Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Lx6wF0ptXCoafLdoOKryNLeG2rY.roa
File:                     Lx6wF0ptXCoafLdoOKryNLeG2rY.roa (raw, json)
Hash identifier:          qvhtZHAH6nGmmoBJOzg0bEw640PzdAN1sxN2ad778gk=
Subject key identifier:   2F:1E:B0:17:4A:6D:5C:2A:1A:7C:B7:68:38:AA:F2:34:B7:86:DA:B6
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425226EEBD36D375D972B3336F23773F3
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Lx6wF0ptXCoafLdoOKryNLeG2rY.roa
Signing time:             Thu 02 Jan 2025 03:50:01 +0000
ROA not before:           Thu 02 Jan 2025 03:50:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213244
IP address blocks:        2a0e:b107:d91::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:6e:eb:d3:6d:37:5d:97:2b:33:36:f2:37:73:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f1eb0174a6d5c2a1a7cb76838aaf234b786dab6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b6:2d:3e:de:65:5b:b0:2e:ad:e0:ae:ff:12:
                    a0:a4:5e:06:e3:8f:88:32:e8:e2:ac:8b:4b:51:06:
                    cc:21:8f:b1:0a:89:13:52:b5:cc:d8:c9:b2:df:1f:
                    db:6d:eb:a2:6e:1e:c7:60:8f:51:ff:75:fa:89:fe:
                    d0:3c:a3:e0:51:cc:00:2d:49:c1:5f:ae:cd:7d:76:
                    65:b5:ef:fb:b1:eb:2c:cd:10:36:06:cc:1d:b9:b5:
                    9a:21:24:23:c6:c8:78:20:dc:0d:01:6a:6f:10:d7:
                    0b:47:88:35:0c:e2:ea:7f:5e:bc:be:6d:d6:2a:a0:
                    c3:eb:bc:85:d1:43:76:b6:20:ad:ae:e4:9d:b7:26:
                    d3:f7:45:87:3e:87:c6:76:ce:76:93:43:7c:26:e6:
                    7a:19:eb:24:d6:fd:db:d8:14:33:8e:63:f5:b8:1c:
                    33:d9:f2:b2:d4:55:f2:d7:7e:5a:61:15:e7:3b:12:
                    ff:d2:88:e2:71:28:56:45:8f:fb:64:25:f3:76:ab:
                    d0:79:68:ba:f8:d4:9a:98:b1:d3:f1:70:a3:52:76:
                    bf:fd:70:60:f6:94:2d:c7:f4:8e:46:5a:6e:fc:71:
                    03:db:da:7f:51:cb:31:f5:07:ae:4f:bd:6b:24:1e:
                    dc:0e:46:bb:05:3c:94:05:c5:9b:5a:3f:50:ee:30:
                    e7:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:1E:B0:17:4A:6D:5C:2A:1A:7C:B7:68:38:AA:F2:34:B7:86:DA:B6
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Lx6wF0ptXCoafLdoOKryNLeG2rY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:d91::/48

    Signature Algorithm: sha256WithRSAEncryption
         c5:af:62:60:3b:77:9c:04:86:41:79:81:7e:ea:01:a6:9a:c9:
         02:25:39:2c:14:7a:95:47:96:d8:77:7b:e6:8f:63:79:17:f7:
         fd:47:67:06:d2:cb:d4:2d:f1:60:59:1f:70:5a:c7:92:4e:6c:
         46:f7:6b:09:16:af:a4:82:81:79:2a:16:f9:63:4e:72:79:cb:
         7f:bd:06:31:15:30:4c:a5:87:bd:d5:7f:97:dd:4f:72:84:c0:
         ac:e4:cf:2f:0b:c0:41:42:4c:96:8c:a1:c7:7c:8b:2f:09:5b:
         bf:0a:6a:f0:4a:c8:43:41:72:be:70:2d:0e:78:a5:bb:84:72:
         ab:98:60:21:83:b6:14:e2:96:3e:99:a8:14:12:b2:fa:b8:bd:
         76:28:ba:8f:f0:20:6c:bc:5a:4b:e2:58:bf:f8:a4:0b:48:1c:
         70:52:08:f9:b2:33:d3:98:73:09:5e:33:79:66:84:b6:eb:e2:
         58:54:8d:45:7d:dd:ce:70:0e:cc:37:ad:37:34:55:8d:89:e7:
         b1:1a:ec:51:69:c7:a2:fc:a1:4a:91:24:6c:db:f7:c0:02:f6:
         64:55:1d:fa:44:33:1d:9e:f6:ae:e3:6c:79:ee:85:16:dc:48:
         4d:9d:05:9f:f6:62:a3:61:52:4a:a1:21:2d:d5:cb:f8:31:50:
         32:35:3f:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIm7r0203XZcrMzbyN3PzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjFlYjAxNzRhNmQ1YzJhMWE3Y2I3NjgzOGFhZjIzNGI3ODZkYWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrYtPt5lW7AureCu/xKgpF4G44+I
MujirItLUQbMIY+xCokTUrXM2Mmy3x/bbeuibh7HYI9R/3X6if7QPKPgUcwALUnB
X67NfXZlte/7sesszRA2BswdubWaISQjxsh4INwNAWpvENcLR4g1DOLqf168vm3W
KqDD67yF0UN2tiCtruSdtybT90WHPofGds52k0N8JuZ6Gesk1v3b2BQzjmP1uBwz
2fKy1FXy135aYRXnOxL/0ojicShWRY/7ZCXzdqvQeWi6+NSamLHT8XCjUna//XBg
9pQtx/SORlpu/HED29p/Ucsx9QeuT71rJB7cDka7BTyUBcWbWj9Q7jDntQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC8esBdKbVwqGny3aDiq8jS3htq2MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTHg2d0YwcHRYQ29hZkxkb09LcnlOTGVHMnJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBw2R
MA0GCSqGSIb3DQEBCwUAA4IBAQDFr2JgO3ecBIZBeYF+6gGmmskCJTksFHqVR5bY
d3vmj2N5F/f9R2cG0svULfFgWR9wWseSTmxG92sJFq+kgoF5Khb5Y05yect/vQYx
FTBMpYe91X+X3U9yhMCs5M8vC8BBQkyWjKHHfIsvCVu/CmrwSshDQXK+cC0OeKW7
hHKrmGAhg7YU4pY+magUErL6uL12KLqP8CBsvFpL4li/+KQLSBxwUgj5sjPTmHMJ
XjN5ZoS26+JYVI1Ffd3OcA7MN603NFWNieexGuxRacei/KFKkSRs2/fAAvZkVR36
RDMdnvau42x57oUW3EhNnQWf9mKjYVJKoSEt1cv4MVAyNT+W
-----END CERTIFICATE-----