Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/JcEPvw-a7JldEDyP51HYU-vMqho.roa
File:                     JcEPvw-a7JldEDyP51HYU-vMqho.roa (raw, json)
Hash identifier:          fcF3wRnXNRT9mFPOdxQNp4UnVVoDNL2Pg+nGaRGlx3w=
Subject key identifier:   25:C1:0F:BF:0F:9A:EC:99:5D:10:3C:8F:E7:51:D8:53:EB:CC:AA:1A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425220F5F985EAE88087CF8E4D605162C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/JcEPvw-a7JldEDyP51HYU-vMqho.roa
Signing time:             Thu 02 Jan 2025 03:49:36 +0000
ROA not before:           Thu 02 Jan 2025 03:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203345
IP address blocks:        2a0e:b107:1a10::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:0f:5f:98:5e:ae:88:08:7c:f8:e4:d6:05:16:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=25c10fbf0f9aec995d103c8fe751d853ebccaa1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:de:fe:2b:1a:33:30:ce:52:4c:31:3a:ba:0a:
                    d7:7a:8a:6e:cf:56:e9:35:f7:ca:0d:fa:6d:65:3f:
                    aa:7e:04:80:f9:a1:9d:09:da:c1:77:47:9a:73:79:
                    8c:dc:f1:5c:c3:87:16:5e:55:4b:95:e8:d4:a4:0d:
                    27:ef:2d:52:05:46:ea:28:d1:c4:f3:76:e5:15:b2:
                    6e:9f:aa:3f:cc:b5:1d:e6:36:86:2b:23:76:3b:8f:
                    c9:b6:e3:78:b9:9d:1a:90:df:1a:1b:74:d5:75:30:
                    a7:3d:5b:81:45:41:cd:c6:f1:a7:5a:fa:49:de:15:
                    c7:1e:86:7e:4c:fd:73:36:f0:6d:07:82:93:77:e8:
                    f9:6d:4f:1b:62:39:22:33:84:b2:aa:71:a3:b3:a6:
                    cf:f1:a5:64:59:41:89:7b:e5:83:0c:dc:5b:6a:3f:
                    16:bc:22:f1:12:59:c9:ec:d0:6e:7a:60:96:b1:89:
                    7c:d1:0b:fa:a6:c5:31:98:7e:72:ed:78:f7:82:79:
                    61:4e:e5:06:d9:3d:98:9b:25:86:8e:28:26:cb:4e:
                    f4:b7:3a:fe:bc:31:d5:c7:70:90:06:f9:3f:01:dd:
                    55:a8:ac:65:76:1e:85:3c:f6:8f:13:66:68:46:55:
                    e7:5a:96:d4:f2:d7:3b:e7:eb:0f:5f:54:ff:08:0f:
                    dd:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:C1:0F:BF:0F:9A:EC:99:5D:10:3C:8F:E7:51:D8:53:EB:CC:AA:1A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/JcEPvw-a7JldEDyP51HYU-vMqho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1a10::/44

    Signature Algorithm: sha256WithRSAEncryption
         5e:16:04:e7:34:ba:3b:42:95:39:0d:d9:af:26:99:fc:88:5b:
         39:cd:96:3a:ff:b1:59:40:a6:ff:e4:40:f9:e0:1a:85:de:84:
         1f:1f:39:9e:cb:69:92:a8:3e:93:47:2d:c9:84:1f:90:83:3c:
         45:b4:f9:ed:4c:aa:97:67:8d:1c:ff:e0:2a:2c:b8:34:bd:c9:
         07:f7:9d:6a:76:1e:c5:f0:1e:5d:2e:9b:6b:0c:07:c2:bc:b2:
         90:1a:a8:bc:4f:b9:ed:aa:64:ff:af:e4:1e:10:80:7a:43:96:
         aa:ce:1f:c6:ea:4a:c7:3b:89:03:b6:c2:c0:e3:92:1b:db:00:
         dc:5c:4a:45:66:be:d0:ce:42:fa:75:0c:18:a7:f5:26:c1:9f:
         42:30:3a:08:18:23:a8:a7:67:fd:32:85:e4:32:e4:5b:27:cb:
         67:4c:33:f5:c8:99:1f:b5:8a:ab:9e:9d:d2:79:15:d6:48:05:
         13:78:a2:4c:d9:e5:c4:1e:d7:b3:77:d6:3a:e0:17:f5:da:5a:
         c3:48:4b:15:9c:b2:f3:54:8f:88:d4:d2:7d:a0:40:1f:50:a2:
         b6:36:7d:89:33:c1:8c:e9:ea:c9:ad:54:67:d8:da:73:4b:57:
         dc:10:a3:a9:ed:cc:9b:e7:aa:4c:9d:65:04:48:35:74:0b:cd:
         3e:2f:f7:12
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIg9fmF6uiAh8+OTWBRYsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWMxMGZiZjBmOWFlYzk5NWQxMDNjOGZlNzUxZDg1M2ViY2NhYTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArN7+KxozMM5STDE6ugrXeopuz1bp
NffKDfptZT+qfgSA+aGdCdrBd0eac3mM3PFcw4cWXlVLlejUpA0n7y1SBUbqKNHE
83blFbJun6o/zLUd5jaGKyN2O4/JtuN4uZ0akN8aG3TVdTCnPVuBRUHNxvGnWvpJ
3hXHHoZ+TP1zNvBtB4KTd+j5bU8bYjkiM4SyqnGjs6bP8aVkWUGJe+WDDNxbaj8W
vCLxElnJ7NBuemCWsYl80Qv6psUxmH5y7Xj3gnlhTuUG2T2YmyWGjigmy070tzr+
vDHVx3CQBvk/Ad1VqKxldh6FPPaPE2ZoRlXnWpbU8tc75+sPX1T/CA/dnQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCXBD78PmuyZXRA8j+dR2FPrzKoaMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSmNFUHZ3LWE3SmxkRUR5UDUxSFlVLXZNcWhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxoQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBeFgTnNLo7QpU5DdmvJpn8iFs5zZY6/7FZQKb/
5ED54BqF3oQfHzmey2mSqD6TRy3JhB+QgzxFtPntTKqXZ40c/+AqLLg0vckH951q
dh7F8B5dLptrDAfCvLKQGqi8T7ntqmT/r+QeEIB6Q5aqzh/G6krHO4kDtsLA45Ib
2wDcXEpFZr7QzkL6dQwYp/UmwZ9CMDoIGCOop2f9MoXkMuRbJ8tnTDP1yJkftYqr
np3SeRXWSAUTeKJM2eXEHtezd9Y64Bf12lrDSEsVnLLzVI+I1NJ9oEAfUKK2Nn2J
M8GM6erJrVRn2NpzS1fcEKOp7cyb56pMnWUESDV0C80+L/cS
-----END CERTIFICATE-----