Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ProabGOVlG1mr4hPQtXhtI6rnDA.roa
File:                     ProabGOVlG1mr4hPQtXhtI6rnDA.roa (raw, json)
Hash identifier:          J/O/PyXXAWGIb432/+B3jl71v7NB3jwgVE9pQZhTA58=
Subject key identifier:   3E:BA:1A:6C:63:95:94:6D:66:AF:88:4F:42:D5:E1:B4:8E:AB:9C:30
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425220D313B783E8406BE741BF19D983E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ProabGOVlG1mr4hPQtXhtI6rnDA.roa
Signing time:             Thu 02 Jan 2025 03:49:36 +0000
ROA not before:           Thu 02 Jan 2025 03:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202673
IP address blocks:        2a0e:97c0:c40::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:0d:31:3b:78:3e:84:06:be:74:1b:f1:9d:98:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3eba1a6c6395946d66af884f42d5e1b48eab9c30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:93:7e:2f:bd:25:e1:58:5e:c4:f0:0c:c1:2f:
                    79:69:c6:8d:5e:c5:bf:8f:f5:ae:56:29:74:c5:49:
                    15:3f:3b:af:87:ff:ec:6f:dc:f5:be:6c:97:a7:8a:
                    71:c3:11:10:6a:d1:71:af:5c:64:9e:7f:c0:e7:8c:
                    04:eb:5d:e5:23:77:5b:c1:80:b8:b2:be:96:20:43:
                    41:1b:8f:59:b5:6a:99:d8:24:79:a3:e6:63:62:45:
                    6f:c6:09:16:2a:65:38:ee:08:08:f2:97:b1:6d:c0:
                    40:6e:b1:28:e8:35:b5:57:8f:a5:c9:63:58:e6:b3:
                    81:a4:6d:8a:de:9f:02:8a:e6:3d:ea:7f:a1:54:ac:
                    90:b1:f5:41:cc:72:b5:ae:a9:ee:56:4f:96:34:c1:
                    cf:ae:24:7d:dd:a7:f5:91:54:52:f7:cb:08:cf:63:
                    cd:81:a3:e4:3c:a9:ce:d4:43:e8:b2:14:2a:53:0b:
                    7e:8c:1a:f0:4f:7e:5e:7f:e3:b3:71:ca:25:7e:b4:
                    b9:d5:17:7c:39:c6:45:2d:3e:fe:5f:5e:e9:21:f7:
                    0e:b9:4c:b7:5c:8e:e4:6b:41:eb:68:d2:ec:43:e1:
                    5b:84:62:85:5b:09:6a:ce:51:84:dc:50:99:3f:d8:
                    38:46:72:c6:00:b6:2b:14:de:9a:20:33:4a:8d:86:
                    8d:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:BA:1A:6C:63:95:94:6D:66:AF:88:4F:42:D5:E1:B4:8E:AB:9C:30
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ProabGOVlG1mr4hPQtXhtI6rnDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:c40::/44

    Signature Algorithm: sha256WithRSAEncryption
         3d:24:45:1b:e5:88:24:d5:a3:2b:5c:7f:0e:be:48:10:ed:6d:
         57:8b:63:34:b6:75:af:0f:66:ad:09:d3:e5:ad:ba:18:49:6f:
         9d:b2:58:44:af:5e:4b:68:f0:9c:f5:c5:39:12:d0:28:a3:12:
         7b:b1:57:31:f2:2b:ce:20:12:eb:56:07:83:ff:72:89:ab:ff:
         86:31:9b:a7:f7:62:a1:2f:c4:1e:45:db:cb:58:68:8a:1a:b9:
         8f:65:ad:16:17:b0:df:b7:17:92:6e:ed:95:44:75:5a:6b:83:
         38:04:51:c9:24:80:fd:d2:a8:0b:bc:9e:95:d4:7b:d5:79:26:
         43:44:9d:52:67:1c:44:f6:ad:2d:e4:8b:87:e7:56:50:8f:df:
         a4:52:27:ff:a2:47:65:27:4e:30:7b:35:ee:7f:3a:18:ac:d5:
         0c:55:82:14:3c:7a:cd:58:d8:47:5b:21:70:07:b5:20:6e:18:
         62:33:8f:b7:ef:af:f5:8a:86:88:97:92:2c:34:97:09:7b:30:
         a2:5e:3a:95:8c:0a:e1:7e:6d:d3:30:b2:7d:91:0d:e0:84:e7:
         67:56:ad:37:e7:a7:af:6c:49:c0:b1:9c:fa:97:f6:1e:5b:de:
         1a:f3:99:4c:ab:7b:3a:23:d9:65:89:06:44:f8:44:a2:a5:ce:
         2c:6f:f0:f1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIg0xO3g+hAa+dBvxnZg+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWJhMWE2YzYzOTU5NDZkNjZhZjg4NGY0MmQ1ZTFiNDhlYWI5YzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpN+L70l4VhexPAMwS95acaNXsW/
j/WuVil0xUkVPzuvh//sb9z1vmyXp4pxwxEQatFxr1xknn/A54wE613lI3dbwYC4
sr6WIENBG49ZtWqZ2CR5o+ZjYkVvxgkWKmU47ggI8pexbcBAbrEo6DW1V4+lyWNY
5rOBpG2K3p8CiuY96n+hVKyQsfVBzHK1rqnuVk+WNMHPriR93af1kVRS98sIz2PN
gaPkPKnO1EPoshQqUwt+jBrwT35ef+OzccolfrS51Rd8OcZFLT7+X17pIfcOuUy3
XI7ka0HraNLsQ+FbhGKFWwlqzlGE3FCZP9g4RnLGALYrFN6aIDNKjYaN/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD66GmxjlZRtZq+IT0LV4bSOq5wwMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUHJvYWJHT1ZsRzFtcjRoUFF0WGh0STZybkRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAxA
MA0GCSqGSIb3DQEBCwUAA4IBAQA9JEUb5Ygk1aMrXH8OvkgQ7W1Xi2M0tnWvD2at
CdPlrboYSW+dslhEr15LaPCc9cU5EtAooxJ7sVcx8ivOIBLrVgeD/3KJq/+GMZun
92KhL8QeRdvLWGiKGrmPZa0WF7DftxeSbu2VRHVaa4M4BFHJJID90qgLvJ6V1HvV
eSZDRJ1SZxxE9q0t5IuH51ZQj9+kUif/okdlJ04wezXufzoYrNUMVYIUPHrNWNhH
WyFwB7UgbhhiM4+376/1ioaIl5IsNJcJezCiXjqVjArhfm3TMLJ9kQ3ghOdnVq03
56evbEnAsZz6l/YeW94a85lMq3s6I9lliQZE+ESipc4sb/Dx
-----END CERTIFICATE-----