Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OZMfZ5iH1hWZLbNWAkllvK9hoUc.roa
File:                     OZMfZ5iH1hWZLbNWAkllvK9hoUc.roa (raw, json)
Hash identifier:          E+h+U3HEiOCob8rI+BBjRrNZp7yVExqMcC3cPuLEu8g=
Subject key identifier:   39:93:1F:67:98:87:D6:15:99:2D:B3:56:02:49:65:BC:AF:61:A1:47
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425229458AB64FD04DA2380CA6D70CC1B
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OZMfZ5iH1hWZLbNWAkllvK9hoUc.roa
Signing time:             Thu 02 Jan 2025 03:50:10 +0000
ROA not before:           Thu 02 Jan 2025 03:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216084
IP address blocks:        2a06:de01:200::/40 maxlen: 48
                          2a0e:97c0:ee0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:94:58:ab:64:fd:04:da:23:80:ca:6d:70:cc:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39931f679887d615992db356024965bcaf61a147
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:02:0b:7c:37:fc:a5:84:1a:3a:89:85:ba:3b:
                    58:95:c0:25:ad:d9:cd:2e:fb:f2:b0:7c:42:4f:0a:
                    1c:6e:72:b0:a6:fe:00:a7:d3:ce:a6:ae:6b:22:0e:
                    d3:d8:38:e3:52:64:dd:9a:a1:8f:01:72:00:b0:93:
                    cd:4a:0b:88:7c:01:b5:bc:c8:9b:2c:d2:ff:da:c6:
                    78:86:f4:de:c3:c6:fe:07:f1:e8:8d:ef:68:c7:d0:
                    bd:d1:d1:6f:ad:4f:0d:39:24:aa:3d:b4:65:da:73:
                    e8:34:b6:9a:39:a0:78:d4:9e:e6:15:27:da:64:6d:
                    b7:2d:66:09:0e:a1:75:9c:54:da:8a:47:ba:a2:f2:
                    e0:72:19:0d:ef:8e:a4:8a:5d:f4:31:96:5b:fd:50:
                    66:25:e7:f2:4b:03:0a:22:cc:f6:33:40:a1:75:83:
                    2e:8a:0a:be:9d:3c:cc:99:5f:13:e7:64:2f:62:a5:
                    29:22:d9:d2:4f:7b:47:0f:69:81:f9:16:d2:a2:a2:
                    4c:86:b3:e2:a3:79:8c:61:ac:0b:6a:f0:80:ae:4d:
                    5f:d6:72:de:a5:df:97:ed:28:db:3f:9d:25:db:44:
                    c8:4f:2f:08:df:87:14:07:e4:e6:9a:3d:53:b6:98:
                    9a:34:c1:cf:df:f0:8f:c7:fc:93:71:77:80:5a:17:
                    61:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:93:1F:67:98:87:D6:15:99:2D:B3:56:02:49:65:BC:AF:61:A1:47
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OZMfZ5iH1hWZLbNWAkllvK9hoUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de01:200::/40
                  2a0e:97c0:ee0::/44

    Signature Algorithm: sha256WithRSAEncryption
         0b:50:6b:db:95:3d:29:dc:18:f8:12:84:f8:f8:70:e2:88:1c:
         2b:7f:9c:5a:d4:a1:e8:8b:7a:0b:d5:b3:35:3d:e2:d0:a9:9c:
         6e:45:ec:7c:75:a7:6e:15:db:5f:1d:7a:4c:43:be:97:ae:6b:
         42:5d:d8:23:41:2a:aa:dd:ac:37:f9:c3:ae:d6:16:c6:86:e2:
         78:4a:e8:c4:3c:fe:6a:60:d2:5b:51:3c:28:d7:62:ea:f8:80:
         8b:af:1d:68:0e:6d:04:4d:ff:8e:58:04:b7:76:68:28:cf:0e:
         7e:6f:89:e3:16:86:18:95:f3:f8:0f:f3:45:f0:25:8a:db:a4:
         82:7a:d6:a1:96:39:e5:0c:9f:51:88:7e:fc:be:11:b4:07:3c:
         af:4f:68:f8:78:3e:54:13:f1:8b:5d:49:dd:ad:91:69:48:17:
         ce:f0:2d:0e:e2:d8:f7:47:c6:91:54:ed:f4:3a:c5:a3:26:95:
         a5:17:e8:01:95:aa:20:b7:6d:60:a3:d8:73:4c:e1:16:e7:59:
         17:f2:48:ab:56:43:67:48:ac:06:63:e0:01:82:40:9c:94:ec:
         e8:14:eb:c6:32:a2:6a:d4:3a:75:c3:30:68:13:7d:af:0e:15:
         b2:46:b5:10:49:fe:61:92:1f:b7:0c:77:26:ff:e3:a4:16:5c:
         28:e9:2e:8c
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZQlIpRYq2T9BNojgMptcMwbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTkzMWY2Nzk4ODdkNjE1OTkyZGIzNTYwMjQ5NjViY2FmNjFhMTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2QILfDf8pYQaOomFujtYlcAlrdnN
LvvysHxCTwocbnKwpv4Ap9POpq5rIg7T2DjjUmTdmqGPAXIAsJPNSguIfAG1vMib
LNL/2sZ4hvTew8b+B/Hoje9ox9C90dFvrU8NOSSqPbRl2nPoNLaaOaB41J7mFSfa
ZG23LWYJDqF1nFTaike6ovLgchkN746kil30MZZb/VBmJefySwMKIsz2M0ChdYMu
igq+nTzMmV8T52QvYqUpItnST3tHD2mB+RbSoqJMhrPio3mMYawLavCArk1f1nLe
pd+X7SjbP50l20TITy8I34cUB+Tmmj1TtpiaNMHP3/CPx/yTcXeAWhdhDQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFDmTH2eYh9YVmS2zVgJJZbyvYaFHMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvT1pNZlo1aUgxaFdaTGJOV0FrbGx2Szlob1VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYAKgbeAQID
BwQqDpfADuAwDQYJKoZIhvcNAQELBQADggEBAAtQa9uVPSncGPgShPj4cOKIHCt/
nFrUoeiLegvVszU94tCpnG5F7Hx1p24V218dekxDvpeua0Jd2CNBKqrdrDf5w67W
FsaG4nhK6MQ8/mpg0ltRPCjXYur4gIuvHWgObQRN/45YBLd2aCjPDn5vieMWhhiV
8/gP80XwJYrbpIJ61qGWOeUMn1GIfvy+EbQHPK9PaPh4PlQT8YtdSd2tkWlIF87w
LQ7i2PdHxpFU7fQ6xaMmlaUX6AGVqiC3bWCj2HNM4RbnWRfySKtWQ2dIrAZj4AGC
QJyU7OgU68YyomrUOnXDMGgTfa8OFbJGtRBJ/mGSH7cMdyb/46QWXCjpLow=
-----END CERTIFICATE-----