Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/T__P0RNH9ydPTDQUTqXxGfdLYe8.roa
File:                     T__P0RNH9ydPTDQUTqXxGfdLYe8.roa (raw, json)
Hash identifier:          HYtt7L3MQ8KSHlu6spja45joZAfj7VFHR6IqAv9Jwu4=
Subject key identifier:   4F:FF:CF:D1:13:47:F7:27:4F:4C:34:14:4E:A5:F1:19:F7:4B:61:EF
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522403D836BA99093A3C80B4660EC0C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/T__P0RNH9ydPTDQUTqXxGfdLYe8.roa
Signing time:             Thu 02 Jan 2025 03:49:49 +0000
ROA not before:           Thu 02 Jan 2025 03:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210562
IP address blocks:        2a0e:97c0:620::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:40:3d:83:6b:a9:90:93:a3:c8:0b:46:60:ec:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4fffcfd11347f7274f4c34144ea5f119f74b61ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a9:5e:c3:bf:03:b6:d5:17:81:b0:c0:64:da:
                    bc:33:53:5b:c6:2f:04:1d:50:46:d1:97:e1:57:a0:
                    98:82:5e:fe:3a:79:47:a5:43:3b:96:6e:1d:dc:7c:
                    d9:bc:fe:9e:a3:cb:d4:23:67:4f:ec:c8:bf:d9:c4:
                    26:c0:cd:4b:96:b5:21:97:6c:7f:8f:63:5a:38:66:
                    d4:fd:58:6c:09:b2:ca:a0:1e:a0:67:29:3d:02:bc:
                    ce:99:32:5a:b3:15:ef:2b:71:ac:87:b5:92:d7:bf:
                    c5:d1:c4:10:89:7d:f0:42:ef:09:b2:ae:2d:83:53:
                    07:5f:42:27:77:7f:4e:a7:16:67:07:8d:51:dc:9e:
                    6b:19:ce:8b:ab:10:7a:95:5d:6b:d0:33:fa:bc:60:
                    93:2f:f0:3a:3d:9c:db:77:19:32:ec:95:a5:f1:98:
                    1f:df:21:3d:17:0e:0c:6b:98:4b:10:57:23:19:ec:
                    9d:ca:99:85:bc:07:f2:51:d1:0c:05:19:e7:49:83:
                    bb:4d:2a:a3:cf:af:7a:55:d6:79:9d:69:a0:21:5d:
                    31:99:de:dc:9f:b6:14:c1:27:9d:a2:3a:f8:e7:cf:
                    ce:91:cb:f0:7a:4d:54:18:2b:57:13:aa:07:44:42:
                    a0:99:62:9f:79:04:80:0a:a1:fd:fc:69:4f:96:d2:
                    21:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:FF:CF:D1:13:47:F7:27:4F:4C:34:14:4E:A5:F1:19:F7:4B:61:EF
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/T__P0RNH9ydPTDQUTqXxGfdLYe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:620::/44

    Signature Algorithm: sha256WithRSAEncryption
         9e:37:66:29:9e:d4:4a:ae:8d:4e:41:ba:f4:14:33:24:94:1a:
         95:db:f8:15:eb:f6:f8:06:6f:eb:64:72:48:23:bc:9c:b6:d2:
         6f:94:67:3c:66:07:07:b1:54:97:68:bb:84:a4:b4:79:7b:89:
         7b:cf:9f:35:72:17:a6:e8:46:ab:dd:54:5d:6a:51:40:61:03:
         63:c1:af:4c:c1:cb:85:9f:ec:b4:9c:3c:55:32:be:4a:ca:3a:
         f0:10:0c:22:c3:9a:45:8e:3b:79:0d:1c:50:67:57:98:c9:08:
         44:2b:1f:fc:4e:6c:fe:1f:9d:9b:0b:00:60:2b:42:15:67:05:
         93:ec:63:6f:46:01:38:2c:56:3d:b6:3c:e7:96:ab:6b:f0:ee:
         42:3a:66:53:c0:d4:9e:0e:30:5f:51:6e:48:65:f5:ae:d6:0d:
         17:92:6c:9d:4b:44:5f:ce:8b:66:f1:93:79:eb:f3:c3:64:18:
         18:cc:6b:4b:30:00:4b:0d:85:6a:41:b9:61:2b:8c:08:80:53:
         e1:be:be:0d:1b:77:d5:f3:bf:44:a7:df:79:82:e7:4b:da:54:
         e2:e6:49:6e:d8:01:c8:b5:e8:cd:94:50:e8:63:c5:c5:23:c5:
         1b:1d:4b:e3:6e:0c:1c:2e:03:ab:08:04:7e:a7:14:2e:cb:47:
         f1:32:c9:4f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIkA9g2upkJOjyAtGYOwMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmZmY2ZkMTEzNDdmNzI3NGY0YzM0MTQ0ZWE1ZjExOWY3NGI2MWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKlew78DttUXgbDAZNq8M1Nbxi8E
HVBG0ZfhV6CYgl7+OnlHpUM7lm4d3HzZvP6eo8vUI2dP7Mi/2cQmwM1LlrUhl2x/
j2NaOGbU/VhsCbLKoB6gZyk9ArzOmTJasxXvK3Gsh7WS17/F0cQQiX3wQu8Jsq4t
g1MHX0Ind39OpxZnB41R3J5rGc6LqxB6lV1r0DP6vGCTL/A6PZzbdxky7JWl8Zgf
3yE9Fw4Ma5hLEFcjGeydypmFvAfyUdEMBRnnSYO7TSqjz696VdZ5nWmgIV0xmd7c
n7YUwSedojr458/Okcvwek1UGCtXE6oHREKgmWKfeQSACqH9/GlPltIhxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE//z9ETR/cnT0w0FE6l8Rn3S2HvMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVF9fUDBSTkg5eWRQVERRVVRxWHhHZmRMWWU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAYg
MA0GCSqGSIb3DQEBCwUAA4IBAQCeN2YpntRKro1OQbr0FDMklBqV2/gV6/b4Bm/r
ZHJII7ycttJvlGc8ZgcHsVSXaLuEpLR5e4l7z581chem6Ear3VRdalFAYQNjwa9M
wcuFn+y0nDxVMr5KyjrwEAwiw5pFjjt5DRxQZ1eYyQhEKx/8Tmz+H52bCwBgK0IV
ZwWT7GNvRgE4LFY9tjznlqtr8O5COmZTwNSeDjBfUW5IZfWu1g0XkmydS0Rfzotm
8ZN56/PDZBgYzGtLMABLDYVqQblhK4wIgFPhvr4NG3fV879Ep995gudL2lTi5klu
2AHItejNlFDoY8XFI8UbHUvjbgwcLgOrCAR+pxQuy0fxMslP
-----END CERTIFICATE-----