Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/X-WXpKlwKn9MB1QHK8fapFKUZ6E.roa
File:                     X-WXpKlwKn9MB1QHK8fapFKUZ6E.roa (raw, json)
Hash identifier:          DuIfE1XstNEAipOdqOCpkjiA4ttPTkLwS5Xn6yBsdbM=
Subject key identifier:   5F:E5:97:A4:A9:70:2A:7F:4C:07:54:07:2B:C7:DA:A4:52:94:67:A1
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425228B7FEAA8875E11F4854AF48726F1
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/X-WXpKlwKn9MB1QHK8fapFKUZ6E.roa
Signing time:             Thu 02 Jan 2025 03:50:08 +0000
ROA not before:           Thu 02 Jan 2025 03:50:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215664
IP address blocks:        2a0e:97c0:64f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:8b:7f:ea:a8:87:5e:11:f4:85:4a:f4:87:26:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fe597a4a9702a7f4c0754072bc7daa4529467a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:63:c1:db:c5:f6:be:ab:e8:a3:e6:69:97:b7:
                    46:ca:7c:18:57:8c:ec:fb:e5:0d:73:f6:c6:d6:6c:
                    17:df:f8:6c:41:c6:a6:65:11:77:81:71:40:d4:fd:
                    96:3c:bc:6a:bd:77:b0:c5:16:a0:47:27:e3:1b:b5:
                    7c:36:29:57:ad:88:2f:85:8c:eb:89:63:ee:0c:99:
                    27:78:ad:76:01:f0:64:86:61:2f:6a:69:36:0c:47:
                    07:5f:e1:d2:9b:9f:19:79:f3:a0:78:b4:88:b6:9b:
                    ef:b2:1a:1c:5f:6e:a3:ab:60:7b:85:51:0c:38:c6:
                    77:96:26:d1:dd:55:03:8e:23:85:12:e8:af:d7:ba:
                    af:a9:43:9a:68:dd:87:30:4d:1e:6e:eb:0c:9c:96:
                    2c:67:e2:c6:e3:da:45:1e:0f:65:fa:80:d7:4f:7e:
                    59:08:53:25:1c:51:71:af:d9:5a:c5:9f:04:cf:e8:
                    23:ef:ad:41:70:42:4c:17:a4:f8:e4:94:f9:2b:65:
                    77:cb:f1:6d:30:13:55:43:f1:74:5d:d5:73:c6:1a:
                    0a:7f:06:64:f1:3c:83:a1:6b:05:d5:44:59:01:0d:
                    ee:4f:f5:6b:48:14:cb:8d:ad:77:98:92:65:2e:39:
                    a3:ea:c8:5a:22:d7:71:b7:ed:0f:77:1b:8a:89:9f:
                    5e:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:E5:97:A4:A9:70:2A:7F:4C:07:54:07:2B:C7:DA:A4:52:94:67:A1
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/X-WXpKlwKn9MB1QHK8fapFKUZ6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:64f::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:ac:a3:21:4d:c3:f9:a7:e3:68:48:82:7d:aa:27:01:15:65:
         7b:36:37:c1:a7:9f:46:f3:51:fd:7f:ba:2d:a6:64:13:49:4f:
         b4:94:40:ef:66:9a:c2:44:09:cb:ee:29:c4:4c:81:5d:7c:7f:
         5e:b3:0b:90:f5:6d:08:54:5a:0a:36:b4:4a:a0:b5:4e:f1:35:
         f5:1d:9b:43:18:6d:33:fb:85:41:2c:6a:60:ab:12:5c:15:a7:
         28:fd:bb:6b:3a:d8:15:2f:37:e7:78:f1:0f:ab:98:1e:78:2a:
         b6:b1:37:73:e2:a1:1f:83:79:58:d2:ea:b1:e0:74:5e:8e:5d:
         81:d3:11:f5:9c:5e:22:05:8a:7d:04:4b:88:bc:18:0c:6b:38:
         83:64:7d:b2:5c:10:a8:f0:02:cd:bb:ee:40:7b:a9:99:97:c8:
         ea:1c:5f:e7:46:7d:f5:b1:31:52:93:5b:90:67:02:7b:e1:4c:
         30:83:ea:36:6a:cc:a7:85:15:92:53:a5:8f:02:a3:31:e2:83:
         32:80:11:60:7d:c2:fd:52:6b:5a:47:eb:cb:bc:50:2e:99:c0:
         10:ce:1b:6a:b5:43:d1:bf:a3:20:d4:51:0b:ba:f2:60:73:4f:
         a8:cc:92:43:91:67:ad:d3:db:93:2f:29:12:7d:0d:55:c0:da:
         d1:3d:f0:2d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIot/6qiHXhH0hUr0hybxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmU1OTdhNGE5NzAyYTdmNGMwNzU0MDcyYmM3ZGFhNDUyOTQ2N2ExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmPB28X2vqvoo+Zpl7dGynwYV4zs
++UNc/bG1mwX3/hsQcamZRF3gXFA1P2WPLxqvXewxRagRyfjG7V8NilXrYgvhYzr
iWPuDJkneK12AfBkhmEvamk2DEcHX+HSm58ZefOgeLSItpvvshocX26jq2B7hVEM
OMZ3libR3VUDjiOFEuiv17qvqUOaaN2HME0ebusMnJYsZ+LG49pFHg9l+oDXT35Z
CFMlHFFxr9laxZ8Ez+gj761BcEJMF6T45JT5K2V3y/FtMBNVQ/F0XdVzxhoKfwZk
8TyDoWsF1URZAQ3uT/VrSBTLja13mJJlLjmj6shaItdxt+0PdxuKiZ9eGwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF/ll6SpcCp/TAdUByvH2qRSlGehMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWC1XWHBLbHdLbjlNQjFRSEs4ZmFwRktVWjZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6XwAZP
MA0GCSqGSIb3DQEBCwUAA4IBAQACrKMhTcP5p+NoSIJ9qicBFWV7NjfBp59G81H9
f7otpmQTSU+0lEDvZprCRAnL7inETIFdfH9eswuQ9W0IVFoKNrRKoLVO8TX1HZtD
GG0z+4VBLGpgqxJcFaco/btrOtgVLzfnePEPq5geeCq2sTdz4qEfg3lY0uqx4HRe
jl2B0xH1nF4iBYp9BEuIvBgMaziDZH2yXBCo8ALNu+5Ae6mZl8jqHF/nRn31sTFS
k1uQZwJ74Uwwg+o2asynhRWSU6WPAqMx4oMygBFgfcL9UmtaR+vLvFAumcAQzhtq
tUPRv6Mg1FELuvJgc0+ozJJDkWet09uTLykSfQ1VwNrRPfAt
-----END CERTIFICATE-----