Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/MAQmIEHWGKMATZHjHoKGqh0QelE.roa
File:                     MAQmIEHWGKMATZHjHoKGqh0QelE.roa (raw, json)
Hash identifier:          T2uMK1eL+zQduzZLUV/3Ai/xsXJMCWFnT+7Bah4biKM=
Subject key identifier:   30:04:26:20:41:D6:18:A3:00:4D:91:E3:1E:82:86:AA:1D:10:7A:51
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425220086F690F5960AEA5F508A6D22E8
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/MAQmIEHWGKMATZHjHoKGqh0QelE.roa
Signing time:             Thu 02 Jan 2025 03:49:32 +0000
ROA not before:           Thu 02 Jan 2025 03:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200866
IP address blocks:        2a0e:b107:1400::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:00:86:f6:90:f5:96:0a:ea:5f:50:8a:6d:22:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3004262041d618a3004d91e31e8286aa1d107a51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:3d:30:09:85:b7:5a:8c:58:59:5a:44:ec:a6:
                    cd:59:09:c6:d3:fd:b3:6d:fb:60:15:0c:17:0f:db:
                    05:12:f2:86:7c:d5:b1:3b:fc:08:b9:cc:84:53:e4:
                    0c:e2:e0:f3:e6:f3:78:32:84:5c:26:84:a1:f2:e2:
                    cb:3b:84:d9:21:ef:39:86:2a:3f:9c:df:e6:a9:ef:
                    7b:e0:5c:5d:94:70:a9:56:0f:3e:ee:7d:f5:cb:6c:
                    75:db:bf:8b:d1:c1:be:26:d1:29:5c:49:23:60:9a:
                    ec:3c:8d:e5:01:4d:c3:02:04:a6:9f:7b:85:71:d0:
                    5c:81:cc:87:6a:e8:24:96:00:63:a5:24:20:62:1e:
                    9d:6a:79:95:63:1b:cf:0a:1c:be:8b:90:85:18:23:
                    f7:81:3f:ec:b9:be:d2:df:14:6e:8d:ef:77:8e:f6:
                    28:a2:fc:97:24:f1:f8:a5:ed:a0:a8:23:2a:57:6f:
                    0f:5d:0a:93:2a:67:d0:01:d4:06:96:95:94:e5:62:
                    bb:1d:4d:19:9e:d7:40:e8:c1:5f:8c:e6:16:00:3c:
                    70:23:88:82:be:db:5b:a0:5e:1e:d4:02:f2:11:df:
                    ff:f7:30:58:60:65:01:df:4d:22:61:7a:02:c2:94:
                    4a:70:14:e0:67:a4:c4:37:9a:30:04:d3:36:2b:8c:
                    67:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:04:26:20:41:D6:18:A3:00:4D:91:E3:1E:82:86:AA:1D:10:7A:51
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/MAQmIEHWGKMATZHjHoKGqh0QelE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1400::/44

    Signature Algorithm: sha256WithRSAEncryption
         07:12:a4:e5:51:9c:3c:a4:c9:7d:84:c3:59:86:dd:79:2d:4e:
         a2:9e:32:13:14:9b:3a:74:99:7f:a8:3b:58:0a:1d:1c:57:ec:
         c9:88:b5:02:5a:c6:6c:ad:c8:6b:89:5c:a4:b9:a9:23:be:99:
         0a:50:8b:e9:5d:76:0d:b2:13:63:44:6e:43:6a:64:65:c9:2b:
         67:aa:38:a1:1e:6a:f2:1b:a6:0f:89:d9:c2:23:ed:dd:06:1c:
         a6:29:ad:13:f7:31:52:a5:8e:02:43:0a:ca:39:5c:21:a9:3f:
         ae:79:d1:41:7e:94:bc:27:f7:b8:f1:7c:26:00:47:f1:4f:af:
         7b:c1:5f:60:9e:e7:cb:09:a4:df:98:1f:9e:cb:de:75:8d:09:
         3b:c1:e3:12:b9:e0:f0:3b:e0:5e:0d:8a:75:c6:69:4c:48:98:
         c1:94:89:32:ee:fb:e2:a3:d9:32:e2:15:30:f6:d0:b1:c7:30:
         bc:25:58:14:c0:7a:29:33:15:72:df:55:5e:46:cc:24:da:b9:
         bb:36:3a:4d:28:0d:da:f4:db:9e:23:a4:3c:81:dc:3b:7d:fa:
         de:c6:c8:e2:c9:7d:3d:d8:55:bf:7f:eb:9f:cc:1f:f7:b7:a0:
         62:32:6a:23:4f:00:14:2f:72:aa:17:60:81:dd:2b:fe:01:f1:
         26:8e:f8:fc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIgCG9pD1lgrqX1CKbSLoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDA0MjYyMDQxZDYxOGEzMDA0ZDkxZTMxZTgyODZhYTFkMTA3YTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsD0wCYW3WoxYWVpE7KbNWQnG0/2z
bftgFQwXD9sFEvKGfNWxO/wIucyEU+QM4uDz5vN4MoRcJoSh8uLLO4TZIe85hio/
nN/mqe974FxdlHCpVg8+7n31y2x127+L0cG+JtEpXEkjYJrsPI3lAU3DAgSmn3uF
cdBcgcyHaugklgBjpSQgYh6danmVYxvPChy+i5CFGCP3gT/sub7S3xRuje93jvYo
ovyXJPH4pe2gqCMqV28PXQqTKmfQAdQGlpWU5WK7HU0ZntdA6MFfjOYWADxwI4iC
vttboF4e1ALyEd//9zBYYGUB300iYXoCwpRKcBTgZ6TEN5owBNM2K4xnrwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDAEJiBB1hijAE2R4x6ChqodEHpRMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTUFRbUlFSFdHS01BVFpIakhvS0dxaDBRZWxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxQA
MA0GCSqGSIb3DQEBCwUAA4IBAQAHEqTlUZw8pMl9hMNZht15LU6injITFJs6dJl/
qDtYCh0cV+zJiLUCWsZsrchriVykuakjvpkKUIvpXXYNshNjRG5DamRlyStnqjih
HmryG6YPidnCI+3dBhymKa0T9zFSpY4CQwrKOVwhqT+uedFBfpS8J/e48XwmAEfx
T697wV9gnufLCaTfmB+ey951jQk7weMSueDwO+BeDYp1xmlMSJjBlIky7vvio9ky
4hUw9tCxxzC8JVgUwHopMxVy31VeRswk2rm7NjpNKA3a9NueI6Q8gdw7ffrexsji
yX092FW/f+ufzB/3t6BiMmojTwAUL3KqF2CB3Sv+AfEmjvj8
-----END CERTIFICATE-----