Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_AMTLDeadJpktSwMx-bMHvDiJ7Y.roa
File:                     _AMTLDeadJpktSwMx-bMHvDiJ7Y.roa (raw, json)
Hash identifier:          c4LJfk7Pa/UKiJCHRNK+/RQsAAGenxLlz8zVvItVBjY=
Subject key identifier:   FC:03:13:2C:37:9A:74:9A:64:B5:2C:0C:C7:E6:CC:1E:F0:E2:27:B6
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019914EBDD0C8A67A550CEB23AB0656C7AB7
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_AMTLDeadJpktSwMx-bMHvDiJ7Y.roa
Signing time:             Thu 04 Sep 2025 13:30:25 +0000
ROA not before:           Thu 04 Sep 2025 13:30:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214994
IP address blocks:        2a0e:97c0:260::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 15:58:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:14:eb:dd:0c:8a:67:a5:50:ce:b2:3a:b0:65:6c:7a:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Sep  4 13:30:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc03132c379a749a64b52c0cc7e6cc1ef0e227b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2f:cc:d8:b9:d9:20:b9:26:11:3c:07:7d:33:
                    46:ce:88:38:a0:1f:cb:ab:5d:68:e3:1a:af:02:8e:
                    0e:7a:e6:60:17:ba:dc:1f:9e:6f:1f:c4:85:4f:09:
                    91:c6:85:f9:17:7b:a5:60:0c:f3:a9:94:89:0a:64:
                    ba:ab:93:73:3a:92:de:ac:e5:69:e5:26:8b:78:49:
                    63:06:e6:18:52:c8:47:09:63:cf:4e:eb:65:2e:14:
                    38:ff:aa:fd:5c:8a:9b:b6:53:d3:f4:14:af:62:7c:
                    79:49:33:bd:70:13:4e:59:17:37:d4:60:d4:89:da:
                    56:26:18:0a:42:54:6f:34:60:d5:88:54:9c:91:b7:
                    fd:d0:cd:fe:df:24:51:f7:5e:18:4e:c4:94:67:9d:
                    0e:51:69:99:5d:ef:be:36:e8:89:bd:90:64:57:c3:
                    09:24:6f:9e:e1:87:36:66:3a:aa:41:a0:e1:9e:ec:
                    7e:2a:90:e6:15:f4:fe:b8:e5:6a:43:04:0c:36:8e:
                    fa:4e:92:65:ce:60:b4:20:6a:0b:a3:a8:4f:29:49:
                    c7:83:f5:54:b6:85:37:10:91:34:e2:3b:6c:c7:2e:
                    6a:91:33:b5:cb:a5:42:69:61:90:e2:21:2e:51:63:
                    6e:51:81:8f:5a:8e:c4:87:a8:d1:62:f5:18:f2:5d:
                    bf:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:03:13:2C:37:9A:74:9A:64:B5:2C:0C:C7:E6:CC:1E:F0:E2:27:B6
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_AMTLDeadJpktSwMx-bMHvDiJ7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:260::/44

    Signature Algorithm: sha256WithRSAEncryption
         9e:fb:88:a3:2f:99:aa:69:35:70:e4:fc:39:36:07:2a:2a:7d:
         ab:79:ef:ea:28:3e:76:83:b2:20:3e:18:7f:21:78:ff:13:14:
         f2:23:91:34:87:ce:05:d2:06:d9:58:87:e8:90:2e:43:67:ca:
         31:45:44:47:e9:0c:e9:5c:41:6c:3b:af:59:90:9a:9c:9a:01:
         60:89:b2:93:bb:b8:50:0b:7c:ff:c1:44:61:a2:52:5a:c3:98:
         f4:60:28:0c:bb:11:35:18:59:7b:5e:50:48:71:48:d3:10:7c:
         4e:a7:fc:f6:3d:a4:84:e8:5d:39:f7:1f:99:97:4f:7f:c7:fa:
         39:f5:16:b6:ba:73:22:0d:06:4b:44:dd:2e:61:4c:5b:40:98:
         c0:d8:bf:0d:9d:59:bf:6f:a9:9d:b3:39:c2:45:03:b2:41:49:
         53:27:ce:f3:10:06:b6:43:45:41:55:44:2e:2e:ea:e1:2e:7a:
         03:f8:5b:2f:4b:09:fa:2d:3c:b6:64:5f:de:5d:28:48:a3:38:
         31:1d:e2:9e:43:98:6e:27:ea:e2:4b:f0:8e:58:83:09:0f:ba:
         0d:cd:76:1a:fc:fe:89:a1:39:b7:42:00:35:ee:e4:5c:82:7d:
         c5:a8:fa:c2:a1:f1:19:34:26:4d:93:c6:9b:44:11:54:f1:0c:
         d2:9a:bd:58
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZkU690MimelUM6yOrBlbHq3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwOTA0MTMzMDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzAzMTMyYzM3OWE3NDlhNjRiNTJjMGNjN2U2Y2MxZWYwZTIyN2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsi/M2LnZILkmETwHfTNGzog4oB/L
q11o4xqvAo4OeuZgF7rcH55vH8SFTwmRxoX5F3ulYAzzqZSJCmS6q5NzOpLerOVp
5SaLeEljBuYYUshHCWPPTutlLhQ4/6r9XIqbtlPT9BSvYnx5STO9cBNOWRc31GDU
idpWJhgKQlRvNGDViFSckbf90M3+3yRR914YTsSUZ50OUWmZXe++NuiJvZBkV8MJ
JG+e4Yc2ZjqqQaDhnux+KpDmFfT+uOVqQwQMNo76TpJlzmC0IGoLo6hPKUnHg/VU
toU3EJE04jtsxy5qkTO1y6VCaWGQ4iEuUWNuUYGPWo7Eh6jRYvUY8l2/dQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPwDEyw3mnSaZLUsDMfmzB7w4ie2MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvX0FNVExEZWFkSnBrdFN3TXgtYk1IdkRpSjdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAJg
MA0GCSqGSIb3DQEBCwUAA4IBAQCe+4ijL5mqaTVw5Pw5NgcqKn2ree/qKD52g7Ig
Phh/IXj/ExTyI5E0h84F0gbZWIfokC5DZ8oxRURH6QzpXEFsO69ZkJqcmgFgibKT
u7hQC3z/wURholJaw5j0YCgMuxE1GFl7XlBIcUjTEHxOp/z2PaSE6F059x+Zl09/
x/o59Ra2unMiDQZLRN0uYUxbQJjA2L8NnVm/b6mdsznCRQOyQUlTJ87zEAa2Q0VB
VUQuLurhLnoD+FsvSwn6LTy2ZF/eXShIozgxHeKeQ5huJ+riS/COWIMJD7oNzXYa
/P6JoTm3QgA17uRcgn3FqPrCofEZNCZNk8abRBFU8QzSmr1Y
-----END CERTIFICATE-----