Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/MQTirmYA4eRg__-y58acNjbvwrg.roa
File:                     MQTirmYA4eRg__-y58acNjbvwrg.roa (raw, json)
Hash identifier:          nzx6/JbY4tZ04NzyV3WIh25c/rGuuxDEkyVVVOYCWJQ=
Subject key identifier:   31:04:E2:AE:66:00:E1:E4:60:FF:FF:B2:E7:C6:9C:36:36:EF:C2:B8
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522476D16BCB6B320B3608E37466F0F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/MQTirmYA4eRg__-y58acNjbvwrg.roa
Signing time:             Thu 02 Jan 2025 03:49:51 +0000
ROA not before:           Thu 02 Jan 2025 03:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210956
IP address blocks:        2a0e:b107:158f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:47:6d:16:bc:b6:b3:20:b3:60:8e:37:46:6f:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3104e2ae6600e1e460ffffb2e7c69c3636efc2b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:9e:f7:e7:99:f9:aa:be:b0:52:db:73:55:d2:
                    e0:02:e2:8e:b4:d6:c4:fd:ba:88:b7:9a:90:86:0c:
                    e2:b8:42:91:f9:69:71:7a:bb:1b:cd:8a:1a:ef:dc:
                    5b:41:fc:f2:4d:43:e3:91:da:81:ab:b9:58:36:77:
                    1c:3c:09:23:43:4e:1e:d9:f8:f3:13:b6:65:90:7f:
                    f9:ec:a4:4f:68:d1:22:10:e7:7d:e4:8f:e1:2d:d2:
                    41:cc:15:ff:e0:a7:36:81:df:5c:ab:8d:77:6b:89:
                    d0:18:db:f8:c1:da:37:b4:dc:5d:70:85:f4:10:3c:
                    d2:15:7d:aa:f4:52:a1:f1:44:f3:6a:c7:60:82:f4:
                    69:46:1d:b8:88:a9:c3:0d:a6:92:e0:db:cc:b2:d7:
                    01:a3:6e:41:46:71:91:8d:45:9b:12:78:ef:3a:7d:
                    de:58:94:b6:2f:5e:da:f3:21:cb:b6:54:63:61:00:
                    73:f1:a1:11:2a:d9:a8:eb:c7:90:48:5c:88:11:6d:
                    6a:17:b5:1a:55:d3:00:a1:e8:5e:56:ff:77:ac:f6:
                    af:fa:a0:e5:d8:95:51:c7:df:d7:9f:6a:cf:f2:0a:
                    a2:ab:18:b8:27:7e:bc:ba:e8:16:b5:cf:7f:1c:d3:
                    d5:62:4a:59:1c:2b:47:34:c8:36:e1:f9:a9:12:79:
                    9a:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:04:E2:AE:66:00:E1:E4:60:FF:FF:B2:E7:C6:9C:36:36:EF:C2:B8
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/MQTirmYA4eRg__-y58acNjbvwrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:158f::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:16:20:a9:92:9b:d1:8c:c3:12:db:86:59:1e:1a:47:30:e0:
         e0:ef:4d:e3:ba:8a:b7:34:94:3f:25:cb:67:9d:74:60:fe:75:
         88:e9:9c:83:c8:32:4c:76:2c:ab:84:15:a0:58:19:d8:f2:a4:
         84:71:5b:cc:3a:a3:d2:fb:ac:75:cf:ac:a3:19:aa:99:13:dc:
         af:91:b2:07:bc:27:6a:ca:3f:06:46:7a:7a:66:6b:ba:73:da:
         f2:a8:fa:f6:10:f1:fe:86:2c:85:da:8a:87:5c:1c:4e:80:d3:
         30:aa:0c:69:aa:0b:96:ed:cb:e9:a2:db:8f:11:32:dd:3a:56:
         74:bb:03:a2:b4:86:d3:42:2f:bf:e9:61:f9:0b:b6:cc:32:f9:
         8a:6e:34:55:7f:10:3e:9c:47:74:e2:f4:9b:c8:20:20:1b:06:
         d6:fa:bb:f4:42:f0:b7:dc:2c:57:df:27:cf:2f:bb:19:47:21:
         66:56:1f:17:85:b1:35:2a:78:b7:00:46:3d:1d:39:29:8f:1c:
         9d:85:a9:12:6c:95:c1:33:9d:f9:80:4a:4a:96:0c:84:fd:17:
         01:5d:c2:51:fe:f3:1a:49:ac:8d:4d:02:7f:c5:e2:20:09:3f:
         d5:9a:49:a2:c4:5a:55:8f:98:47:f8:de:92:c5:28:22:e5:7a:
         9d:99:8e:d8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIkdtFry2syCzYI43Rm8PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTA0ZTJhZTY2MDBlMWU0NjBmZmZmYjJlN2M2OWMzNjM2ZWZjMmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Z7355n5qr6wUttzVdLgAuKOtNbE
/bqIt5qQhgziuEKR+WlxersbzYoa79xbQfzyTUPjkdqBq7lYNnccPAkjQ04e2fjz
E7ZlkH/57KRPaNEiEOd95I/hLdJBzBX/4Kc2gd9cq413a4nQGNv4wdo3tNxdcIX0
EDzSFX2q9FKh8UTzasdggvRpRh24iKnDDaaS4NvMstcBo25BRnGRjUWbEnjvOn3e
WJS2L17a8yHLtlRjYQBz8aERKtmo68eQSFyIEW1qF7UaVdMAoeheVv93rPav+qDl
2JVRx9/Xn2rP8gqiqxi4J368uugWtc9/HNPVYkpZHCtHNMg24fmpEnmaSwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDEE4q5mAOHkYP//sufGnDY278K4MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTVFUaXJtWUE0ZVJnX18teTU4YWNOamJ2d3JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBxWP
MA0GCSqGSIb3DQEBCwUAA4IBAQBKFiCpkpvRjMMS24ZZHhpHMODg703juoq3NJQ/
JctnnXRg/nWI6ZyDyDJMdiyrhBWgWBnY8qSEcVvMOqPS+6x1z6yjGaqZE9yvkbIH
vCdqyj8GRnp6Zmu6c9ryqPr2EPH+hiyF2oqHXBxOgNMwqgxpqguW7cvpotuPETLd
OlZ0uwOitIbTQi+/6WH5C7bMMvmKbjRVfxA+nEd04vSbyCAgGwbW+rv0QvC33CxX
3yfPL7sZRyFmVh8XhbE1Kni3AEY9HTkpjxydhakSbJXBM535gEpKlgyE/RcBXcJR
/vMaSayNTQJ/xeIgCT/VmkmixFpVj5hH+N6SxSgi5XqdmY7Y
-----END CERTIFICATE-----