Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VH_hOTzBNXFNbCLwm7eEGHYfgaU.roa
File:                     VH_hOTzBNXFNbCLwm7eEGHYfgaU.roa (raw, json)
Hash identifier:          lxe1PWnLVcwdT5awZdfdKTpSr+BNcaVUCfuGZfmeVeE=
Subject key identifier:   54:7F:E1:39:3C:C1:35:71:4D:6C:22:F0:9B:B7:84:18:76:1F:81:A5
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521F95E4D2C8BC3CF4F79E60FBC3641
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VH_hOTzBNXFNbCLwm7eEGHYfgaU.roa
Signing time:             Thu 02 Jan 2025 03:49:30 +0000
ROA not before:           Thu 02 Jan 2025 03:49:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199079
IP address blocks:        2a0e:b107:b18::/45 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:f9:5e:4d:2c:8b:c3:cf:4f:79:e6:0f:bc:36:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=547fe1393cc135714d6c22f09bb78418761f81a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ea:fe:34:22:13:46:a8:be:06:19:2f:51:0b:
                    c4:72:25:4d:c7:83:e4:23:93:dd:41:07:85:94:52:
                    19:25:2c:bc:5b:62:4b:0e:3f:3e:75:fc:b0:f6:11:
                    52:6f:84:e3:a8:eb:f1:60:c7:20:ce:8f:96:54:70:
                    55:6b:9a:23:99:58:9a:9e:a1:79:66:62:bd:d2:0f:
                    cb:fd:5c:b7:0d:99:2a:47:c0:c6:ff:a6:7c:44:8c:
                    56:df:e9:a8:b4:f0:07:cb:70:b1:38:f9:99:e6:02:
                    64:6b:8e:48:d4:b8:4a:bb:44:a9:c0:bb:f0:f2:26:
                    37:f9:fe:03:ce:a5:0b:4c:1d:12:72:ab:f4:d5:a5:
                    a0:85:f0:24:53:81:a3:ac:9b:35:0b:1b:a5:cf:11:
                    83:bd:de:d7:e5:94:e4:89:4a:70:c8:1b:4f:d8:e2:
                    84:73:cb:9b:07:81:62:0e:04:1d:54:62:6b:25:92:
                    5e:a6:4d:53:fb:b1:db:b0:c6:76:2e:9f:b0:f8:7c:
                    16:ec:58:8e:a6:ac:e5:62:4b:e8:b8:fe:68:cc:b3:
                    2e:e7:8a:8d:52:27:34:b5:f7:56:f4:70:de:75:ea:
                    f3:65:de:9d:68:f1:be:4c:e5:17:8c:f4:27:6b:8c:
                    57:f1:9b:af:b6:15:db:33:f7:80:f7:fc:9e:04:dd:
                    a2:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:7F:E1:39:3C:C1:35:71:4D:6C:22:F0:9B:B7:84:18:76:1F:81:A5
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VH_hOTzBNXFNbCLwm7eEGHYfgaU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:b18::/45

    Signature Algorithm: sha256WithRSAEncryption
         97:6b:51:aa:23:2c:7f:bb:d0:77:d8:b4:34:b2:c7:3e:7d:00:
         d0:e4:f3:fc:c5:7e:af:c6:4d:46:cc:28:4c:7e:6b:d0:7a:a3:
         0e:00:4f:75:e0:b3:1f:2d:fc:ce:cd:e1:81:c6:f3:17:e8:ce:
         74:df:70:7d:08:1f:92:c6:0d:fb:6c:5c:8e:45:8e:21:02:04:
         ed:50:b1:22:80:48:4d:66:2d:14:92:c9:91:99:6c:2c:5a:76:
         81:15:08:1e:8e:13:c6:a8:4a:64:f5:9a:84:0e:5f:4d:22:a7:
         3c:b9:d7:da:44:a1:e4:84:ed:d5:de:40:b5:e3:19:a3:62:30:
         b1:82:55:09:7b:e6:cf:45:65:83:51:73:ab:9c:9b:61:34:51:
         83:b1:f3:8d:44:89:17:6a:3f:3e:2b:0d:80:64:28:0a:ec:fd:
         26:aa:5f:a8:7b:df:5f:32:c3:2f:54:15:6d:74:d9:1c:ca:a2:
         e9:e4:51:33:5e:13:08:90:40:fd:05:87:b3:65:17:1c:9d:fe:
         9d:ec:7b:09:23:d9:44:5a:02:5a:19:f1:df:3f:73:6b:5d:06:
         4a:98:03:e8:e7:df:c6:0c:43:e6:34:7d:d0:8d:94:ab:3b:83:
         90:0c:b4:4a:6b:94:07:f0:7f:62:89:16:2d:3b:cc:e9:66:3e:
         8b:6b:5e:b5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIfleTSyLw89PeeYPvDZBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDdmZTEzOTNjYzEzNTcxNGQ2YzIyZjA5YmI3ODQxODc2MWY4MWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjer+NCITRqi+BhkvUQvEciVNx4Pk
I5PdQQeFlFIZJSy8W2JLDj8+dfyw9hFSb4TjqOvxYMcgzo+WVHBVa5ojmVianqF5
ZmK90g/L/Vy3DZkqR8DG/6Z8RIxW3+motPAHy3CxOPmZ5gJka45I1LhKu0SpwLvw
8iY3+f4DzqULTB0Scqv01aWghfAkU4GjrJs1CxulzxGDvd7X5ZTkiUpwyBtP2OKE
c8ubB4FiDgQdVGJrJZJepk1T+7HbsMZ2Lp+w+HwW7FiOpqzlYkvouP5ozLMu54qN
Uic0tfdW9HDederzZd6daPG+TOUXjPQna4xX8ZuvthXbM/eA9/yeBN2ifQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFR/4Tk8wTVxTWwi8Ju3hBh2H4GlMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVkhfaE9UekJOWEZOYkNMd203ZUVHSFlmZ2FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcDKg6xBwsY
MA0GCSqGSIb3DQEBCwUAA4IBAQCXa1GqIyx/u9B32LQ0ssc+fQDQ5PP8xX6vxk1G
zChMfmvQeqMOAE914LMfLfzOzeGBxvMX6M5033B9CB+Sxg37bFyORY4hAgTtULEi
gEhNZi0UksmRmWwsWnaBFQgejhPGqEpk9ZqEDl9NIqc8udfaRKHkhO3V3kC14xmj
YjCxglUJe+bPRWWDUXOrnJthNFGDsfONRIkXaj8+Kw2AZCgK7P0mql+oe99fMsMv
VBVtdNkcyqLp5FEzXhMIkED9BYezZRccnf6d7HsJI9lEWgJaGfHfP3NrXQZKmAPo
59/GDEPmNH3QjZSrO4OQDLRKa5QH8H9iiRYtO8zpZj6La161
-----END CERTIFICATE-----