Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/P6GfkqbsVJUEvemoMa9qTYNdVrQ.roa
File:                     P6GfkqbsVJUEvemoMa9qTYNdVrQ.roa (raw, json)
Hash identifier:          1zNPFvKvDExfOv+n0+28/jFR0ERlpiwXjW5M+R5+pgY=
Subject key identifier:   3F:A1:9F:92:A6:EC:54:95:04:BD:E9:A8:31:AF:6A:4D:83:5D:56:B4
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252297FC84DF61F01ED15D47759FE7FA
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/P6GfkqbsVJUEvemoMa9qTYNdVrQ.roa
Signing time:             Thu 02 Jan 2025 03:50:11 +0000
ROA not before:           Thu 02 Jan 2025 03:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216418
IP address blocks:        2a0e:97c1:130::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:97:fc:84:df:61:f0:1e:d1:5d:47:75:9f:e7:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3fa19f92a6ec549504bde9a831af6a4d835d56b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:b4:62:4d:b5:b7:8d:02:c6:b3:ac:21:af:86:
                    fd:ba:4e:1e:ac:5b:98:f7:a2:11:1c:ed:99:4c:a4:
                    3a:f3:9f:a1:a7:cd:9a:4f:74:f2:3d:c7:ff:c1:8c:
                    02:71:a5:76:7f:bd:fa:91:f5:d3:44:53:e0:bb:f6:
                    4c:09:92:3a:77:58:2c:ff:18:fd:27:30:21:22:1d:
                    fc:ef:ff:45:05:24:7e:28:f1:23:96:a4:d6:21:95:
                    ee:4d:0e:b7:c8:d4:de:8e:cd:9d:4b:e7:c5:d0:6f:
                    e2:f0:9f:ae:2a:d7:f9:44:32:f7:78:80:65:f8:cc:
                    77:ac:61:a6:8e:04:12:5f:55:8f:96:46:e7:06:8f:
                    d2:02:73:e1:d1:4e:15:53:71:e5:ec:dc:a9:58:72:
                    8d:fd:4c:ad:9c:78:fa:fe:c1:be:c7:e8:0a:56:82:
                    6f:bd:5a:0d:13:23:54:75:df:5e:99:b6:5a:12:8b:
                    5a:4e:31:73:d6:f5:3f:c9:2d:1a:c6:33:44:05:0a:
                    6a:b7:1e:b2:05:6c:d6:cb:44:6d:d1:85:cf:48:de:
                    1c:98:3e:b8:38:2f:e3:b2:92:3b:76:24:7a:2a:36:
                    15:a2:4f:e7:db:eb:9c:d3:3e:77:91:31:b7:03:85:
                    36:81:e0:d5:42:ea:cc:31:9f:5d:80:3e:05:e7:64:
                    49:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:A1:9F:92:A6:EC:54:95:04:BD:E9:A8:31:AF:6A:4D:83:5D:56:B4
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/P6GfkqbsVJUEvemoMa9qTYNdVrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c1:130::/44

    Signature Algorithm: sha256WithRSAEncryption
         04:42:58:f4:3a:6b:ae:35:a7:bb:53:f4:6e:fb:e3:d2:37:cf:
         96:32:8f:58:e1:62:a0:44:7e:44:1e:6c:f3:a7:20:a2:fc:e7:
         33:04:cd:e2:e3:03:06:fd:2a:41:99:7d:0b:30:ce:21:5a:0e:
         e5:bb:d9:7c:32:0e:16:68:ae:dd:78:2a:26:b7:e9:66:60:91:
         04:a7:8f:d6:3b:91:0c:4f:12:eb:34:ed:08:42:f0:ad:2a:27:
         69:b2:9e:a1:86:9e:d0:62:f0:8b:b1:d6:70:7b:06:3c:09:4a:
         b6:e3:e0:6f:ad:40:34:ac:f2:50:7c:1e:4b:9f:32:62:ea:cf:
         1a:05:c0:d0:38:d0:b6:4c:12:0d:6c:16:63:df:3b:90:3b:a1:
         85:1e:ba:47:bb:64:67:3a:d2:f3:fa:e5:f1:fd:5b:b7:39:3d:
         c3:16:d1:30:cf:b3:20:84:1f:58:95:71:8f:f0:19:ba:f2:12:
         42:c9:d4:19:09:7b:ea:18:ee:ce:75:87:18:4e:59:a7:13:ce:
         80:2f:51:70:b2:d3:1c:49:11:c5:36:8f:bd:01:c6:6c:f4:69:
         93:73:2b:9e:a0:f4:c0:9e:b0:0a:13:8e:16:11:d7:5b:e2:42:
         6f:bd:08:c6:f6:62:20:b0:3e:bc:df:50:46:a6:43:e9:83:42:
         c3:46:59:74
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIpf8hN9h8B7RXUd1n+f6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmExOWY5MmE2ZWM1NDk1MDRiZGU5YTgzMWFmNmE0ZDgzNWQ1NmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LRiTbW3jQLGs6whr4b9uk4erFuY
96IRHO2ZTKQ685+hp82aT3TyPcf/wYwCcaV2f736kfXTRFPgu/ZMCZI6d1gs/xj9
JzAhIh387/9FBSR+KPEjlqTWIZXuTQ63yNTejs2dS+fF0G/i8J+uKtf5RDL3eIBl
+Mx3rGGmjgQSX1WPlkbnBo/SAnPh0U4VU3Hl7NypWHKN/UytnHj6/sG+x+gKVoJv
vVoNEyNUdd9embZaEotaTjFz1vU/yS0axjNEBQpqtx6yBWzWy0Rt0YXPSN4cmD64
OC/jspI7diR6KjYVok/n2+uc0z53kTG3A4U2geDVQurMMZ9dgD4F52RJCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD+hn5Km7FSVBL3pqDGvak2DXVa0MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUDZHZmtxYnNWSlVFdmVtb01hOXFUWU5kVnJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwQEw
MA0GCSqGSIb3DQEBCwUAA4IBAQAEQlj0OmuuNae7U/Ru++PSN8+WMo9Y4WKgRH5E
HmzzpyCi/OczBM3i4wMG/SpBmX0LMM4hWg7lu9l8Mg4WaK7deComt+lmYJEEp4/W
O5EMTxLrNO0IQvCtKidpsp6hhp7QYvCLsdZwewY8CUq24+BvrUA0rPJQfB5LnzJi
6s8aBcDQONC2TBINbBZj3zuQO6GFHrpHu2RnOtLz+uXx/Vu3OT3DFtEwz7MghB9Y
lXGP8Bm68hJCydQZCXvqGO7OdYcYTlmnE86AL1FwstMcSRHFNo+9AcZs9GmTcyue
oPTAnrAKE44WEddb4kJvvQjG9mIgsD6831BGpkPpg0LDRll0
-----END CERTIFICATE-----