Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Ia9KB8LvIj3fuvYezZRZ2ER9xuQ.roa
File:                     Ia9KB8LvIj3fuvYezZRZ2ER9xuQ.roa (raw, json)
Hash identifier:          UGMQVMYMsQlgqOC3qlJ7BLCfk839jlU6IY3nkGWdHKQ=
Subject key identifier:   21:AF:4A:07:C2:EF:22:3D:DF:BA:F6:1E:CD:94:59:D8:44:7D:C6:E4
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522075B9E907AC3A1D191B84C8A3AD1
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Ia9KB8LvIj3fuvYezZRZ2ER9xuQ.roa
Signing time:             Thu 02 Jan 2025 03:49:34 +0000
ROA not before:           Thu 02 Jan 2025 03:49:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202002
IP address blocks:        2a0e:b107:1d11::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:07:5b:9e:90:7a:c3:a1:d1:91:b8:4c:8a:3a:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21af4a07c2ef223ddfbaf61ecd9459d8447dc6e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:77:a6:24:29:4c:d4:e4:1d:80:d6:b5:86:7c:
                    0f:7a:6f:48:3d:08:0d:25:78:8d:eb:39:38:d6:81:
                    1c:3c:41:24:b7:39:bd:32:32:29:18:3e:e0:0b:e3:
                    09:b5:ee:b6:d7:a9:c2:bc:f2:6a:cb:2b:47:6c:14:
                    7d:d4:40:b2:e1:57:2c:c7:2c:bb:ec:19:d9:66:e9:
                    3c:13:dc:e3:51:51:b0:6a:d0:33:09:cf:eb:e7:b8:
                    49:83:66:99:6a:28:0c:94:21:e3:1f:ab:2e:5c:8b:
                    75:de:88:87:54:90:c9:4c:a2:ba:da:f0:71:99:74:
                    99:63:38:4c:ca:6d:80:0f:fc:39:32:52:bd:97:aa:
                    08:0b:a5:e1:03:b3:66:2b:e6:9a:0b:0f:6e:d6:7b:
                    39:37:e9:36:73:ab:bf:6b:23:fb:78:81:77:b7:4e:
                    d7:50:9b:3b:04:83:bc:86:19:6b:b1:e3:1b:dc:4d:
                    16:2b:da:27:b5:15:c2:16:eb:46:ec:d1:4d:9c:b3:
                    a9:e1:e4:09:69:0d:ef:71:99:c4:05:d4:4b:41:27:
                    dd:45:ae:49:66:5e:c9:68:7c:1d:4d:77:a5:d2:4f:
                    d0:6d:5f:8c:33:c2:86:8a:6c:9f:16:e3:74:c1:2f:
                    cd:8f:e2:ce:6b:d8:da:96:34:70:7e:96:10:6e:ef:
                    33:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:AF:4A:07:C2:EF:22:3D:DF:BA:F6:1E:CD:94:59:D8:44:7D:C6:E4
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Ia9KB8LvIj3fuvYezZRZ2ER9xuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1d11::/48

    Signature Algorithm: sha256WithRSAEncryption
         c7:c1:37:81:b7:34:29:3f:83:c6:99:97:0b:12:11:25:06:67:
         a3:65:ef:65:2f:d3:48:83:1a:5b:c4:4f:eb:c0:21:ca:5d:67:
         63:8f:9a:15:58:d0:fe:58:25:57:a1:2b:79:c0:0d:f5:83:f1:
         60:dc:6a:a8:8a:59:c2:9b:6c:3d:70:70:fd:4a:b2:7e:28:55:
         02:57:ea:b9:b3:78:c8:30:2e:19:35:d8:72:26:d5:ac:fa:de:
         2c:9b:42:41:11:f9:ad:f8:d4:ba:14:85:19:30:0b:b2:6e:2a:
         b6:c3:d2:2f:76:e0:a2:38:c4:cd:6e:2b:b5:47:2c:aa:05:34:
         38:a9:78:03:d5:92:02:8a:d3:02:76:66:ce:8e:75:ae:4a:7a:
         26:76:6c:de:c0:8f:54:56:cb:71:df:4c:94:7b:9d:fd:e9:7a:
         c8:d8:e6:14:ad:ba:9c:41:e6:c5:de:ae:01:fe:76:1d:09:e4:
         34:6a:70:cc:ff:f6:99:61:70:04:95:2e:44:70:96:04:46:1d:
         8b:13:58:c3:20:a7:93:24:c9:93:1f:2d:56:3f:bf:b2:df:18:
         69:56:79:cf:8b:a8:f6:52:57:0c:69:37:07:52:d3:58:6f:92:
         2e:1f:25:04:7e:91:30:8a:de:2b:4a:be:4b:8b:c8:75:4f:5c:
         51:5d:8f:02
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIgdbnpB6w6HRkbhMijrRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWFmNGEwN2MyZWYyMjNkZGZiYWY2MWVjZDk0NTlkODQ0N2RjNmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXemJClM1OQdgNa1hnwPem9IPQgN
JXiN6zk41oEcPEEktzm9MjIpGD7gC+MJte6216nCvPJqyytHbBR91ECy4Vcsxyy7
7BnZZuk8E9zjUVGwatAzCc/r57hJg2aZaigMlCHjH6suXIt13oiHVJDJTKK62vBx
mXSZYzhMym2AD/w5MlK9l6oIC6XhA7NmK+aaCw9u1ns5N+k2c6u/ayP7eIF3t07X
UJs7BIO8hhlrseMb3E0WK9ontRXCFutG7NFNnLOp4eQJaQ3vcZnEBdRLQSfdRa5J
Zl7JaHwdTXel0k/QbV+MM8KGimyfFuN0wS/Nj+LOa9jaljRwfpYQbu8zzwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCGvSgfC7yI937r2Hs2UWdhEfcbkMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSWE5S0I4THZJajNmdXZZZXpaUloyRVI5eHVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBx0R
MA0GCSqGSIb3DQEBCwUAA4IBAQDHwTeBtzQpP4PGmZcLEhElBmejZe9lL9NIgxpb
xE/rwCHKXWdjj5oVWND+WCVXoSt5wA31g/Fg3GqoilnCm2w9cHD9SrJ+KFUCV+q5
s3jIMC4ZNdhyJtWs+t4sm0JBEfmt+NS6FIUZMAuybiq2w9IvduCiOMTNbiu1Ryyq
BTQ4qXgD1ZICitMCdmbOjnWuSnomdmzewI9UVstx30yUe5396XrI2OYUrbqcQebF
3q4B/nYdCeQ0anDM//aZYXAElS5EcJYERh2LE1jDIKeTJMmTHy1WP7+y3xhpVnnP
i6j2UlcMaTcHUtNYb5IuHyUEfpEwit4rSr5Li8h1T1xRXY8C
-----END CERTIFICATE-----