68:bd:2a:e2:74:bd:2b:b6:05:33:7f:4b:28:00:22:
                    54:cb:a2:c3:8f:cb:09:e2:6b:82:68:6d:a5:ab:cc:
                    8f:b2:6b:9f:bc:47:ef:03:ab:5f:d3:71:27:8e:72:
                    db:a5:63:e9:3d:71:28:8b:ad:cd:7a:67:07:44:33:
                    ce:c5:99:82:a6:8d:b9:26:8e:a7:67:25:9c:cc:3c:
                    c7:0d:ff:51:09:7e:f8:41:e5:32:eb:e8:49:87:df:
                    ab:c4:ab:71:d4:29:58:82:ae:9f:87:7e:08:f7:f3:
                    c4:0c:e4:da:83:c3:af:8a:e1:a7:ab:9b:19:12:8b:
                    51:d5:63:51:f4:57:c8:f7:a3:fc:81:56:45:98:71:
                    85:6e:06:3f:21:be:d9:75:97:6d:7d:38:13:b2:08:
                    fe:62:a0:39:25:ff:0d:ac:24:7c:75:0b:1d:34:53:
                    6b:71:1f:da:e8:68:08:e0:70:bc:a9:cb:d6:b2:d6:
                    54:47:ec:be:cd:cb:80:92:71:d0:10:1c:af:4b:10:
                    40:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:5E:4B:91:C0:A2:44:D4:33:AA:74:CE:2F:39:61:38:DD:49:07:01
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Gl5LkcCiRNQzqnTOLzlhON1JBwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:810::/44

    Signature Algorithm: sha256WithRSAEncryption
         ac:7f:74:a2:d5:0c:03:42:f2:fa:ae:9b:91:43:2d:fe:ed:ec:
         95:4a:86:1c:46:8a:99:7f:8b:b4:ff:3a:39:88:37:54:ba:19:
         4d:37:62:7e:46:45:e1:19:8c:95:d3:16:9c:38:e4:7f:54:ee:
         41:15:c9:a6:b3:c6:63:40:8b:b8:d7:54:cd:48:d3:f8:83:80:
         43:fe:ae:7f:95:89:65:6f:7c:51:e2:0a:f4:ea:c0:ff:00:d9:
         02:dc:fe:58:14:36:a8:60:9e:a4:75:35:82:1f:a1:a8:64:93:
         c1:50:8e:d8:80:3c:a8:7e:4a:9c:a4:c3:cf:14:ba:88:d8:1d:
         f4:2b:ba:b9:89:7b:c4:f4:f8:eb:94:eb:46:7f:3f:8b:34:a3:
         6b:1b:71:b5:66:ce:fc:b6:90:26:58:46:44:ee:3c:10:05:d3:
         ad:2b:af:d7:98:68:ed:fa:28:c5:66:14:fc:cd:23:1a:f3:d3:
         ff:1c:65:c3:54:09:95:d0:ee:c4:1c:82:08:0b:61:10:50:7b:
         ee:d8:8e:d3:cf:95:7c:a8:02:ae:91:e7:c7:0b:2d:44:19:db:
         e0:65:d8:f9:43:5c:94:55:bc:b0:1c:66:16:c0:da:8c:a3:c8:
         b0:69:a7:de:28:a9:18:25:35:43:f0:72:3b:1a:fe:4d:95:37:
         e1:b9:e2:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlImIiggnvLGpx+jRJFpZ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTVlNGI5MWMwYTI0NGQ0MzNhYTc0Y2UyZjM5NjEzOGRkNDkwNzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8FWJoY0TazIgU1s3cVXZKpxvl9+
XIQuWfQY0TG/cUKgpnEqF2bxOkUt3BXJnNFA66UdVQQmYmFSuqlovSridL0rtgUz
f0soACJUy6LDj8sJ4muCaG2lq8yPsmufvEfvA6tf03EnjnLbpWPpPXEoi63NemcH
RDPOxZmCpo25Jo6nZyWczDzHDf9RCX74QeUy6+hJh9+rxKtx1ClYgq6fh34I9/PE
DOTag8OviuGnq5sZEotR1WNR9FfI96P8gVZFmHGFbgY/Ib7ZdZdtfTgTsgj+YqA5
Jf8NrCR8dQsdNFNrcR/a6GgI4HC8qcvWstZUR+y+zcuAknHQEByvSxBABQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBpeS5HAokTUM6p0zi85YTjdSQcBMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvR2w1TGtjQ2lSTlF6cW5UT0x6bGhPTjFKQndFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAgQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCsf3Si1QwDQvL6rpuRQy3+7eyVSoYcRoqZf4u0
/zo5iDdUuhlNN2J+RkXhGYyV0xacOOR/VO5BFcmms8ZjQIu411TNSNP4g4BD/q5/
lYllb3xR4gr06sD/ANkC3P5YFDaoYJ6kdTWCH6GoZJPBUI7YgDyofkqcpMPPFLqI
2B30K7q5iXvE9PjrlOtGfz+LNKNrG3G1Zs78tpAmWEZE7jwQBdOtK6/XmGjt+ijF
ZhT8zSMa89P/HGXDVAmV0O7EHIIIC2EQUHvu2I7Tz5V8qAKukefHCy1EGdvgZdj5
Q1yUVbywHGYWwNqMo8iwaafeKKkYJTVD8HI7Gv5NlTfhueKz
-----END CERTIFICATE-----