Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Mrye-c7sbm5JUTc2txAe2u_TNso.roa
File:                     Mrye-c7sbm5JUTc2txAe2u_TNso.roa (raw, json)
Hash identifier:          hpQYyQ9fMthWxSLw35dtIJIkXl3XOQMtJasrvoNCROs=
Subject key identifier:   32:BC:9E:F9:CE:EC:6E:6E:49:51:37:36:B7:10:1E:DA:EF:D3:36:CA
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252210DC84B4E01780452A71759F59FB
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Mrye-c7sbm5JUTc2txAe2u_TNso.roa
Signing time:             Thu 02 Jan 2025 03:49:36 +0000
ROA not before:           Thu 02 Jan 2025 03:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203490
IP address blocks:        2a0e:97c0:ba0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:10:dc:84:b4:e0:17:80:45:2a:71:75:9f:59:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=32bc9ef9ceec6e6e49513736b7101edaefd336ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:5d:a7:ba:af:94:ec:44:5e:a0:5b:83:d0:d2:
                    de:e1:c6:0c:30:d4:d9:52:f3:7d:02:e7:f3:9d:34:
                    c3:60:15:c3:6f:1d:a4:3b:c0:cd:1b:ca:1e:7f:4b:
                    df:fe:2e:7d:9b:eb:7f:3d:a3:69:78:6b:6b:77:b6:
                    80:0a:44:17:33:db:b5:c2:f9:d6:cf:13:79:96:a2:
                    ba:d4:7e:bc:af:2f:73:f2:81:69:b0:5d:ee:1f:b5:
                    66:f4:ad:07:b3:da:48:b4:7e:d7:07:66:b8:5e:88:
                    40:54:8c:a0:e6:da:6f:0a:80:f8:4a:76:57:16:ab:
                    56:dd:81:a6:60:9e:47:8f:9f:3e:8e:c1:22:85:bd:
                    c8:ee:da:3b:09:9b:9a:c3:6c:ce:68:0b:a8:1d:7b:
                    ca:d8:94:59:66:62:c7:23:0d:7c:5a:f8:f6:2f:8b:
                    1b:72:0b:e6:1c:30:bf:a4:e2:32:55:42:8b:08:b6:
                    96:16:a9:b0:29:a6:c3:c1:9a:68:23:4a:82:c3:c3:
                    ca:0d:2f:2b:ca:f4:84:d4:de:8f:0e:2a:39:e8:f3:
                    0d:9f:86:95:51:a4:d3:b3:dc:2a:9c:3f:58:81:68:
                    56:4b:6f:88:06:47:69:7b:42:2d:a0:89:63:b3:5b:
                    e9:d4:66:e2:0e:67:a2:ac:77:f0:15:78:33:2a:e7:
                    47:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:BC:9E:F9:CE:EC:6E:6E:49:51:37:36:B7:10:1E:DA:EF:D3:36:CA
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Mrye-c7sbm5JUTc2txAe2u_TNso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:ba0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6e:d8:f8:a6:31:92:a1:41:2e:bf:3a:0f:ae:73:2f:c3:54:14:
         fd:80:b7:04:2c:98:31:c9:8a:fd:48:d1:a8:92:f6:c6:ed:3a:
         54:86:cf:50:60:82:13:57:f6:9b:b2:3b:68:d4:72:e9:6f:6d:
         bd:6d:b7:f0:c4:71:9c:36:4d:db:f0:28:e2:92:e2:8f:b6:02:
         6a:f1:0a:32:e8:3b:12:c1:14:57:2f:c9:b0:60:28:f4:d6:dc:
         f6:69:b5:35:e6:8a:be:82:4e:f3:f0:52:24:a0:b4:83:b8:54:
         c6:a3:42:83:96:d6:b3:c7:9d:dd:a1:dd:c3:43:27:f5:90:ed:
         e8:d3:45:8b:f7:14:d0:7e:d4:67:b0:c8:31:b2:7b:02:a8:84:
         9e:ec:13:d7:50:3d:f9:9b:7d:fd:b0:cb:c2:84:64:d3:e2:32:
         71:7a:68:ff:f8:63:d0:7d:4d:38:6f:c7:fd:4b:3b:12:86:4b:
         e7:71:09:38:2d:b7:56:51:d9:d3:98:78:a4:45:bd:44:98:42:
         7a:34:81:7f:0c:cd:6b:c3:5f:3d:da:ff:83:37:71:be:4a:41:
         ae:8b:5b:2c:39:1e:bc:85:f0:73:30:d5:6a:df:a5:34:47:17:
         c4:88:a4:16:f2:83:12:1e:35:ef:19:5a:9b:06:c5:e1:81:35:
         90:fa:36:95
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIhDchLTgF4BFKnF1n1n7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmJjOWVmOWNlZWM2ZTZlNDk1MTM3MzZiNzEwMWVkYWVmZDMzNmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApF2nuq+U7EReoFuD0NLe4cYMMNTZ
UvN9AufznTTDYBXDbx2kO8DNG8oef0vf/i59m+t/PaNpeGtrd7aACkQXM9u1wvnW
zxN5lqK61H68ry9z8oFpsF3uH7Vm9K0Hs9pItH7XB2a4XohAVIyg5tpvCoD4SnZX
FqtW3YGmYJ5Hj58+jsEihb3I7to7CZuaw2zOaAuoHXvK2JRZZmLHIw18Wvj2L4sb
cgvmHDC/pOIyVUKLCLaWFqmwKabDwZpoI0qCw8PKDS8ryvSE1N6PDio56PMNn4aV
UaTTs9wqnD9YgWhWS2+IBkdpe0ItoIljs1vp1GbiDmeirHfwFXgzKudHDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDK8nvnO7G5uSVE3NrcQHtrv0zbKMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTXJ5ZS1jN3NibTVKVVRjMnR4QWUydV9UTnNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAug
MA0GCSqGSIb3DQEBCwUAA4IBAQBu2PimMZKhQS6/Og+ucy/DVBT9gLcELJgxyYr9
SNGokvbG7TpUhs9QYIITV/absjto1HLpb229bbfwxHGcNk3b8CjikuKPtgJq8Qoy
6DsSwRRXL8mwYCj01tz2abU15oq+gk7z8FIkoLSDuFTGo0KDltazx53dod3DQyf1
kO3o00WL9xTQftRnsMgxsnsCqISe7BPXUD35m339sMvChGTT4jJxemj/+GPQfU04
b8f9SzsShkvncQk4LbdWUdnTmHikRb1EmEJ6NIF/DM1rw1892v+DN3G+SkGui1ss
OR68hfBzMNVq36U0RxfEiKQW8oMSHjXvGVqbBsXhgTWQ+jaV
-----END CERTIFICATE-----