Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/TGXPk2RTOqmXw8njQfdpWJ8vmT8.roa
File:                     TGXPk2RTOqmXw8njQfdpWJ8vmT8.roa (raw, json)
Hash identifier:          HqtgB8GeESdPM3zHh516oDaE7XZ7+3CBd0s9GAq9TfA=
Subject key identifier:   4C:65:CF:93:64:53:3A:A9:97:C3:C9:E3:41:F7:69:58:9F:2F:99:3F
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252276714A0B3C0E38DE6646FBBDF1E2
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/TGXPk2RTOqmXw8njQfdpWJ8vmT8.roa
Signing time:             Thu 02 Jan 2025 03:50:03 +0000
ROA not before:           Thu 02 Jan 2025 03:50:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213929
IP address blocks:        2a0e:97c0:330::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:76:71:4a:0b:3c:0e:38:de:66:46:fb:bd:f1:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c65cf9364533aa997c3c9e341f769589f2f993f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e4:9c:b2:e2:5b:30:e8:3a:91:e0:d0:fd:85:
                    54:e2:87:32:b0:a1:8c:9d:b6:5c:a0:cf:6a:3a:d6:
                    06:b5:05:5b:11:ff:67:b1:7d:68:f8:04:02:5c:1d:
                    95:5d:2a:9e:5c:b5:ca:0f:85:94:5c:b1:e7:7a:08:
                    b9:47:eb:87:82:0f:82:ca:00:4e:96:fb:86:21:4a:
                    51:b8:2e:a8:f4:59:81:31:c9:81:3d:f0:1f:8a:15:
                    29:ca:5a:47:45:c8:74:4f:91:2c:3f:cf:6f:24:58:
                    c1:84:18:88:15:b0:b5:69:14:bc:31:2d:89:fa:a4:
                    16:ef:73:37:39:58:48:6c:6b:cc:b9:e3:5c:9c:5d:
                    87:1d:e0:42:62:67:2e:31:6c:97:02:f2:06:f3:89:
                    6a:4d:a9:0f:a7:2d:20:ee:d5:8a:2c:45:7d:9f:5c:
                    1c:14:f5:8f:41:7a:c5:47:04:fb:15:97:60:c9:a4:
                    65:67:e1:c1:dc:9e:fb:c1:d8:fb:51:a5:4a:a5:8b:
                    07:45:b8:39:0e:20:97:76:4e:67:f7:38:71:f9:d2:
                    a8:1f:b4:10:cb:36:4b:03:27:f3:95:13:04:5d:0c:
                    5b:9f:e9:ef:f0:41:20:54:b3:85:64:0f:fd:b8:18:
                    9d:ab:4d:0a:7e:fe:41:ac:e4:fe:ce:b9:20:da:a3:
                    64:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:65:CF:93:64:53:3A:A9:97:C3:C9:E3:41:F7:69:58:9F:2F:99:3F
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/TGXPk2RTOqmXw8njQfdpWJ8vmT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:330::/44

    Signature Algorithm: sha256WithRSAEncryption
         7b:60:96:fb:14:b8:2e:c2:a2:21:6e:3b:03:63:c3:85:19:2c:
         89:66:9f:fa:15:4f:e8:ec:f0:55:da:11:95:92:e7:58:18:75:
         ae:cb:a7:a0:4c:33:d4:76:69:3d:df:bf:ba:96:da:6b:e4:6a:
         c9:32:09:9f:88:c5:f2:4b:1b:72:cd:5a:9f:21:53:32:0d:75:
         88:ea:38:f2:e1:84:a1:de:e7:bc:d3:51:ee:86:5c:eb:0b:63:
         ae:67:45:f9:2b:ca:6a:95:24:f9:77:11:6d:de:da:b5:eb:99:
         08:f7:4b:e9:ed:a5:1a:a1:4f:65:ba:11:30:f0:1b:e1:ee:69:
         a0:0a:88:f9:e5:91:f0:54:99:e9:52:77:b8:1f:98:10:64:27:
         e1:d2:23:f8:f7:f4:79:c8:8a:d0:f9:35:13:40:7b:90:5d:a3:
         4e:7c:dd:a3:95:a0:12:a9:31:20:ce:6e:0c:6d:df:de:d7:3b:
         b7:50:e5:66:99:62:9b:62:73:6b:ea:65:0d:80:5a:9e:b4:a4:
         db:ce:b6:9d:1d:00:ee:a0:2a:e1:3c:e7:2c:6e:25:a5:5e:3b:
         fc:33:68:76:ab:d0:64:97:88:29:49:ee:d3:c8:38:fb:a2:a3:
         ab:44:63:43:bc:5b:f5:5d:6c:6a:e9:cc:3f:ea:c9:60:f8:8b:
         80:85:9a:f0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlInZxSgs8DjjeZkb7vfHiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzY1Y2Y5MzY0NTMzYWE5OTdjM2M5ZTM0MWY3Njk1ODlmMmY5OTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuScsuJbMOg6keDQ/YVU4ocysKGM
nbZcoM9qOtYGtQVbEf9nsX1o+AQCXB2VXSqeXLXKD4WUXLHnegi5R+uHgg+CygBO
lvuGIUpRuC6o9FmBMcmBPfAfihUpylpHRch0T5EsP89vJFjBhBiIFbC1aRS8MS2J
+qQW73M3OVhIbGvMueNcnF2HHeBCYmcuMWyXAvIG84lqTakPpy0g7tWKLEV9n1wc
FPWPQXrFRwT7FZdgyaRlZ+HB3J77wdj7UaVKpYsHRbg5DiCXdk5n9zhx+dKoH7QQ
yzZLAyfzlRMEXQxbn+nv8EEgVLOFZA/9uBidq00Kfv5BrOT+zrkg2qNkOQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFExlz5NkUzqpl8PJ40H3aVifL5k/MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVEdYUGsyUlRPcW1YdzhualFmZHBXSjh2bVQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAMw
MA0GCSqGSIb3DQEBCwUAA4IBAQB7YJb7FLguwqIhbjsDY8OFGSyJZp/6FU/o7PBV
2hGVkudYGHWuy6egTDPUdmk937+6ltpr5GrJMgmfiMXySxtyzVqfIVMyDXWI6jjy
4YSh3ue801HuhlzrC2OuZ0X5K8pqlST5dxFt3tq165kI90vp7aUaoU9luhEw8Bvh
7mmgCoj55ZHwVJnpUne4H5gQZCfh0iP49/R5yIrQ+TUTQHuQXaNOfN2jlaASqTEg
zm4Mbd/e1zu3UOVmmWKbYnNr6mUNgFqetKTbzradHQDuoCrhPOcsbiWlXjv8M2h2
q9Bkl4gpSe7TyDj7oqOrRGNDvFv1XWxq6cw/6slg+IuAhZrw
-----END CERTIFICATE-----