Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RKYBqMsTjfIVlhwdci8-rtC2j2I.roa
File:                     RKYBqMsTjfIVlhwdci8-rtC2j2I.roa (raw, json)
Hash identifier:          if0/ZSuaiJS/Z9c56xRzUcZsOkN6aMWzdXU+GeBsbg4=
Subject key identifier:   44:A6:01:A8:CB:13:8D:F2:15:96:1C:1D:72:2F:3E:AE:D0:B6:8F:62
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522847C0A946D24450FA8BB5D572A7A
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RKYBqMsTjfIVlhwdci8-rtC2j2I.roa
Signing time:             Thu 02 Jan 2025 03:50:06 +0000
ROA not before:           Thu 02 Jan 2025 03:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215191
IP address blocks:        2a0e:b107:28b8::/45 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:84:7c:0a:94:6d:24:45:0f:a8:bb:5d:57:2a:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44a601a8cb138df215961c1d722f3eaed0b68f62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:2b:c3:aa:b4:d1:06:87:a5:ad:3b:46:b3:9c:
                    44:fa:93:7f:7a:ac:a9:8f:f7:3b:b1:1e:e5:68:77:
                    5e:62:90:a5:f7:48:09:8e:bf:0b:a6:b9:c3:25:8d:
                    54:49:76:62:33:65:3b:ba:b0:a9:a2:0c:8f:e6:8d:
                    56:3e:51:bc:2c:c7:1c:66:66:59:31:e0:d7:3c:8f:
                    30:65:57:33:c7:cf:6d:4b:3a:4c:3f:eb:f5:e7:11:
                    3c:c4:80:e7:14:b4:70:9c:a9:72:49:bd:27:81:3f:
                    c8:ab:66:b8:90:4f:c0:72:24:80:8a:77:c5:d9:a4:
                    d1:2c:bf:8c:86:b3:00:b2:f0:aa:50:89:1e:c1:a9:
                    47:f3:37:c3:df:7e:97:55:af:a5:84:1e:36:2c:b4:
                    63:59:cc:f4:c7:13:3a:46:fe:fa:98:e7:0a:4e:20:
                    5e:cc:ca:8e:2b:7a:b6:1a:c0:58:4c:f9:5a:28:ad:
                    14:7d:31:bb:04:40:40:95:b3:2e:3f:4e:77:b5:02:
                    e4:70:19:a9:6a:b1:4b:27:57:ae:95:9b:f3:37:a9:
                    59:1e:c6:07:d8:b5:1b:60:38:8d:b3:a2:c4:39:0c:
                    e0:c0:9d:6f:12:ee:b4:41:58:e4:9a:e8:cd:6a:34:
                    20:09:b4:f6:85:f8:ce:34:20:91:67:94:59:50:cf:
                    0f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:A6:01:A8:CB:13:8D:F2:15:96:1C:1D:72:2F:3E:AE:D0:B6:8F:62
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RKYBqMsTjfIVlhwdci8-rtC2j2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:28b8::/45

    Signature Algorithm: sha256WithRSAEncryption
         1b:dd:b2:31:f1:02:8e:8e:31:e7:8b:71:45:ed:c4:1f:24:02:
         3f:f0:56:70:a5:ac:79:9c:d7:0f:e6:61:f2:0d:cd:56:c0:79:
         aa:40:84:a8:07:70:1e:06:43:7f:a6:8d:cf:fe:3d:21:6b:cc:
         69:ab:fd:17:f8:75:9b:6f:b3:24:9c:0f:ec:ff:93:ba:37:28:
         81:3a:a5:ef:e0:24:ab:88:99:cb:6e:3a:9f:52:9d:08:d1:f8:
         f2:07:44:44:10:bf:76:c1:6b:8c:7c:6b:f7:5c:51:8c:77:a2:
         8f:7b:00:11:c6:ba:b4:3d:b1:2c:c5:4c:00:91:5a:c7:09:d3:
         ca:54:10:db:83:f3:96:96:c6:0a:78:29:c6:64:cd:c4:87:78:
         88:8b:ea:c4:db:b6:02:72:8a:19:54:c6:d0:d6:b6:8e:44:be:
         ce:1f:47:99:bb:2e:13:4f:06:38:aa:e8:db:d9:f4:8e:7c:70:
         14:99:7a:08:4d:a2:cb:16:71:76:3c:d0:b6:2c:9b:e7:be:12:
         4d:84:b7:23:85:b0:b6:dc:f7:ba:78:07:f1:bb:97:7c:a1:3c:
         f2:dc:43:88:6d:f1:1a:6f:89:3c:f3:8f:86:00:57:d2:22:85:
         7f:73:c9:85:48:88:3f:70:bb:80:0b:f9:f6:98:fa:bf:51:0f:
         ad:56:c4:5b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIoR8CpRtJEUPqLtdVyp6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGE2MDFhOGNiMTM4ZGYyMTU5NjFjMWQ3MjJmM2VhZWQwYjY4ZjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqivDqrTRBoelrTtGs5xE+pN/eqyp
j/c7sR7laHdeYpCl90gJjr8LprnDJY1USXZiM2U7urCpogyP5o1WPlG8LMccZmZZ
MeDXPI8wZVczx89tSzpMP+v15xE8xIDnFLRwnKlySb0ngT/Iq2a4kE/AciSAinfF
2aTRLL+MhrMAsvCqUIkewalH8zfD336XVa+lhB42LLRjWcz0xxM6Rv76mOcKTiBe
zMqOK3q2GsBYTPlaKK0UfTG7BEBAlbMuP053tQLkcBmparFLJ1eulZvzN6lZHsYH
2LUbYDiNs6LEOQzgwJ1vEu60QVjkmujNajQgCbT2hfjONCCRZ5RZUM8PeQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFESmAajLE43yFZYcHXIvPq7Qto9iMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUktZQnFNc1RqZklWbGh3ZGNpOC1ydEMyajJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcDKg6xByi4
MA0GCSqGSIb3DQEBCwUAA4IBAQAb3bIx8QKOjjHni3FF7cQfJAI/8FZwpax5nNcP
5mHyDc1WwHmqQISoB3AeBkN/po3P/j0ha8xpq/0X+HWbb7MknA/s/5O6NyiBOqXv
4CSriJnLbjqfUp0I0fjyB0REEL92wWuMfGv3XFGMd6KPewARxrq0PbEsxUwAkVrH
CdPKVBDbg/OWlsYKeCnGZM3Eh3iIi+rE27YCcooZVMbQ1raORL7OH0eZuy4TTwY4
qujb2fSOfHAUmXoITaLLFnF2PNC2LJvnvhJNhLcjhbC23Pe6eAfxu5d8oTzy3EOI
bfEab4k884+GAFfSIoV/c8mFSIg/cLuAC/n2mPq/UQ+tVsRb
-----END CERTIFICATE-----