Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/V_Hm7TFCjtZupg5Q4Vwllz2Nf6s.roa
File:                     V_Hm7TFCjtZupg5Q4Vwllz2Nf6s.roa (raw, json)
Hash identifier:          9226+JyN4ebBcKs1jxe5IhH7E1MP32b9Lylj7LPyWBw=
Subject key identifier:   57:F1:E6:ED:31:42:8E:D6:6E:A6:0E:50:E1:5C:25:97:3D:8D:7F:AB
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252242FBE317CFC028CE162E3FADC971
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/V_Hm7TFCjtZupg5Q4Vwllz2Nf6s.roa
Signing time:             Thu 02 Jan 2025 03:49:49 +0000
ROA not before:           Thu 02 Jan 2025 03:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210661
IP address blocks:        2a0e:97c0:570::/44 maxlen: 48
                          2a10:cc47:2000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:42:fb:e3:17:cf:c0:28:ce:16:2e:3f:ad:c9:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57f1e6ed31428ed66ea60e50e15c25973d8d7fab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:2a:f3:bf:17:7d:05:e1:4a:46:88:69:c1:2e:
                    06:fd:a2:10:33:e7:f4:56:85:52:b5:e3:10:40:2e:
                    ca:db:5c:1d:5d:f7:68:2c:f2:8e:d1:82:d9:61:9e:
                    c5:d9:c8:f6:bb:d9:09:22:6a:9b:b0:39:9b:e4:5d:
                    79:88:03:cc:9e:24:84:3f:03:b5:18:bf:cc:91:d1:
                    57:54:c6:01:a5:4f:6b:a4:b8:27:99:a7:e2:11:1b:
                    a5:fe:6e:58:ae:be:93:60:2e:93:fb:00:2a:71:36:
                    a1:43:d9:31:ea:ac:47:3b:9b:8d:05:52:85:71:f4:
                    2b:16:63:df:c0:3d:ff:f9:ab:22:0b:79:a9:f6:b8:
                    1e:9d:10:ff:76:00:0c:4d:ad:6b:3e:93:85:aa:68:
                    a1:61:27:0d:71:fa:ed:e2:45:c7:50:9e:8e:c3:94:
                    26:04:db:11:3a:8a:74:f5:a5:37:c9:4b:51:6a:76:
                    fb:28:35:91:79:42:93:f3:dd:19:0c:01:a3:79:b4:
                    e6:cf:3a:e4:9e:ee:78:db:d8:2e:ea:fb:ae:d5:fb:
                    ed:86:b8:af:3b:29:ef:83:b1:9f:5e:2d:db:95:75:
                    a4:93:7f:f3:a8:14:3a:a8:7e:23:16:bd:63:63:33:
                    66:63:3b:68:75:0b:0c:17:49:ee:a9:b6:cb:71:b2:
                    00:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:F1:E6:ED:31:42:8E:D6:6E:A6:0E:50:E1:5C:25:97:3D:8D:7F:AB
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/V_Hm7TFCjtZupg5Q4Vwllz2Nf6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:570::/44
                  2a10:cc47:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         0d:ab:56:6d:f6:c1:03:6e:ff:f7:1b:07:ef:1a:60:8a:af:c2:
         c2:05:8a:ad:fe:dc:db:d0:8a:19:f7:03:d2:08:08:48:6b:ab:
         95:f9:13:c1:14:44:17:cd:df:d6:d4:bc:c9:1d:ff:2b:c0:da:
         b5:20:55:f5:e3:52:48:95:6e:98:2d:21:d5:b8:cf:3e:c7:81:
         26:d9:2d:d3:0f:5e:e4:c1:a1:91:26:23:98:b8:3b:ef:51:95:
         2b:1b:78:c4:61:8c:2e:f6:8c:b1:86:e1:8d:99:80:e3:a2:7f:
         7d:2e:47:3f:d3:94:5d:17:5e:c3:0f:07:0c:24:c5:bd:2b:95:
         69:d4:15:5b:df:67:c4:54:e6:01:f8:7b:57:0e:e8:10:62:46:
         bb:7b:3e:55:3b:12:9f:9f:a4:4d:f2:4e:c5:b5:71:5a:52:1d:
         c4:b6:d0:7f:69:c7:fb:24:9e:22:ee:42:45:fa:56:e2:87:36:
         58:5e:f7:1a:f3:1b:c2:25:8f:48:43:6d:e4:a8:c3:a7:2e:0f:
         5c:69:ac:4c:f3:bb:ee:a3:67:15:00:fc:4a:df:b6:51:b7:a3:
         82:a7:02:bd:4f:4a:79:80:fc:40:c8:6d:2e:e1:7e:45:7d:70:
         ea:f1:34:b9:2e:1c:26:94:c4:1e:50:41:7a:2e:4d:0a:9c:83:
         8e:bb:32:db
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZQlIkL74xfPwCjOFi4/rclxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2YxZTZlZDMxNDI4ZWQ2NmVhNjBlNTBlMTVjMjU5NzNkOGQ3ZmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Crzvxd9BeFKRohpwS4G/aIQM+f0
VoVSteMQQC7K21wdXfdoLPKO0YLZYZ7F2cj2u9kJImqbsDmb5F15iAPMniSEPwO1
GL/MkdFXVMYBpU9rpLgnmafiERul/m5Yrr6TYC6T+wAqcTahQ9kx6qxHO5uNBVKF
cfQrFmPfwD3/+asiC3mp9rgenRD/dgAMTa1rPpOFqmihYScNcfrt4kXHUJ6Ow5Qm
BNsROop09aU3yUtRanb7KDWReUKT890ZDAGjebTmzzrknu5429gu6vuu1fvthriv
Oynvg7GfXi3blXWkk3/zqBQ6qH4jFr1jYzNmYztodQsMF0nuqbbLcbIAfwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFFfx5u0xQo7WbqYOUOFcJZc9jX+rMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVl9IbTdURkNqdFp1cGc1UTRWd2xsejJOZjZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcEKg6XwAVw
AwYEKhDMRyAwDQYJKoZIhvcNAQELBQADggEBAA2rVm32wQNu//cbB+8aYIqvwsIF
iq3+3NvQihn3A9IICEhrq5X5E8EURBfN39bUvMkd/yvA2rUgVfXjUkiVbpgtIdW4
zz7HgSbZLdMPXuTBoZEmI5i4O+9RlSsbeMRhjC72jLGG4Y2ZgOOif30uRz/TlF0X
XsMPBwwkxb0rlWnUFVvfZ8RU5gH4e1cO6BBiRrt7PlU7Ep+fpE3yTsW1cVpSHcS2
0H9px/skniLuQkX6VuKHNlhe9xrzG8Ilj0hDbeSow6cuD1xprEzzu+6jZxUA/Erf
tlG3o4KnAr1PSnmA/EDIbS7hfkV9cOrxNLkuHCaUxB5QQXouTQqcg467Mts=
-----END CERTIFICATE-----