Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/SYaroYNxMz3LVvD3jJvOCHk21dg.roa
File:                     SYaroYNxMz3LVvD3jJvOCHk21dg.roa (raw, json)
Hash identifier:          0+Yz6ZvjJ0V1nRtZ7MaXz0aRwUFgsvRJCwz93GU1d60=
Subject key identifier:   49:86:AB:A1:83:71:33:3D:CB:56:F0:F7:8C:9B:CE:08:79:36:D5:D8
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425222E824F485742C7B7485FE91FB0A8
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/SYaroYNxMz3LVvD3jJvOCHk21dg.roa
Signing time:             Thu 02 Jan 2025 03:49:44 +0000
ROA not before:           Thu 02 Jan 2025 03:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208529
IP address blocks:        2a0e:b107:2b0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:2e:82:4f:48:57:42:c7:b7:48:5f:e9:1f:b0:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4986aba18371333dcb56f0f78c9bce087936d5d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ce:d0:45:9d:54:a2:bc:b2:b8:f0:20:ca:48:
                    d3:38:6a:12:34:9d:9a:f0:ad:20:c7:8f:13:cb:ec:
                    69:b1:d4:cd:12:93:86:3d:41:57:ed:24:16:9c:97:
                    9b:cd:c5:26:a5:d9:7d:80:c4:af:94:3d:1b:7b:f1:
                    1b:c1:6c:15:88:0c:0d:5f:ae:3b:c1:da:6a:98:9b:
                    4c:fd:be:eb:df:de:08:e7:74:90:9d:13:b7:f6:c9:
                    b2:14:e4:ad:33:13:55:22:33:f8:39:5d:7a:91:07:
                    6d:b2:5a:a8:ec:0d:11:32:a8:46:a7:ba:4a:a4:78:
                    9b:18:cd:62:6e:68:10:f4:5c:4a:eb:29:6c:da:60:
                    13:ad:42:c4:ff:ba:6b:4b:ce:4b:f2:8b:c2:32:4c:
                    19:b7:da:fa:29:c0:dc:b3:5b:1c:98:ad:31:40:ca:
                    d7:45:09:5c:eb:06:91:bf:b0:73:19:fe:4b:6e:17:
                    92:af:6c:82:92:45:21:29:94:1a:c6:ea:b9:c1:3a:
                    60:20:e0:c9:21:d0:17:e6:22:72:1e:b2:5f:dd:3d:
                    ea:2c:74:24:ab:77:77:4d:4f:1b:ec:c3:92:cf:53:
                    53:43:2b:a2:f6:66:5f:0e:33:03:98:ec:c8:8f:20:
                    5e:d6:43:de:eb:b4:64:65:04:a9:56:27:56:dd:fd:
                    4b:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:86:AB:A1:83:71:33:3D:CB:56:F0:F7:8C:9B:CE:08:79:36:D5:D8
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/SYaroYNxMz3LVvD3jJvOCHk21dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:2b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         c1:2f:ee:69:37:3c:91:4a:29:3b:f3:d7:1e:8a:cc:20:55:66:
         fc:ed:a3:a8:cc:ee:42:d6:83:fa:9b:dd:ce:42:b0:21:91:9c:
         b8:3e:f8:26:e7:fa:68:63:27:e0:34:63:b9:91:99:34:6a:38:
         21:82:39:f2:03:eb:6d:b8:68:f9:b6:51:9c:81:c9:12:25:08:
         e6:b3:c0:3d:22:c9:ab:d5:20:24:29:66:90:ca:8b:56:09:ba:
         75:60:a1:65:18:60:15:02:1a:64:80:ea:b6:6e:e4:20:21:7e:
         d9:a2:9e:02:6b:e0:0d:d2:e1:33:e1:5e:b6:a5:2d:39:bb:ba:
         9b:d8:12:c1:18:f0:b8:e5:42:20:ec:2c:c7:4d:29:b8:c9:3a:
         44:5e:30:14:be:83:37:59:e5:af:61:13:05:fe:cf:dd:bc:a0:
         07:fb:02:29:a3:d3:a9:66:a3:96:13:73:d1:af:c9:17:00:e3:
         8a:fb:d0:92:a4:f7:3e:af:a8:bf:2a:b8:cc:0c:38:20:d9:7a:
         c4:8b:1b:04:ad:bb:03:f9:bb:1a:d1:c6:20:b2:b9:da:96:ea:
         d6:ba:20:0e:72:3e:00:df:2c:19:74:cd:e5:7a:42:5d:1c:9f:
         6d:b9:db:76:44:4f:3c:31:47:9d:bd:b4:18:ac:f3:5a:b8:97:
         43:50:5e:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIi6CT0hXQse3SF/pH7CoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTg2YWJhMTgzNzEzMzNkY2I1NmYwZjc4YzliY2UwODc5MzZkNWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs87QRZ1UoryyuPAgykjTOGoSNJ2a
8K0gx48Ty+xpsdTNEpOGPUFX7SQWnJebzcUmpdl9gMSvlD0be/EbwWwViAwNX647
wdpqmJtM/b7r394I53SQnRO39smyFOStMxNVIjP4OV16kQdtslqo7A0RMqhGp7pK
pHibGM1ibmgQ9FxK6yls2mATrULE/7prS85L8ovCMkwZt9r6KcDcs1scmK0xQMrX
RQlc6waRv7BzGf5LbheSr2yCkkUhKZQaxuq5wTpgIODJIdAX5iJyHrJf3T3qLHQk
q3d3TU8b7MOSz1NTQyui9mZfDjMDmOzIjyBe1kPe67RkZQSpVidW3f1L7QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEmGq6GDcTM9y1bw94ybzgh5NtXYMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvU1lhcm9ZTnhNejNMVnZEM2pKdk9DSGsyMWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBwKw
MA0GCSqGSIb3DQEBCwUAA4IBAQDBL+5pNzyRSik789ceiswgVWb87aOozO5C1oP6
m93OQrAhkZy4Pvgm5/poYyfgNGO5kZk0ajghgjnyA+ttuGj5tlGcgckSJQjms8A9
Ismr1SAkKWaQyotWCbp1YKFlGGAVAhpkgOq2buQgIX7Zop4Ca+AN0uEz4V62pS05
u7qb2BLBGPC45UIg7CzHTSm4yTpEXjAUvoM3WeWvYRMF/s/dvKAH+wIpo9OpZqOW
E3PRr8kXAOOK+9CSpPc+r6i/KrjMDDgg2XrEixsErbsD+bsa0cYgsrnalurWuiAO
cj4A3ywZdM3lekJdHJ9tudt2RE88MUedvbQYrPNauJdDUF7C
-----END CERTIFICATE-----