Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RI4Nzi4C_D3T_2-nxAG7DhJTHqk.roa
File:                     RI4Nzi4C_D3T_2-nxAG7DhJTHqk.roa (raw, json)
Hash identifier:          Zs+w8+fdKcmtoaUgK9YUAXXi3gDuwc/vyVU+iXTXQWQ=
Subject key identifier:   44:8E:0D:CE:2E:02:FC:3D:D3:FF:6F:A7:C4:01:BB:0E:12:53:1E:A9
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252200E91401E8E8B21D3D386AB07079
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RI4Nzi4C_D3T_2-nxAG7DhJTHqk.roa
Signing time:             Thu 02 Jan 2025 03:49:32 +0000
ROA not before:           Thu 02 Jan 2025 03:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200879
IP address blocks:        2a0e:b107:2090::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:00:e9:14:01:e8:e8:b2:1d:3d:38:6a:b0:70:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=448e0dce2e02fc3dd3ff6fa7c401bb0e12531ea9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:91:fe:7a:20:0b:93:34:a3:91:2f:ec:06:27:
                    44:22:0f:bb:77:26:a9:8e:04:ef:a2:9e:17:cd:d1:
                    23:50:1b:36:bb:7f:e5:f4:05:7d:74:47:39:f7:83:
                    95:e9:2f:02:d9:95:46:a2:d7:6d:01:0f:31:c1:0b:
                    5c:35:19:d9:5a:ef:13:91:90:30:98:f1:62:71:53:
                    9c:b9:c4:73:b6:84:73:fe:ec:37:af:a3:79:f0:e3:
                    bc:3c:8f:18:c4:19:68:b2:73:cf:9c:4e:8e:07:1d:
                    6c:9a:e2:b5:ea:a8:61:a0:28:da:0c:78:95:71:72:
                    64:37:1d:3f:9a:52:fb:d4:bc:63:68:4c:77:d6:f7:
                    82:cd:4c:cd:bc:20:50:12:05:8e:f9:e5:c6:d2:01:
                    ea:9f:bb:34:37:fb:33:e2:e2:91:3d:01:bf:d4:cf:
                    9d:fd:10:16:6e:32:b4:1a:53:a1:19:2b:7d:6b:91:
                    11:e8:a7:f6:c0:5e:27:84:0f:34:a8:55:57:95:ff:
                    91:96:21:fa:df:39:b2:30:fd:c8:7f:0b:cf:d6:ad:
                    48:16:20:26:36:01:5a:b9:bd:fa:ff:6d:b9:5a:14:
                    21:78:d6:d2:5f:39:c9:2b:e7:95:3d:a7:7d:2f:0e:
                    74:f5:ee:fe:3a:f5:04:b2:8f:70:0b:b5:bc:71:6f:
                    ac:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:8E:0D:CE:2E:02:FC:3D:D3:FF:6F:A7:C4:01:BB:0E:12:53:1E:A9
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RI4Nzi4C_D3T_2-nxAG7DhJTHqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:2090::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:1a:3c:7f:32:ec:76:7a:fc:20:da:a3:d6:31:99:f2:b0:e3:
         11:ad:c9:5a:a5:5b:df:3c:dd:07:bd:a6:65:0b:52:c6:b1:78:
         c1:5b:9c:1c:73:e9:6c:4a:ad:88:a1:79:d3:d6:28:91:65:b2:
         d6:5a:27:17:ab:68:4d:cd:49:94:41:db:5e:d9:81:f7:68:d2:
         c7:52:06:34:eb:33:2d:b6:5c:0c:75:01:ab:71:fe:9d:cb:af:
         aa:83:30:f5:87:7d:64:d7:0d:15:da:ee:85:a9:d5:d1:d9:66:
         c6:0e:e3:00:18:a6:da:66:7d:40:ac:65:cc:67:4a:be:06:da:
         c6:b8:76:73:97:71:13:5d:e7:19:ed:ff:5b:b2:48:10:06:ae:
         51:eb:ba:65:81:ac:ec:0b:a9:c8:6e:b6:c4:cc:a3:9d:24:22:
         75:4a:9f:28:cd:63:a6:b1:df:96:91:43:d2:65:bc:e6:69:a5:
         7b:62:29:0b:d6:02:85:de:61:f0:c5:41:0e:23:08:f8:1a:93:
         75:5e:81:13:1f:e2:c9:1f:1a:d0:82:e5:14:e2:31:f9:0d:e6:
         cd:8a:a7:a0:98:af:e7:66:5e:e3:b6:fd:9e:44:c2:dd:ba:8a:
         3d:59:1d:06:43:0b:1f:a1:75:e3:25:77:9e:4a:ab:59:8b:26:
         e4:47:9c:ce
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIgDpFAHo6LIdPThqsHB5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDhlMGRjZTJlMDJmYzNkZDNmZjZmYTdjNDAxYmIwZTEyNTMxZWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0pH+eiALkzSjkS/sBidEIg+7dyap
jgTvop4XzdEjUBs2u3/l9AV9dEc594OV6S8C2ZVGotdtAQ8xwQtcNRnZWu8TkZAw
mPFicVOcucRztoRz/uw3r6N58OO8PI8YxBlosnPPnE6OBx1smuK16qhhoCjaDHiV
cXJkNx0/mlL71LxjaEx31veCzUzNvCBQEgWO+eXG0gHqn7s0N/sz4uKRPQG/1M+d
/RAWbjK0GlOhGSt9a5ER6Kf2wF4nhA80qFVXlf+RliH63zmyMP3IfwvP1q1IFiAm
NgFaub36/225WhQheNbSXznJK+eVPad9Lw509e7+OvUEso9wC7W8cW+sUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFESODc4uAvw90/9vp8QBuw4SUx6pMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUkk0TnppNENfRDNUXzItbnhBRzdEaEpUSHFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xByCQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCZGjx/Mux2evwg2qPWMZnysOMRrclapVvfPN0H
vaZlC1LGsXjBW5wcc+lsSq2IoXnT1iiRZbLWWicXq2hNzUmUQdte2YH3aNLHUgY0
6zMttlwMdQGrcf6dy6+qgzD1h31k1w0V2u6FqdXR2WbGDuMAGKbaZn1ArGXMZ0q+
BtrGuHZzl3ETXecZ7f9bskgQBq5R67plgazsC6nIbrbEzKOdJCJ1Sp8ozWOmsd+W
kUPSZbzmaaV7YikL1gKF3mHwxUEOIwj4GpN1XoETH+LJHxrQguUU4jH5DebNiqeg
mK/nZl7jtv2eRMLduoo9WR0GQwsfoXXjJXeeSqtZiybkR5zO
-----END CERTIFICATE-----