Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VkB1bb2B3lMqYc3zJA46dAvGsbE.roa
File:                     VkB1bb2B3lMqYc3zJA46dAvGsbE.roa (raw, json)
Hash identifier:          oaxcuFBFPHQYFgQCH7/ALgeCdfJ847rR63Oj84tMjhw=
Subject key identifier:   56:40:75:6D:BD:81:DE:53:2A:61:CD:F3:24:0E:3A:74:0B:C6:B1:B1
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521E5F9BEAE3213B72A1D920994D0D5
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VkB1bb2B3lMqYc3zJA46dAvGsbE.roa
Signing time:             Thu 02 Jan 2025 03:49:26 +0000
ROA not before:           Thu 02 Jan 2025 03:49:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     140961
IP address blocks:        2a0e:b107:2220::/45 maxlen: 48
                          2a0e:b107:2228::/45 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:e5:f9:be:ae:32:13:b7:2a:1d:92:09:94:d0:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5640756dbd81de532a61cdf3240e3a740bc6b1b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:b7:f3:bb:41:a7:48:69:49:7d:dd:b1:59:16:
                    d8:8f:c8:13:43:65:2b:26:2a:88:cc:05:ce:bf:54:
                    68:62:02:e3:14:89:cd:52:87:03:be:56:21:7b:14:
                    a6:80:f3:e1:4d:d1:99:c9:98:27:5b:3e:09:2c:e3:
                    f6:6c:c0:d2:c2:51:93:50:15:eb:46:d3:82:92:5d:
                    f6:c6:ad:bc:d8:26:63:d7:bb:77:9b:01:ce:ea:0b:
                    1c:b0:e6:75:18:dc:c8:01:e7:21:8c:53:bc:47:2f:
                    1f:12:d8:1e:97:8f:b3:06:f7:66:da:56:1e:a8:a9:
                    4b:88:b9:cc:27:48:58:72:0a:e9:cf:cd:21:4f:91:
                    47:e1:6d:6d:42:40:a8:51:4f:b9:a7:4f:77:6f:b6:
                    04:21:e7:19:42:ec:9a:75:9c:b0:59:c5:f2:73:94:
                    3b:02:e3:39:7f:fb:fc:c4:d7:b6:43:19:9a:62:34:
                    16:00:90:40:5c:16:ab:89:d9:c3:71:9c:ac:01:ca:
                    90:d5:9e:28:3f:16:07:36:35:63:86:f3:1d:f0:94:
                    7b:2b:eb:1e:70:8e:04:fe:2c:9a:69:ad:0e:a9:e5:
                    1e:95:0c:08:b9:4e:b6:db:8f:9f:bb:56:af:92:98:
                    aa:f3:17:df:45:87:1d:c2:c3:78:39:07:97:83:11:
                    6e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:40:75:6D:BD:81:DE:53:2A:61:CD:F3:24:0E:3A:74:0B:C6:B1:B1
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VkB1bb2B3lMqYc3zJA46dAvGsbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:2220::/44

    Signature Algorithm: sha256WithRSAEncryption
         a9:ff:66:6f:0e:c9:ea:9a:43:bb:4b:bb:e4:ec:a8:05:bd:6c:
         c6:77:e1:a6:11:05:a0:f2:33:cd:13:9d:d5:30:ac:0a:da:db:
         54:04:ca:bc:e4:81:39:a6:3e:73:49:dc:b3:b4:8c:17:f0:b3:
         49:d9:ec:01:d1:38:6a:07:cf:cb:74:94:9a:79:99:01:18:65:
         37:af:6e:e9:1d:3a:1b:e4:6a:1d:a1:bc:3c:69:c6:fe:14:86:
         00:52:65:e8:87:c5:62:61:c8:a5:d7:86:50:e7:ee:c9:fa:de:
         8b:e8:ef:3f:bc:9b:6a:9c:3a:7a:cc:9b:a4:89:61:ae:a9:8c:
         22:3c:cb:69:eb:45:7c:12:fc:39:28:b1:9e:d1:e3:d5:a1:4a:
         04:01:47:18:75:2c:d9:63:26:d6:65:36:63:ba:1a:30:90:20:
         ea:59:14:2f:72:65:c7:e0:e7:3a:5c:9d:b2:31:37:dc:43:f5:
         40:4d:95:9a:c9:26:74:0a:a1:0c:f8:a5:fb:e1:f7:a4:27:46:
         a7:26:a4:e7:13:a2:37:b9:04:18:c6:a5:54:78:9c:00:64:18:
         9f:9d:f9:ed:8b:e4:b0:b3:6e:de:a4:f7:5f:51:45:82:89:af:
         83:61:68:f1:52:65:46:54:0d:26:0f:6c:c7:35:7d:30:00:c6:
         c3:77:0d:b0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIeX5vq4yE7cqHZIJlNDVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjQwNzU2ZGJkODFkZTUzMmE2MWNkZjMyNDBlM2E3NDBiYzZiMWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLfzu0GnSGlJfd2xWRbYj8gTQ2Ur
JiqIzAXOv1RoYgLjFInNUocDvlYhexSmgPPhTdGZyZgnWz4JLOP2bMDSwlGTUBXr
RtOCkl32xq282CZj17t3mwHO6gscsOZ1GNzIAechjFO8Ry8fEtgel4+zBvdm2lYe
qKlLiLnMJ0hYcgrpz80hT5FH4W1tQkCoUU+5p093b7YEIecZQuyadZywWcXyc5Q7
AuM5f/v8xNe2QxmaYjQWAJBAXBaridnDcZysAcqQ1Z4oPxYHNjVjhvMd8JR7K+se
cI4E/iyaaa0OqeUelQwIuU6224+fu1avkpiq8xffRYcdwsN4OQeXgxFukQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFZAdW29gd5TKmHN8yQOOnQLxrGxMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVmtCMWJiMkIzbE1xWWMzekpBNDZkQXZHc2JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xByIg
MA0GCSqGSIb3DQEBCwUAA4IBAQCp/2ZvDsnqmkO7S7vk7KgFvWzGd+GmEQWg8jPN
E53VMKwK2ttUBMq85IE5pj5zSdyztIwX8LNJ2ewB0ThqB8/LdJSaeZkBGGU3r27p
HTob5Godobw8acb+FIYAUmXoh8ViYcil14ZQ5+7J+t6L6O8/vJtqnDp6zJukiWGu
qYwiPMtp60V8Evw5KLGe0ePVoUoEAUcYdSzZYybWZTZjuhowkCDqWRQvcmXH4Oc6
XJ2yMTfcQ/VATZWaySZ0CqEM+KX74fekJ0anJqTnE6I3uQQYxqVUeJwAZBifnfnt
i+Sws27epPdfUUWCia+DYWjxUmVGVA0mD2zHNX0wAMbDdw2w
-----END CERTIFICATE-----