Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/HhlFOJsS83eVBeajrvNTd-Ju1ok.roa
File:                     HhlFOJsS83eVBeajrvNTd-Ju1ok.roa (raw, json)
Hash identifier:          DVVOdxf22mtm+kkK35mXMztav7CdohPCq9GQFP1A36M=
Subject key identifier:   1E:19:45:38:9B:12:F3:77:95:05:E6:A3:AE:F3:53:77:E2:6E:D6:89
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01945BEE4FCE8563D997C80C7D8DF85EA92A
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/HhlFOJsS83eVBeajrvNTd-Ju1ok.roa
Signing time:             Sun 12 Jan 2025 19:12:12 +0000
ROA not before:           Sun 12 Jan 2025 19:12:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51519
IP address blocks:        2a06:de00:10::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:5b:ee:4f:ce:85:63:d9:97:c8:0c:7d:8d:f8:5e:a9:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan 12 19:12:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e1945389b12f3779505e6a3aef35377e26ed689
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:39:c1:c0:b6:f8:7f:21:d4:6b:28:84:1e:f4:
                    86:17:53:ae:de:cd:0a:87:ea:79:c7:64:fb:fc:34:
                    26:15:20:54:ff:32:03:3a:0a:eb:8a:f3:6f:44:9b:
                    c7:66:34:cd:bb:a9:ee:15:0b:4c:68:00:fa:c4:de:
                    38:f9:f6:db:16:fc:7e:c6:de:66:ae:ff:d0:c7:29:
                    35:a9:ad:a8:99:f8:f1:a9:5a:2f:13:d4:7c:c6:6d:
                    68:ac:1c:02:b1:c8:32:80:37:c3:43:9c:92:41:4e:
                    39:71:57:89:15:52:5d:01:e0:1e:60:e3:35:9b:a7:
                    a6:de:bc:21:7a:c2:be:7c:86:9a:d6:a3:0b:23:4c:
                    5c:ea:e3:10:ea:ce:7d:02:80:8e:98:54:c4:ff:72:
                    6a:f0:5a:68:07:e9:f8:63:77:93:66:ec:43:f6:03:
                    8b:20:ce:37:71:ce:e1:3d:a7:89:25:f5:34:1d:8c:
                    9c:22:44:a6:18:2f:5b:54:11:f0:8c:76:53:3d:f7:
                    d3:f6:2a:f7:a0:79:8e:af:d8:52:da:ae:92:72:b9:
                    99:53:cf:00:e1:1a:74:70:e8:2e:7d:38:97:d7:fe:
                    39:e9:3a:8f:21:eb:3f:8d:8d:f8:70:69:2c:68:9a:
                    5b:14:b8:cb:fd:58:7b:10:b2:ba:5e:f3:4a:6c:d5:
                    51:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:19:45:38:9B:12:F3:77:95:05:E6:A3:AE:F3:53:77:E2:6E:D6:89
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/HhlFOJsS83eVBeajrvNTd-Ju1ok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de00:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         5e:68:b1:90:82:24:0f:4c:35:9b:c5:32:8c:69:12:0c:ee:c1:
         4c:22:a0:d1:91:16:5d:aa:f3:e2:ed:da:7f:ce:de:f5:7b:85:
         e0:d5:79:fd:5a:a6:39:ef:43:8a:5b:82:ed:12:7d:5a:7e:0b:
         95:01:08:cc:70:7f:1f:a5:81:ee:66:0e:98:67:11:ba:d8:e1:
         9c:81:10:39:a4:a6:9c:36:6e:70:bd:d9:ca:33:ff:7c:3e:67:
         db:4a:1d:be:57:bb:e6:be:a6:32:80:a1:7a:fe:5d:d1:50:4d:
         9f:a8:01:e7:3d:84:4c:30:0a:4a:4a:50:a0:7c:21:c1:0f:1d:
         dd:94:0b:c2:7e:4a:a8:86:29:a6:a1:f0:e1:33:08:ac:f9:9c:
         35:88:e9:7b:bb:45:2c:30:eb:fb:79:c0:59:f1:a2:91:6a:46:
         04:20:8a:30:9d:60:d2:ab:9c:dd:e2:79:6f:86:98:54:b1:3a:
         43:36:90:1c:f3:0e:4e:27:ab:af:8b:a9:e3:8c:5b:9b:16:e0:
         60:34:5e:3b:d5:d6:ad:b9:48:05:c9:62:d7:08:37:28:97:25:
         58:ca:45:c9:40:5e:af:16:33:de:0c:3c:93:75:1c:e2:99:d9:
         b3:ee:35:14:7e:b7:22:fc:46:de:f5:95:9c:64:27:0b:2d:43:
         b2:f1:7b:89
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZRb7k/OhWPZl8gMfY34XqkqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTEyMTkxMjEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTE5NDUzODliMTJmMzc3OTUwNWU2YTNhZWYzNTM3N2UyNmVkNjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDnBwLb4fyHUayiEHvSGF1Ou3s0K
h+p5x2T7/DQmFSBU/zIDOgrrivNvRJvHZjTNu6nuFQtMaAD6xN44+fbbFvx+xt5m
rv/Qxyk1qa2omfjxqVovE9R8xm1orBwCscgygDfDQ5ySQU45cVeJFVJdAeAeYOM1
m6em3rwhesK+fIaa1qMLI0xc6uMQ6s59AoCOmFTE/3Jq8FpoB+n4Y3eTZuxD9gOL
IM43cc7hPaeJJfU0HYycIkSmGC9bVBHwjHZTPffT9ir3oHmOr9hS2q6ScrmZU88A
4Rp0cOgufTiX1/456TqPIes/jY34cGksaJpbFLjL/Vh7ELK6XvNKbNVRLQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB4ZRTibEvN3lQXmo67zU3fibtaJMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSGhsRk9Kc1M4M2VWQmVhanJ2TlRkLUp1MW9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgbeAAAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBeaLGQgiQPTDWbxTKMaRIM7sFMIqDRkRZdqvPi
7dp/zt71e4Xg1Xn9WqY570OKW4LtEn1afguVAQjMcH8fpYHuZg6YZxG62OGcgRA5
pKacNm5wvdnKM/98PmfbSh2+V7vmvqYygKF6/l3RUE2fqAHnPYRMMApKSlCgfCHB
Dx3dlAvCfkqohimmofDhMwis+Zw1iOl7u0UsMOv7ecBZ8aKRakYEIIownWDSq5zd
4nlvhphUsTpDNpAc8w5OJ6uvi6njjFubFuBgNF471datuUgFyWLXCDcolyVYykXJ
QF6vFjPeDDyTdRzimdmz7jUUfrci/Ebe9ZWcZCcLLUOy8XuJ
-----END CERTIFICATE-----