Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XQbvLtCO9N1Y48RFVmHfDx2Xcxc.roa
File:                     XQbvLtCO9N1Y48RFVmHfDx2Xcxc.roa (raw, json)
Hash identifier:          UT053MsSODnrN+ZWeND99X3LHJ6LMa5uV0RezaG9uc4=
Subject key identifier:   5D:06:EF:2E:D0:8E:F4:DD:58:E3:C4:45:56:61:DF:0F:1D:97:73:17
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521FED7C13E25D35792287DF3D644E1
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XQbvLtCO9N1Y48RFVmHfDx2Xcxc.roa
Signing time:             Thu 02 Jan 2025 03:49:32 +0000
ROA not before:           Thu 02 Jan 2025 03:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200529
IP address blocks:        2a0e:b107:1d30::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:fe:d7:c1:3e:25:d3:57:92:28:7d:f3:d6:44:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d06ef2ed08ef4dd58e3c4455661df0f1d977317
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:fb:c1:fd:2c:93:d5:8c:4a:3b:9f:25:6f:65:
                    ad:c7:8d:4e:d2:6e:ee:be:d8:a8:ec:71:92:a4:37:
                    c0:8b:58:c1:17:7a:d5:10:d9:aa:29:dd:5c:7f:f7:
                    ae:99:47:a7:8b:b9:91:0d:26:3a:ba:74:32:88:14:
                    11:2c:5f:8a:1e:1d:5e:dd:85:be:4b:24:67:34:c8:
                    c8:f1:0d:33:6b:d3:06:90:a9:9e:fd:ff:e3:bc:64:
                    84:39:82:f2:62:12:c4:69:23:02:13:15:7c:5a:12:
                    fa:1d:71:7c:17:fd:c3:73:41:bd:2a:d0:26:7c:f2:
                    8c:64:27:4d:bd:f7:89:1f:41:1f:64:0e:fd:a7:66:
                    83:21:f4:f0:c6:5a:38:90:c3:19:57:c6:02:cf:bd:
                    b1:7d:60:49:07:62:b3:b5:07:44:a4:47:2d:45:e3:
                    c5:05:b4:aa:01:7c:11:92:19:af:a8:e9:23:6a:78:
                    cd:b8:8d:3f:d4:7e:28:29:99:65:ba:2d:bf:13:a2:
                    62:f1:2c:14:be:c4:4c:8f:5e:97:68:63:04:49:4b:
                    59:07:c6:7b:f1:99:58:29:88:de:bc:09:8b:42:17:
                    53:7e:61:d6:da:6c:c6:c4:1f:f1:0a:1c:30:ef:9e:
                    59:97:22:e1:32:a4:35:2e:7c:e8:ee:3f:1d:88:48:
                    6c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:06:EF:2E:D0:8E:F4:DD:58:E3:C4:45:56:61:DF:0F:1D:97:73:17
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XQbvLtCO9N1Y48RFVmHfDx2Xcxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1d30::/44

    Signature Algorithm: sha256WithRSAEncryption
         6f:02:1d:3c:36:fe:04:9f:19:04:5a:d2:45:a7:8e:91:33:0b:
         c2:1d:0b:0d:3a:9c:eb:91:bb:32:56:f5:d5:e0:56:d0:f8:9e:
         51:60:5f:99:30:65:25:1f:08:13:3b:b1:c6:7f:7f:28:ce:83:
         e4:22:16:d5:4c:29:bb:1e:d2:b9:fc:c5:72:f6:e3:04:05:be:
         21:37:36:da:86:41:b2:8a:89:5f:3d:77:4d:6d:b4:cf:8f:b7:
         49:63:d1:ae:84:ae:21:b5:aa:59:ba:13:05:e3:3a:98:fc:98:
         a5:c9:43:29:97:93:45:af:f6:35:69:55:aa:8e:d1:5d:bf:91:
         b1:46:3b:28:3d:8f:34:f3:06:14:b2:ed:b0:e8:80:80:f2:cb:
         9f:78:b0:4d:f5:ac:01:c5:5d:c3:66:dd:ff:4e:e8:98:7b:ff:
         31:f2:ce:95:82:1e:7a:17:1a:1d:f6:0f:a7:1b:2c:c7:e7:5b:
         28:c1:43:9f:4e:52:45:e2:b5:f6:65:89:8d:ca:3f:6e:2d:5e:
         c4:85:56:66:2b:aa:29:73:d2:b0:93:84:8c:fb:e3:40:24:30:
         a4:fc:b1:10:ae:e6:ca:c6:56:23:b7:1a:1f:66:9f:7a:7e:b4:
         a0:e2:8d:93:c7:73:66:e3:b1:a6:ac:b1:2a:16:48:4f:22:5f:
         96:21:0c:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIf7XwT4l01eSKH3z1kThMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDA2ZWYyZWQwOGVmNGRkNThlM2M0NDU1NjYxZGYwZjFkOTc3MzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/vB/SyT1YxKO58lb2Wtx41O0m7u
vtio7HGSpDfAi1jBF3rVENmqKd1cf/eumUeni7mRDSY6unQyiBQRLF+KHh1e3YW+
SyRnNMjI8Q0za9MGkKme/f/jvGSEOYLyYhLEaSMCExV8WhL6HXF8F/3Dc0G9KtAm
fPKMZCdNvfeJH0EfZA79p2aDIfTwxlo4kMMZV8YCz72xfWBJB2KztQdEpEctRePF
BbSqAXwRkhmvqOkjanjNuI0/1H4oKZllui2/E6Ji8SwUvsRMj16XaGMESUtZB8Z7
8ZlYKYjevAmLQhdTfmHW2mzGxB/xChww755ZlyLhMqQ1Lnzo7j8diEhsgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF0G7y7QjvTdWOPERVZh3w8dl3MXMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWFFidkx0Q085TjFZNDhSRlZtSGZEeDJYY3hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBx0w
MA0GCSqGSIb3DQEBCwUAA4IBAQBvAh08Nv4EnxkEWtJFp46RMwvCHQsNOpzrkbsy
VvXV4FbQ+J5RYF+ZMGUlHwgTO7HGf38ozoPkIhbVTCm7HtK5/MVy9uMEBb4hNzba
hkGyiolfPXdNbbTPj7dJY9GuhK4htapZuhMF4zqY/JilyUMpl5NFr/Y1aVWqjtFd
v5GxRjsoPY808wYUsu2w6ICA8sufeLBN9awBxV3DZt3/TuiYe/8x8s6Vgh56Fxod
9g+nGyzH51sowUOfTlJF4rX2ZYmNyj9uLV7EhVZmK6opc9Kwk4SM++NAJDCk/LEQ
rubKxlYjtxofZp96frSg4o2Tx3Nm47GmrLEqFkhPIl+WIQyy
-----END CERTIFICATE-----