Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Uhnip3FN0E1fXxAK7XOHyz5rqWk.roa
File:                     Uhnip3FN0E1fXxAK7XOHyz5rqWk.roa (raw, json)
Hash identifier:          bp6OKO99y7NtW/U7i2TmiUj1jwHHlEaNy7VkFUUM07w=
Subject key identifier:   52:19:E2:A7:71:4D:D0:4D:5F:5F:10:0A:ED:73:87:CB:3E:6B:A9:69
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01943189C2DBE6107E1FD6ABC505EF7B63BE
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Uhnip3FN0E1fXxAK7XOHyz5rqWk.roa
Signing time:             Sat 04 Jan 2025 13:38:19 +0000
ROA not before:           Sat 04 Jan 2025 13:38:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215051
IP address blocks:        2a0e:97c0:c49::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:31:89:c2:db:e6:10:7e:1f:d6:ab:c5:05:ef:7b:63:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  4 13:38:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5219e2a7714dd04d5f5f100aed7387cb3e6ba969
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:6a:86:a9:0f:e0:87:5f:27:d2:38:83:be:51:
                    a6:50:8e:c9:62:85:5f:bb:24:56:97:ac:1c:b6:88:
                    c5:a6:c3:e8:6a:17:10:8c:b2:80:68:38:cc:f3:6e:
                    c4:00:f1:37:6c:a2:57:ec:0c:c5:c5:e6:04:c8:af:
                    d0:de:bd:40:5a:33:06:b6:0d:a7:68:5b:96:6e:59:
                    6c:dc:bf:e1:1b:b0:bc:1a:72:61:29:63:8e:6e:1a:
                    35:72:e3:46:05:1d:07:82:87:28:f3:c3:a6:8d:60:
                    b0:38:7b:06:b4:c8:63:53:cb:e4:46:93:d7:aa:dd:
                    c8:96:43:80:f8:16:35:9d:96:45:a4:0b:46:58:0f:
                    46:d6:30:64:b6:52:33:4c:0c:4a:bb:ea:53:ef:0c:
                    db:c9:bc:e5:67:55:4b:b2:03:f9:86:98:23:9a:1a:
                    4c:f6:6a:e0:7c:0a:ff:c8:48:0b:df:d6:52:ec:c7:
                    6f:56:70:d3:49:13:3b:a1:28:dd:6c:10:00:c7:2d:
                    05:66:d4:09:08:dc:f5:0e:8a:38:f9:c2:ad:54:ae:
                    f7:30:90:cf:eb:66:db:5e:90:70:77:63:86:82:a9:
                    a5:2d:69:b9:6e:8c:12:13:27:f5:bd:3f:b7:cf:0d:
                    f1:db:65:a5:e1:cb:e9:fa:b7:9e:41:f1:fc:14:55:
                    34:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:19:E2:A7:71:4D:D0:4D:5F:5F:10:0A:ED:73:87:CB:3E:6B:A9:69
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Uhnip3FN0E1fXxAK7XOHyz5rqWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:c49::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:6f:20:ed:b9:3f:fc:21:6c:81:37:ec:1e:1e:e6:86:0d:c6:
         ba:e6:a3:0f:de:bb:ed:b6:3d:21:bb:47:fe:5d:f9:9f:70:13:
         9d:14:9b:04:f4:32:c2:87:27:9c:85:b7:8f:d3:1d:35:3e:74:
         41:f5:9c:40:00:36:18:00:ae:ea:2e:34:4d:b2:f2:e8:d0:ac:
         62:68:f8:c0:18:4c:b4:f5:66:94:0a:e5:88:cf:99:45:9a:da:
         2f:ca:2a:da:b9:fb:a8:7c:36:c4:ca:b5:cf:78:0e:bf:c0:a0:
         14:c8:37:42:ca:98:f5:66:ad:82:a0:83:16:08:66:82:1e:de:
         11:bf:f2:2c:4d:b9:91:db:9d:b5:54:ad:1f:d7:67:89:e9:2c:
         d6:5a:20:df:b6:4e:2b:30:52:b1:41:b7:b5:ce:82:d4:f5:70:
         af:91:93:80:59:a3:9f:71:9b:aa:56:b8:8e:94:28:1b:f6:bf:
         6c:5d:b4:c5:08:43:f4:f7:c7:e1:d5:4a:5a:0c:66:f6:88:d1:
         ba:e0:5c:f5:63:2d:c2:3f:62:2c:69:7d:db:5d:b4:8c:41:b5:
         d5:55:1d:0c:f3:a0:bf:ca:45:26:93:de:cd:cc:06:9a:34:e2:
         8e:1a:4a:59:b5:99:30:ab:5f:8f:85:bf:bd:1a:02:18:4c:97:
         c2:e9:c5:53
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQxicLb5hB+H9arxQXve2O+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTA0MTMzODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjE5ZTJhNzcxNGRkMDRkNWY1ZjEwMGFlZDczODdjYjNlNmJhOTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2qGqQ/gh18n0jiDvlGmUI7JYoVf
uyRWl6wctojFpsPoahcQjLKAaDjM827EAPE3bKJX7AzFxeYEyK/Q3r1AWjMGtg2n
aFuWblls3L/hG7C8GnJhKWOObho1cuNGBR0Hgoco88OmjWCwOHsGtMhjU8vkRpPX
qt3IlkOA+BY1nZZFpAtGWA9G1jBktlIzTAxKu+pT7wzbybzlZ1VLsgP5hpgjmhpM
9mrgfAr/yEgL39ZS7MdvVnDTSRM7oSjdbBAAxy0FZtQJCNz1Doo4+cKtVK73MJDP
62bbXpBwd2OGgqmlLWm5bowSEyf1vT+3zw3x22Wl4cvp+reeQfH8FFU09QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFIZ4qdxTdBNX18QCu1zh8s+a6lpMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVWhuaXAzRk4wRTFmWHhBSzdYT0h5ejVycVdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6XwAxJ
MA0GCSqGSIb3DQEBCwUAA4IBAQB0byDtuT/8IWyBN+weHuaGDca65qMP3rvttj0h
u0f+XfmfcBOdFJsE9DLChyechbeP0x01PnRB9ZxAADYYAK7qLjRNsvLo0KxiaPjA
GEy09WaUCuWIz5lFmtovyiraufuofDbEyrXPeA6/wKAUyDdCypj1Zq2CoIMWCGaC
Ht4Rv/IsTbmR2521VK0f12eJ6SzWWiDftk4rMFKxQbe1zoLU9XCvkZOAWaOfcZuq
VriOlCgb9r9sXbTFCEP098fh1UpaDGb2iNG64Fz1Yy3CP2IsaX3bXbSMQbXVVR0M
86C/ykUmk97NzAaaNOKOGkpZtZkwq1+Phb+9GgIYTJfC6cVT
-----END CERTIFICATE-----