Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VTwk7jcgS9OlDHPQ3ae6QTAGzZs.roa
File:                     VTwk7jcgS9OlDHPQ3ae6QTAGzZs.roa (raw, json)
Hash identifier:          n2L2uKCsXb0VXrnT5vCEqVvvbxqM6w8PiN4DluIy/t0=
Subject key identifier:   55:3C:24:EE:37:20:4B:D3:A5:0C:73:D0:DD:A7:BA:41:30:06:CD:9B
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521E96983D779BBADA9F19C76F6C720
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VTwk7jcgS9OlDHPQ3ae6QTAGzZs.roa
Signing time:             Thu 02 Jan 2025 03:49:26 +0000
ROA not before:           Thu 02 Jan 2025 03:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142289
IP address blocks:        2a0e:b107:15f0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:e9:69:83:d7:79:bb:ad:a9:f1:9c:76:f6:c7:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=553c24ee37204bd3a50c73d0dda7ba413006cd9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:bc:f4:d3:6d:cc:23:d6:91:09:42:be:4f:2e:
                    ce:bf:d8:de:16:e0:20:a1:aa:b6:f7:13:82:41:f5:
                    c4:11:30:ac:2f:65:bc:4d:39:5a:bd:a0:61:77:b3:
                    53:b2:70:33:e4:a0:c0:fc:a9:d5:f0:b1:4e:7e:e6:
                    14:be:27:ac:fa:a1:04:33:62:df:39:cb:55:ab:54:
                    4a:52:63:f1:27:aa:38:45:d8:63:96:9f:a3:8d:de:
                    63:df:2a:13:49:1f:c8:53:91:c7:6e:b4:5e:55:05:
                    50:06:50:03:83:cc:6c:10:62:9e:e0:c1:5b:bd:b3:
                    ce:5b:cd:44:34:b4:56:45:a3:e1:20:f0:37:a4:51:
                    07:41:5b:92:2a:51:eb:23:8a:40:e3:69:77:6e:22:
                    5f:0d:77:46:f7:c8:30:8a:bb:13:96:9a:14:0b:a1:
                    31:f1:47:80:80:9c:96:c2:1a:8a:0e:45:93:2c:0f:
                    31:56:7b:d6:49:10:09:ec:a0:79:11:a1:57:95:2e:
                    5b:40:d1:5d:a3:ed:a9:c5:e8:b3:5f:72:ff:35:a7:
                    ff:3a:4d:75:0e:eb:11:9f:cc:73:e9:50:1a:05:28:
                    d4:e3:67:77:9e:fa:c6:9e:4c:29:1b:8f:d7:fa:45:
                    29:e6:41:c2:5d:3b:2c:b6:0c:65:c5:37:28:ec:0b:
                    17:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:3C:24:EE:37:20:4B:D3:A5:0C:73:D0:DD:A7:BA:41:30:06:CD:9B
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VTwk7jcgS9OlDHPQ3ae6QTAGzZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:15f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6d:e9:85:e0:2b:52:ab:7d:bc:63:f0:57:cb:d6:96:33:8d:a5:
         fb:80:cd:9b:22:6c:b2:63:37:95:a9:c1:05:ab:3f:75:4d:dd:
         87:a6:62:88:d8:e9:ff:08:d2:24:38:39:0e:00:c4:3c:ba:e1:
         62:88:29:91:18:c6:d6:6d:17:e1:c4:9a:10:c9:a4:13:ec:41:
         f4:85:21:b9:26:8b:ef:1f:e5:8f:7d:98:fd:c9:3a:d5:9f:f9:
         48:a7:11:4d:c7:a5:0d:ee:05:c9:ef:9a:60:d8:c6:3c:b5:05:
         56:6c:31:66:4f:e8:8a:59:39:b7:44:94:23:d7:65:23:63:80:
         d5:31:b3:4c:1f:65:76:50:a7:b7:a2:63:a7:96:43:95:d2:97:
         bc:26:66:63:d5:9e:1a:59:8e:8a:77:79:8a:10:cf:e1:df:cc:
         a2:88:0d:71:bb:8c:bb:22:2e:91:f5:8e:06:67:e1:8c:50:d4:
         a3:82:68:8c:f1:8b:72:b3:94:4e:dd:54:f2:e3:94:a5:99:15:
         b5:a5:06:95:b0:b2:80:aa:bf:c9:73:13:ea:31:67:d1:98:d1:
         9c:fc:07:12:50:ea:76:05:a9:6c:8d:11:82:6e:ac:07:c5:5c:
         89:fb:eb:63:14:60:1a:c6:47:91:74:e1:04:26:21:71:3f:d5:
         37:71:3e:89
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIelpg9d5u62p8Zx29scgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTNjMjRlZTM3MjA0YmQzYTUwYzczZDBkZGE3YmE0MTMwMDZjZDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrz0023MI9aRCUK+Ty7Ov9jeFuAg
oaq29xOCQfXEETCsL2W8TTlavaBhd7NTsnAz5KDA/KnV8LFOfuYUvies+qEEM2Lf
OctVq1RKUmPxJ6o4Rdhjlp+jjd5j3yoTSR/IU5HHbrReVQVQBlADg8xsEGKe4MFb
vbPOW81ENLRWRaPhIPA3pFEHQVuSKlHrI4pA42l3biJfDXdG98gwirsTlpoUC6Ex
8UeAgJyWwhqKDkWTLA8xVnvWSRAJ7KB5EaFXlS5bQNFdo+2pxeizX3L/Naf/Ok11
DusRn8xz6VAaBSjU42d3nvrGnkwpG4/X+kUp5kHCXTsstgxlxTco7AsXawIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFU8JO43IEvTpQxz0N2nukEwBs2bMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVlR3azdqY2dTOU9sREhQUTNhZTZRVEFHelpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxXw
MA0GCSqGSIb3DQEBCwUAA4IBAQBt6YXgK1Krfbxj8FfL1pYzjaX7gM2bImyyYzeV
qcEFqz91Td2HpmKI2On/CNIkODkOAMQ8uuFiiCmRGMbWbRfhxJoQyaQT7EH0hSG5
JovvH+WPfZj9yTrVn/lIpxFNx6UN7gXJ75pg2MY8tQVWbDFmT+iKWTm3RJQj12Uj
Y4DVMbNMH2V2UKe3omOnlkOV0pe8JmZj1Z4aWY6Kd3mKEM/h38yiiA1xu4y7Ii6R
9Y4GZ+GMUNSjgmiM8Ytys5RO3VTy45SlmRW1pQaVsLKAqr/JcxPqMWfRmNGc/AcS
UOp2BalsjRGCbqwHxVyJ++tjFGAaxkeRdOEEJiFxP9U3cT6J
-----END CERTIFICATE-----