Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/UZWZJLPe8Zyv629swm5e3sWCOmc.roa
File:                     UZWZJLPe8Zyv629swm5e3sWCOmc.roa (raw, json)
Hash identifier:          3nFO1zmEbhqevOKzUYq4CayDlSCFNztuJS32uKMQ6nE=
Subject key identifier:   51:95:99:24:B3:DE:F1:9C:AF:EB:6F:6C:C2:6E:5E:DE:C5:82:3A:67
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252257DFEE737B9F1E944A4D583F2819
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/UZWZJLPe8Zyv629swm5e3sWCOmc.roa
Signing time:             Thu 02 Jan 2025 03:49:55 +0000
ROA not before:           Thu 02 Jan 2025 03:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211940
IP address blocks:        2a0e:b107:9fa::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:57:df:ee:73:7b:9f:1e:94:4a:4d:58:3f:28:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51959924b3def19cafeb6f6cc26e5edec5823a67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:68:8c:f2:ab:22:b8:98:d9:cf:08:7d:d6:6c:
                    ef:c2:b7:c4:d6:a5:2a:63:95:e7:0f:03:d1:3c:76:
                    c6:95:c3:f3:79:c0:e7:28:73:40:46:b7:41:d3:f4:
                    b4:4d:de:5b:30:49:9d:50:cf:a3:14:f6:da:1f:a3:
                    c5:9c:83:1a:f3:dc:7f:2c:64:a2:a2:7d:52:50:b0:
                    4d:e2:fb:4b:7a:15:03:0d:a2:ac:f0:38:00:73:b2:
                    7c:29:b3:47:34:21:51:e5:63:18:e2:4d:52:a3:a7:
                    6a:f0:ae:25:86:b9:a5:93:4d:11:70:85:01:70:b1:
                    ed:1f:42:34:ce:72:49:60:92:23:71:1b:ca:df:9d:
                    39:c3:a2:cc:aa:c8:65:d8:80:a6:7d:ef:d4:c3:18:
                    f0:c1:14:c9:6b:47:83:a2:32:18:0e:82:8a:55:2c:
                    ca:cd:43:e2:90:53:31:ad:54:43:f3:ce:6a:fe:7d:
                    ed:71:c3:4e:bf:a9:8b:da:2c:ae:59:69:e6:22:0d:
                    d6:cc:cb:16:99:8c:66:92:ea:33:7e:0c:c1:6e:53:
                    a9:f9:95:f4:9d:06:f6:e2:ae:4a:b8:65:f0:67:25:
                    39:75:8b:92:d5:ee:8e:29:1a:5d:f6:0d:1f:cd:c5:
                    5c:c9:13:a5:c8:24:09:5b:b1:c8:d9:f0:d2:8f:aa:
                    c4:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:95:99:24:B3:DE:F1:9C:AF:EB:6F:6C:C2:6E:5E:DE:C5:82:3A:67
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/UZWZJLPe8Zyv629swm5e3sWCOmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:9fa::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:1b:71:4c:97:88:7d:34:b0:2f:15:47:c4:7f:d3:6c:aa:76:
         9f:be:12:9d:b0:21:a2:13:ae:6d:96:bf:a8:f4:95:b7:f8:d1:
         f3:bb:2e:99:40:ca:f5:48:8e:b1:ce:59:e9:6c:59:f2:8e:fe:
         fc:40:2e:4d:6b:aa:6a:12:09:be:65:40:99:56:1a:76:64:48:
         a0:a1:d9:fe:9c:7d:a2:9e:51:7e:7f:a5:08:a6:ef:ff:3f:41:
         2f:17:1f:64:2d:80:62:32:f6:b9:b6:ad:dc:0e:18:0c:09:ab:
         19:c9:6e:f6:12:3e:2f:49:30:5d:e2:a5:1b:25:bd:9c:68:ff:
         ab:53:aa:a2:a8:d0:7f:0c:1a:44:2a:b4:a7:02:58:08:fb:61:
         a1:d5:93:5e:0e:41:6e:4e:d4:3c:0e:06:b0:5f:dc:96:58:be:
         61:51:fe:10:e1:59:17:e8:80:ca:82:ba:11:46:b2:c5:08:c7:
         ec:86:98:e5:e9:5b:99:8f:22:69:4e:39:9b:a8:2a:f5:45:92:
         3e:46:1e:5a:04:6b:48:8b:40:4d:47:97:9d:e1:e5:25:c9:da:
         10:07:9d:f1:13:e2:cf:91:04:56:dc:99:1f:ef:95:bd:5f:67:
         26:ea:7a:d9:0f:47:73:49:d1:77:5f:d7:12:5a:11:43:49:71:
         2c:f7:fd:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIlff7nN7nx6USk1YPygZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTk1OTkyNGIzZGVmMTljYWZlYjZmNmNjMjZlNWVkZWM1ODIzYTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmiM8qsiuJjZzwh91mzvwrfE1qUq
Y5XnDwPRPHbGlcPzecDnKHNARrdB0/S0Td5bMEmdUM+jFPbaH6PFnIMa89x/LGSi
on1SULBN4vtLehUDDaKs8DgAc7J8KbNHNCFR5WMY4k1So6dq8K4lhrmlk00RcIUB
cLHtH0I0znJJYJIjcRvK3505w6LMqshl2ICmfe/UwxjwwRTJa0eDojIYDoKKVSzK
zUPikFMxrVRD885q/n3tccNOv6mL2iyuWWnmIg3WzMsWmYxmkuozfgzBblOp+ZX0
nQb24q5KuGXwZyU5dYuS1e6OKRpd9g0fzcVcyROlyCQJW7HI2fDSj6rE8wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFGVmSSz3vGcr+tvbMJuXt7FgjpnMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVVpXWkpMUGU4Wnl2NjI5c3dtNWUzc1dDT21jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBwn6
MA0GCSqGSIb3DQEBCwUAA4IBAQB2G3FMl4h9NLAvFUfEf9NsqnafvhKdsCGiE65t
lr+o9JW3+NHzuy6ZQMr1SI6xzlnpbFnyjv78QC5Na6pqEgm+ZUCZVhp2ZEigodn+
nH2inlF+f6UIpu//P0EvFx9kLYBiMva5tq3cDhgMCasZyW72Ej4vSTBd4qUbJb2c
aP+rU6qiqNB/DBpEKrSnAlgI+2Gh1ZNeDkFuTtQ8DgawX9yWWL5hUf4Q4VkX6IDK
groRRrLFCMfshpjl6VuZjyJpTjmbqCr1RZI+Rh5aBGtIi0BNR5ed4eUlydoQB53x
E+LPkQRW3Jkf75W9X2cm6nrZD0dzSdF3X9cSWhFDSXEs9/2y
-----END CERTIFICATE-----