Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/MXj_n4Ksgr3t_RRV181bMtSlq9I.roa
File:                     MXj_n4Ksgr3t_RRV181bMtSlq9I.roa (raw, json)
Hash identifier:          zU2eeF2Q5SB4V1crwT+N/TiZHOGoi3hlH3sJiI86ecY=
Subject key identifier:   31:78:FF:9F:82:AC:82:BD:ED:FD:14:55:D7:CD:5B:32:D4:A5:AB:D2
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521ED258DAFDF46297EE0B6ED00AD34
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/MXj_n4Ksgr3t_RRV181bMtSlq9I.roa
Signing time:             Thu 02 Jan 2025 03:49:27 +0000
ROA not before:           Thu 02 Jan 2025 03:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     149007
IP address blocks:        2a0e:b107:1800::/44 maxlen: 48
                          2a0e:b107:1806::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ed:25:8d:af:df:46:29:7e:e0:b6:ed:00:ad:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3178ff9f82ac82bdedfd1455d7cd5b32d4a5abd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:48:9e:9d:44:3e:f6:b0:5e:41:99:c9:09:fd:
                    50:f2:1c:73:a9:e8:45:a6:85:5a:c7:d3:e6:ec:e6:
                    b4:4f:de:82:8f:16:c0:8c:82:8f:2b:01:5e:14:b1:
                    5f:70:73:18:ae:51:ef:1f:40:5b:85:be:f9:e0:4c:
                    1b:15:23:c4:c7:14:ab:df:5a:1e:ca:14:27:08:87:
                    91:5b:e3:ed:57:a9:47:b1:4d:46:34:95:36:cf:83:
                    ef:3f:60:4e:1c:e1:d3:46:d1:d6:39:8a:46:e9:60:
                    4d:54:93:b3:28:bb:f8:ce:e6:29:10:8d:5e:c5:0a:
                    58:08:e8:d6:3c:5d:bc:09:2b:57:84:59:5a:66:95:
                    03:0e:80:6c:6f:e4:23:85:66:45:8d:3e:03:9a:02:
                    41:b6:c4:28:fb:c6:b8:c8:c4:09:52:06:67:b7:bd:
                    fe:19:16:57:24:4f:90:93:c8:63:7b:f9:4c:af:e6:
                    b5:e2:1a:a8:b8:15:e8:61:f1:a0:d7:04:d1:60:2a:
                    7c:60:b5:9d:ce:c6:cc:53:0f:b0:f9:35:de:8d:4e:
                    12:b9:80:c8:b5:cd:e4:5f:76:e3:c9:f6:60:9a:f9:
                    31:95:8c:62:8f:0b:51:11:e5:b5:18:c1:7a:d2:fa:
                    de:61:cc:4a:01:a3:65:a0:ef:98:d0:11:40:a5:08:
                    db:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:78:FF:9F:82:AC:82:BD:ED:FD:14:55:D7:CD:5B:32:D4:A5:AB:D2
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/MXj_n4Ksgr3t_RRV181bMtSlq9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1800::/44

    Signature Algorithm: sha256WithRSAEncryption
         2f:63:13:7d:9e:26:bb:dc:b9:5b:0b:33:56:34:f4:11:3a:6c:
         77:72:ef:48:79:b6:46:22:d9:42:21:c8:2d:58:84:20:15:2a:
         1f:c3:4c:62:0a:d9:20:75:74:a0:c1:03:89:d3:3f:50:b3:dd:
         82:e0:9f:9e:50:2f:4f:a6:df:08:d4:0f:dd:8c:9f:52:aa:30:
         ea:9f:8f:8e:37:b8:ab:e4:bb:0e:27:d4:fd:de:ed:f3:8e:ec:
         94:12:f7:2b:14:c1:b4:fd:12:b4:9c:69:bf:31:d7:89:c6:f2:
         84:2f:d4:cc:08:ea:45:e8:ad:ee:59:ec:48:2a:85:28:30:88:
         3a:ff:e8:3f:49:d6:41:d9:c7:5a:14:5b:36:0d:97:95:e6:39:
         f8:5b:69:3b:38:aa:f0:56:a5:8d:66:1e:2e:48:ed:41:54:11:
         bf:1d:07:45:f9:f8:f4:26:07:09:24:56:0e:7e:bc:6a:32:c9:
         63:1b:fe:dd:38:15:dc:7e:20:a3:c8:98:18:68:62:ab:ca:b1:
         d8:f2:da:0f:58:f2:df:cc:a2:f5:42:3d:27:dc:12:a3:c9:13:
         05:90:3a:f5:2b:59:6a:6a:51:83:0b:df:18:b4:a9:72:db:01:
         2e:7c:7c:4e:56:0f:6d:79:f7:47:93:ac:a5:fa:f3:7f:c4:bd:
         f2:db:0b:03
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIe0lja/fRil+4LbtAK00MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTc4ZmY5ZjgyYWM4MmJkZWRmZDE0NTVkN2NkNWIzMmQ0YTVhYmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUienUQ+9rBeQZnJCf1Q8hxzqehF
poVax9Pm7Oa0T96CjxbAjIKPKwFeFLFfcHMYrlHvH0Bbhb754EwbFSPExxSr31oe
yhQnCIeRW+PtV6lHsU1GNJU2z4PvP2BOHOHTRtHWOYpG6WBNVJOzKLv4zuYpEI1e
xQpYCOjWPF28CStXhFlaZpUDDoBsb+QjhWZFjT4DmgJBtsQo+8a4yMQJUgZnt73+
GRZXJE+Qk8hje/lMr+a14hqouBXoYfGg1wTRYCp8YLWdzsbMUw+w+TXejU4SuYDI
tc3kX3bjyfZgmvkxlYxijwtREeW1GMF60vreYcxKAaNloO+Y0BFApQjbywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDF4/5+CrIK97f0UVdfNWzLUpavSMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTVhqX240S3NncjN0X1JSVjE4MWJNdFNscTlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxgA
MA0GCSqGSIb3DQEBCwUAA4IBAQAvYxN9nia73LlbCzNWNPQROmx3cu9IebZGItlC
IcgtWIQgFSofw0xiCtkgdXSgwQOJ0z9Qs92C4J+eUC9Ppt8I1A/djJ9SqjDqn4+O
N7ir5LsOJ9T93u3zjuyUEvcrFMG0/RK0nGm/MdeJxvKEL9TMCOpF6K3uWexIKoUo
MIg6/+g/SdZB2cdaFFs2DZeV5jn4W2k7OKrwVqWNZh4uSO1BVBG/HQdF+fj0JgcJ
JFYOfrxqMsljG/7dOBXcfiCjyJgYaGKryrHY8toPWPLfzKL1Qj0n3BKjyRMFkDr1
K1lqalGDC98YtKly2wEufHxOVg9tefdHk6yl+vN/xL3y2wsD
-----END CERTIFICATE-----