Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KXiy606zWohU9GckfxKxXwDO6q4.roa
File:                     KXiy606zWohU9GckfxKxXwDO6q4.roa (raw, json)
Hash identifier:          AJQGyP+O/ZqDWss+UMH4tDouPicZSbZGeh+twHc1IP0=
Subject key identifier:   29:78:B2:EB:4E:B3:5A:88:54:F4:67:24:7F:12:B1:5F:00:CE:EA:AE
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252204C5FA9066EF17B943FE0D60381C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KXiy606zWohU9GckfxKxXwDO6q4.roa
Signing time:             Thu 02 Jan 2025 03:49:33 +0000
ROA not before:           Thu 02 Jan 2025 03:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201412
IP address blocks:        2a0e:b107:1cf0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:04:c5:fa:90:66:ef:17:b9:43:fe:0d:60:38:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2978b2eb4eb35a8854f467247f12b15f00ceeaae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0b:82:f6:81:88:e4:12:ee:06:9a:81:d2:75:
                    bb:2d:84:c5:6b:e0:40:b6:ee:b9:16:1a:e4:ec:e9:
                    c4:e3:cf:31:b2:c3:da:b2:f5:58:04:05:a4:6c:99:
                    36:a0:41:8d:06:24:47:c6:c1:1f:90:b4:66:6d:70:
                    14:11:00:a4:50:08:a1:ff:66:a8:63:b0:29:ba:99:
                    19:4b:37:46:51:76:9e:8a:af:3c:95:c0:13:40:24:
                    24:4f:60:37:1c:41:d8:47:04:10:7a:03:1c:6b:ac:
                    af:a1:90:c6:fb:2b:19:c7:fb:0f:07:b1:2c:e8:b1:
                    53:ab:50:93:83:05:5c:91:09:2f:aa:e9:8c:5b:c5:
                    d3:61:35:37:bc:af:1c:27:7a:40:2d:9e:f2:b8:c4:
                    26:5d:70:e0:d0:58:81:76:b0:18:12:0d:55:ae:f2:
                    0c:28:8a:34:62:54:d1:4d:fa:14:28:78:ed:ce:1b:
                    0e:70:22:98:c7:01:41:8b:95:22:c1:2f:e9:1f:ba:
                    92:ea:66:5a:e1:3e:9d:d6:e6:a5:76:12:5b:7c:3b:
                    3a:0b:40:7f:4b:7f:ae:a7:bf:c9:ba:50:64:57:09:
                    25:10:07:cd:d5:2b:64:ad:7d:d5:9a:3b:fd:6c:3b:
                    d3:dd:f2:b7:2c:45:3c:94:ea:0f:8c:90:3a:f0:13:
                    46:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:78:B2:EB:4E:B3:5A:88:54:F4:67:24:7F:12:B1:5F:00:CE:EA:AE
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KXiy606zWohU9GckfxKxXwDO6q4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1cf0::/44

    Signature Algorithm: sha256WithRSAEncryption
         99:73:ae:15:0f:0c:38:72:f7:74:63:f7:c4:4c:78:ca:f6:3f:
         da:f1:2e:0d:dd:89:50:a1:48:32:cd:7e:b8:d3:af:ef:f8:56:
         46:f9:77:29:2e:85:1f:83:d6:41:e3:88:e1:3a:5a:b4:19:d6:
         5f:35:ae:9d:95:c1:78:dd:33:a3:2f:23:b6:75:4d:e0:a1:61:
         86:4c:7f:68:7b:4d:d1:e3:5e:ea:34:a0:fc:3f:b5:c1:a9:ba:
         f9:74:99:b2:e6:c0:9a:4c:a8:5f:6d:c6:ff:92:a9:b7:e1:a6:
         8c:f6:16:bc:d0:c9:e3:a9:fb:df:03:e8:d3:16:3e:7b:4a:70:
         7e:33:a6:e2:01:62:76:12:94:43:20:64:8e:d3:2f:f3:8d:47:
         d3:16:41:81:a8:95:94:b8:2a:00:e3:e6:a3:e7:2b:fc:8b:76:
         c4:c0:f0:d5:08:33:62:fa:7e:37:29:ed:fe:47:28:f7:dd:73:
         06:40:51:1d:64:f4:1f:1a:0b:85:d0:51:23:85:9b:bb:c1:2e:
         8e:7b:6f:16:8a:2d:2c:b4:75:61:3d:5e:07:1f:78:9f:30:56:
         5f:d5:5c:51:f8:09:0c:53:60:bb:83:cc:bb:e9:13:38:05:3c:
         54:63:6c:53:15:52:46:88:50:29:28:d0:89:26:ff:df:5e:18:
         08:16:56:c7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIgTF+pBm7xe5Q/4NYDgcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTc4YjJlYjRlYjM1YTg4NTRmNDY3MjQ3ZjEyYjE1ZjAwY2VlYWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwuC9oGI5BLuBpqB0nW7LYTFa+BA
tu65Fhrk7OnE488xssPasvVYBAWkbJk2oEGNBiRHxsEfkLRmbXAUEQCkUAih/2ao
Y7ApupkZSzdGUXaeiq88lcATQCQkT2A3HEHYRwQQegMca6yvoZDG+ysZx/sPB7Es
6LFTq1CTgwVckQkvqumMW8XTYTU3vK8cJ3pALZ7yuMQmXXDg0FiBdrAYEg1VrvIM
KIo0YlTRTfoUKHjtzhsOcCKYxwFBi5UiwS/pH7qS6mZa4T6d1ualdhJbfDs6C0B/
S3+up7/JulBkVwklEAfN1StkrX3Vmjv9bDvT3fK3LEU8lOoPjJA68BNGdwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCl4sutOs1qIVPRnJH8SsV8AzuquMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvS1hpeTYwNnpXb2hVOUdja2Z4S3hYd0RPNnE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxzw
MA0GCSqGSIb3DQEBCwUAA4IBAQCZc64VDww4cvd0Y/fETHjK9j/a8S4N3YlQoUgy
zX6406/v+FZG+XcpLoUfg9ZB44jhOlq0GdZfNa6dlcF43TOjLyO2dU3goWGGTH9o
e03R417qNKD8P7XBqbr5dJmy5sCaTKhfbcb/kqm34aaM9ha80MnjqfvfA+jTFj57
SnB+M6biAWJ2EpRDIGSO0y/zjUfTFkGBqJWUuCoA4+aj5yv8i3bEwPDVCDNi+n43
Ke3+Ryj33XMGQFEdZPQfGguF0FEjhZu7wS6Oe28Wii0stHVhPV4HH3ifMFZf1VxR
+AkMU2C7g8y76RM4BTxUY2xTFVJGiFApKNCJJv/fXhgIFlbH
-----END CERTIFICATE-----