Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VmMa1_mXtziLWT8PTA_ZHVx2nIo.roa
File:                     VmMa1_mXtziLWT8PTA_ZHVx2nIo.roa (raw, json)
Hash identifier:          T0ExZj8vZwupwwrAyZlQn4FpryXosgDgvuHvVd1Zvs8=
Subject key identifier:   56:63:1A:D7:F9:97:B7:38:8B:59:3F:0F:4C:0F:D9:1D:5C:76:9C:8A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522487F11D2E3BD97BE2DA2C9B4F92F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VmMa1_mXtziLWT8PTA_ZHVx2nIo.roa
Signing time:             Thu 02 Jan 2025 03:49:51 +0000
ROA not before:           Thu 02 Jan 2025 03:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210980
IP address blocks:        2a0e:b107:ae0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:48:7f:11:d2:e3:bd:97:be:2d:a2:c9:b4:f9:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=56631ad7f997b7388b593f0f4c0fd91d5c769c8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:c9:79:b1:b4:2c:89:04:08:7f:40:2b:f8:33:
                    25:1d:91:f7:f8:d8:d8:09:cd:41:05:61:33:54:07:
                    f8:f0:80:7e:05:90:30:45:11:77:05:36:1b:30:ff:
                    fc:f5:7d:f3:e8:93:f1:4c:98:a2:cd:03:25:1c:85:
                    98:6f:b2:ef:d2:96:11:b5:4b:b9:e8:b8:76:39:c5:
                    a5:27:98:40:a2:ea:b1:40:10:42:67:d7:22:fd:32:
                    c0:c6:2b:5d:77:2b:eb:9d:fc:12:17:eb:e3:88:72:
                    54:00:0c:a7:a5:5d:88:1d:b4:d0:92:0b:84:07:b9:
                    c9:13:52:2d:30:73:56:7c:58:86:57:1e:96:f4:bc:
                    dd:66:2a:15:22:56:6c:02:f0:5b:24:c3:f8:9e:2e:
                    f2:58:57:c7:78:3f:15:42:ad:cf:10:29:bb:a9:f0:
                    98:d4:ee:c6:f2:97:31:41:a2:e6:18:6b:a6:63:64:
                    ba:01:43:1c:a8:ed:dd:12:72:c1:28:da:99:96:08:
                    94:54:5c:93:5e:ee:30:9b:3f:33:fb:05:de:91:fa:
                    20:e7:e9:5f:f6:3a:5d:b3:f9:94:ef:33:db:6b:f2:
                    11:91:cf:dd:3b:ee:b0:6d:85:5d:a9:65:61:62:2f:
                    19:25:ea:3d:af:3e:43:2c:a1:02:2b:1c:08:75:10:
                    a9:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:63:1A:D7:F9:97:B7:38:8B:59:3F:0F:4C:0F:D9:1D:5C:76:9C:8A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VmMa1_mXtziLWT8PTA_ZHVx2nIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:ae0::/44

    Signature Algorithm: sha256WithRSAEncryption
         33:6e:d4:c6:e6:af:f7:83:74:e2:97:bf:0e:5a:27:b5:96:18:
         a5:44:54:06:30:a4:36:e6:58:5e:03:f8:9f:ba:c8:4e:f0:05:
         9a:ce:0d:d9:86:3d:fa:de:24:ab:32:71:b4:9d:4c:bb:75:9a:
         31:61:f5:be:c1:e6:69:e9:8a:0c:61:af:7d:8c:3e:8c:24:b5:
         c7:1f:79:34:6a:6c:fd:f3:0d:7b:bb:03:8c:94:20:97:a3:e6:
         05:14:01:8c:f1:24:db:db:bb:0e:08:65:ac:6a:d4:26:91:b3:
         c5:d1:58:36:09:8f:50:83:e2:2b:ac:2a:f7:77:6b:14:98:55:
         f7:32:5a:a0:04:ee:6c:7d:a7:d2:93:fa:c8:34:e0:18:6f:e4:
         da:06:d0:6a:f4:32:7e:35:7e:88:0d:f8:aa:65:fa:e2:3a:2c:
         71:0c:04:8f:6e:83:cd:87:16:47:d8:3c:66:33:a5:9e:40:a0:
         9e:82:90:2d:87:e0:27:ec:e8:02:4c:74:22:6f:89:1b:ce:4e:
         8b:a8:5d:f1:97:54:88:23:28:d1:ec:4f:5e:aa:d5:09:82:69:
         81:d5:e8:06:8c:22:25:dd:9e:94:e6:09:5c:dd:64:42:81:5f:
         18:f2:bf:06:04:d9:03:72:b1:9c:51:a4:f6:ed:f4:fe:2f:13:
         71:1c:87:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIkh/EdLjvZe+LaLJtPkvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjYzMWFkN2Y5OTdiNzM4OGI1OTNmMGY0YzBmZDkxZDVjNzY5YzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7cl5sbQsiQQIf0Ar+DMlHZH3+NjY
Cc1BBWEzVAf48IB+BZAwRRF3BTYbMP/89X3z6JPxTJiizQMlHIWYb7Lv0pYRtUu5
6Lh2OcWlJ5hAouqxQBBCZ9ci/TLAxitddyvrnfwSF+vjiHJUAAynpV2IHbTQkguE
B7nJE1ItMHNWfFiGVx6W9LzdZioVIlZsAvBbJMP4ni7yWFfHeD8VQq3PECm7qfCY
1O7G8pcxQaLmGGumY2S6AUMcqO3dEnLBKNqZlgiUVFyTXu4wmz8z+wXekfog5+lf
9jpds/mU7zPba/IRkc/dO+6wbYVdqWVhYi8ZJeo9rz5DLKECKxwIdRCptwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFZjGtf5l7c4i1k/D0wP2R1cdpyKMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVm1NYTFfbVh0emlMV1Q4UFRBX1pIVngybklvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBwrg
MA0GCSqGSIb3DQEBCwUAA4IBAQAzbtTG5q/3g3Til78OWie1lhilRFQGMKQ25lhe
A/ifushO8AWazg3Zhj363iSrMnG0nUy7dZoxYfW+weZp6YoMYa99jD6MJLXHH3k0
amz98w17uwOMlCCXo+YFFAGM8STb27sOCGWsatQmkbPF0Vg2CY9Qg+IrrCr3d2sU
mFX3MlqgBO5sfafSk/rINOAYb+TaBtBq9DJ+NX6IDfiqZfriOixxDASPboPNhxZH
2DxmM6WeQKCegpAth+An7OgCTHQib4kbzk6LqF3xl1SIIyjR7E9eqtUJgmmB1egG
jCIl3Z6U5glc3WRCgV8Y8r8GBNkDcrGcUaT27fT+LxNxHIcj
-----END CERTIFICATE-----