Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/PyoLIBoDUXAptEIGgMJqbppB8g8.roa
File:                     PyoLIBoDUXAptEIGgMJqbppB8g8.roa (raw, json)
Hash identifier:          RVxtOzh80dAR/a5Bw8qQOhEDG+4XfWI4ZtXEzc5lLM4=
Subject key identifier:   3F:2A:0B:20:1A:03:51:70:29:B4:42:06:80:C2:6A:6E:9A:41:F2:0F
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521F762C895E0AE30EC4FAEFCA194D2
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/PyoLIBoDUXAptEIGgMJqbppB8g8.roa
Signing time:             Thu 02 Jan 2025 03:49:30 +0000
ROA not before:           Thu 02 Jan 2025 03:49:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198603
IP address blocks:        2a0e:97c0:520::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:f7:62:c8:95:e0:ae:30:ec:4f:ae:fc:a1:94:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f2a0b201a03517029b4420680c26a6e9a41f20f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c5:91:60:3d:cc:d0:40:5b:b0:d6:5c:10:e7:
                    3d:fc:7a:4e:e2:8d:c6:eb:ce:97:af:1c:c4:f9:f6:
                    44:b8:f3:0c:42:30:64:8c:29:14:2e:d4:c3:33:ff:
                    0a:8f:f7:51:37:ed:74:30:57:1d:c4:c0:f0:1d:b0:
                    6d:9b:9f:d4:ac:b4:f9:83:f9:26:24:54:8b:9d:1f:
                    ca:40:da:5d:de:ad:4e:51:15:4d:ac:03:b4:d9:62:
                    9b:ee:cd:02:a9:62:94:7b:a0:3c:40:67:ad:c7:15:
                    51:d0:c6:d3:be:6b:e1:7c:5c:06:4e:2c:8c:df:7b:
                    42:cf:82:9a:1a:9f:dd:9d:ee:3b:a4:dc:19:4d:4d:
                    1f:39:85:21:cf:98:7b:a9:88:76:3e:ca:32:f0:94:
                    d0:0a:d9:00:5c:8b:f6:59:b3:fd:83:0b:4b:47:ed:
                    8c:2f:dd:39:e5:30:20:04:6c:f2:5a:85:0c:30:74:
                    24:91:2f:3a:e3:de:21:6a:31:65:64:04:f2:10:82:
                    a2:a7:c7:37:04:25:3f:ff:79:bf:6a:d5:ca:af:8b:
                    a8:e9:8e:df:0b:c2:7b:61:de:5d:15:52:78:6a:7f:
                    2b:4c:48:1f:e2:ee:85:e9:41:09:84:c6:ca:e9:4d:
                    37:40:46:c7:03:f3:61:57:3e:65:ce:b6:a1:b4:23:
                    87:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:2A:0B:20:1A:03:51:70:29:B4:42:06:80:C2:6A:6E:9A:41:F2:0F
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/PyoLIBoDUXAptEIGgMJqbppB8g8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:520::/44

    Signature Algorithm: sha256WithRSAEncryption
         57:00:42:b8:2c:90:ef:68:84:36:fe:3a:e8:ac:30:87:b0:6a:
         5a:20:0e:c0:86:3f:ec:38:4e:bc:38:3d:e6:17:3a:2e:5b:b3:
         5d:22:5d:35:10:71:94:4b:36:ca:16:d0:83:cc:d8:f7:e3:ef:
         ad:4b:03:aa:5b:60:da:68:08:52:51:2e:18:c2:a2:3c:3f:99:
         d5:b9:02:38:5f:2b:71:a0:7c:f9:26:b4:0f:31:7e:35:78:7c:
         6c:14:89:5a:5d:a3:5c:dd:47:0e:1e:6f:87:b7:1d:e6:dd:1a:
         d5:b0:08:36:8e:e1:ff:54:fb:52:c4:bc:d8:62:29:f4:c4:53:
         42:97:60:84:90:29:68:7a:9b:c0:5e:a2:3c:93:a3:3d:fa:37:
         56:31:e2:d7:d2:a7:98:f9:18:64:db:e1:52:76:ab:7c:89:82:
         3c:81:3b:76:b7:47:f6:4e:31:1f:7c:7d:04:56:9c:e4:e2:ba:
         6e:b1:1a:e2:be:85:59:62:88:34:f1:22:8a:91:fd:d2:bb:99:
         66:59:f6:9b:ec:7e:11:84:e9:50:3c:f5:71:40:f4:a8:6f:48:
         3e:1a:04:90:db:84:50:19:5a:7e:ff:f7:5e:3c:e2:b3:e4:39:
         4f:45:8a:04:5f:8f:6d:ce:2a:bc:09:d5:af:b9:03:cc:3b:e1:
         79:a1:96:a8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIfdiyJXgrjDsT678oZTSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjJhMGIyMDFhMDM1MTcwMjliNDQyMDY4MGMyNmE2ZTlhNDFmMjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcWRYD3M0EBbsNZcEOc9/HpO4o3G
686XrxzE+fZEuPMMQjBkjCkULtTDM/8Kj/dRN+10MFcdxMDwHbBtm5/UrLT5g/km
JFSLnR/KQNpd3q1OURVNrAO02WKb7s0CqWKUe6A8QGetxxVR0MbTvmvhfFwGTiyM
33tCz4KaGp/dne47pNwZTU0fOYUhz5h7qYh2Psoy8JTQCtkAXIv2WbP9gwtLR+2M
L9055TAgBGzyWoUMMHQkkS86494hajFlZATyEIKip8c3BCU//3m/atXKr4uo6Y7f
C8J7Yd5dFVJ4an8rTEgf4u6F6UEJhMbK6U03QEbHA/NhVz5lzrahtCOH0QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD8qCyAaA1FwKbRCBoDCam6aQfIPMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUHlvTElCb0RVWEFwdEVJR2dNSnFicHBCOGc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAUg
MA0GCSqGSIb3DQEBCwUAA4IBAQBXAEK4LJDvaIQ2/jrorDCHsGpaIA7Ahj/sOE68
OD3mFzouW7NdIl01EHGUSzbKFtCDzNj34++tSwOqW2DaaAhSUS4YwqI8P5nVuQI4
XytxoHz5JrQPMX41eHxsFIlaXaNc3UcOHm+Htx3m3RrVsAg2juH/VPtSxLzYYin0
xFNCl2CEkCloepvAXqI8k6M9+jdWMeLX0qeY+Rhk2+FSdqt8iYI8gTt2t0f2TjEf
fH0EVpzk4rpusRrivoVZYog08SKKkf3Su5lmWfab7H4RhOlQPPVxQPSob0g+GgSQ
24RQGVp+//dePOKz5DlPRYoEX49tziq8CdWvuQPMO+F5oZao
-----END CERTIFICATE-----