Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/MDm_J1XOtZAITaDItq06Ls7AxxE.roa
File:                     MDm_J1XOtZAITaDItq06Ls7AxxE.roa (raw, json)
Hash identifier:          IrKK3RlweknI4odfirRjz0naGJXLH5FhPmxfqVCfW3o=
Subject key identifier:   30:39:BF:27:55:CE:B5:90:08:4D:A0:C8:B6:AD:3A:2E:CE:C0:C7:11
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252212BD257560CFCE39916E6647B7BC
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/MDm_J1XOtZAITaDItq06Ls7AxxE.roa
Signing time:             Thu 02 Jan 2025 03:49:37 +0000
ROA not before:           Thu 02 Jan 2025 03:49:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203521
IP address blocks:        2a0e:b107:1b80::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:12:bd:25:75:60:cf:ce:39:91:6e:66:47:b7:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3039bf2755ceb590084da0c8b6ad3a2ecec0c711
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:64:43:48:80:d6:b6:49:97:73:a0:80:e4:0a:
                    8e:d6:4e:e9:a9:3e:5d:85:99:a7:ef:af:83:1f:48:
                    9d:73:6c:f8:51:c6:64:63:3c:74:e9:42:78:d5:3d:
                    ba:2f:16:0f:54:47:21:af:de:6f:51:a9:40:b4:35:
                    b5:44:18:a7:c9:cc:50:7c:10:70:8c:9f:45:f8:02:
                    95:a0:b8:54:d2:0e:e6:18:a4:72:18:60:29:48:fc:
                    68:08:b2:5a:aa:44:14:84:ff:79:7c:aa:f1:8f:27:
                    a7:85:cd:41:04:00:bb:88:05:0e:4e:9c:e9:8a:01:
                    80:9f:44:39:02:72:17:c0:20:0e:75:59:74:15:63:
                    a8:2a:ce:38:ee:3e:c1:57:b6:a9:78:03:23:e5:7c:
                    e2:3f:6b:50:73:93:6b:a1:46:51:98:5a:22:24:27:
                    3c:c7:11:06:2c:56:c2:d5:39:77:e0:45:67:10:bc:
                    72:ae:b6:02:05:29:c2:e9:7b:9c:d3:28:cc:a1:be:
                    58:03:ec:7b:90:90:2b:c9:bc:ec:bf:73:7c:f3:84:
                    51:a6:b3:c7:a3:2b:49:a2:1f:1f:6b:fc:d9:40:99:
                    0e:f8:81:b2:8f:6f:a0:7e:7b:51:d6:23:87:84:99:
                    94:c4:88:4a:77:65:d7:08:51:ef:96:a1:c9:e1:c1:
                    26:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:39:BF:27:55:CE:B5:90:08:4D:A0:C8:B6:AD:3A:2E:CE:C0:C7:11
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/MDm_J1XOtZAITaDItq06Ls7AxxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1b80::/44

    Signature Algorithm: sha256WithRSAEncryption
         95:14:4e:83:57:40:ff:55:0b:84:b9:02:a4:30:c7:46:f0:bb:
         90:bd:1c:f7:11:c5:cb:08:65:2a:09:2c:46:3d:39:59:10:1d:
         49:27:17:f2:bf:6b:17:62:0a:e8:53:9a:e1:58:9c:13:d0:19:
         ed:ad:a7:da:9f:c1:53:ac:27:36:da:81:2e:d0:38:95:8c:63:
         91:0b:29:d6:c7:e9:3e:50:30:bb:a0:93:da:10:6a:0d:1e:fb:
         f3:44:bf:73:c2:70:9f:24:c0:9e:8f:f1:d6:60:ee:2b:02:18:
         81:c5:6e:82:49:4c:ac:d0:3a:da:8d:7b:60:82:ae:5e:4b:a1:
         83:5e:8f:f8:5e:9a:82:6d:e0:c4:06:c9:a3:f7:99:2c:5e:21:
         cc:20:e6:77:b1:68:02:ad:e8:2f:af:09:1c:03:a1:cf:17:0e:
         48:96:26:3e:b5:54:46:2c:9d:c2:43:55:36:90:d0:e9:c7:a7:
         15:25:0d:d1:b5:89:1f:27:1e:21:a2:95:cf:86:92:19:4d:4d:
         04:e9:cb:8c:cf:c1:50:52:51:71:1b:63:fd:5c:10:a1:eb:36:
         ff:55:64:b5:f7:c4:fa:24:71:50:22:e4:22:60:cf:84:6d:6e:
         f0:ae:46:9c:a7:78:bf:81:3f:de:00:1d:2e:e3:bd:71:51:c3:
         92:31:0f:19
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIhK9JXVgz845kW5mR7e8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDM5YmYyNzU1Y2ViNTkwMDg0ZGEwYzhiNmFkM2EyZWNlYzBjNzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumRDSIDWtkmXc6CA5AqO1k7pqT5d
hZmn76+DH0idc2z4UcZkYzx06UJ41T26LxYPVEchr95vUalAtDW1RBinycxQfBBw
jJ9F+AKVoLhU0g7mGKRyGGApSPxoCLJaqkQUhP95fKrxjyenhc1BBAC7iAUOTpzp
igGAn0Q5AnIXwCAOdVl0FWOoKs447j7BV7apeAMj5XziP2tQc5NroUZRmFoiJCc8
xxEGLFbC1Tl34EVnELxyrrYCBSnC6Xuc0yjMob5YA+x7kJArybzsv3N884RRprPH
oytJoh8fa/zZQJkO+IGyj2+gfntR1iOHhJmUxIhKd2XXCFHvlqHJ4cEmhQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDA5vydVzrWQCE2gyLatOi7OwMcRMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTURtX0oxWE90WkFJVGFESXRxMDZMczdBeHhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxuA
MA0GCSqGSIb3DQEBCwUAA4IBAQCVFE6DV0D/VQuEuQKkMMdG8LuQvRz3EcXLCGUq
CSxGPTlZEB1JJxfyv2sXYgroU5rhWJwT0Bntrafan8FTrCc22oEu0DiVjGORCynW
x+k+UDC7oJPaEGoNHvvzRL9zwnCfJMCej/HWYO4rAhiBxW6CSUys0DrajXtggq5e
S6GDXo/4XpqCbeDEBsmj95ksXiHMIOZ3sWgCregvrwkcA6HPFw5IliY+tVRGLJ3C
Q1U2kNDpx6cVJQ3RtYkfJx4hopXPhpIZTU0E6cuMz8FQUlFxG2P9XBCh6zb/VWS1
98T6JHFQIuQiYM+EbW7wrkacp3i/gT/eAB0u471xUcOSMQ8Z
-----END CERTIFICATE-----