Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bKYYGHSa5sEOqH4WVrzudAh4niQ.roa
File:                     bKYYGHSa5sEOqH4WVrzudAh4niQ.roa (raw, json)
Hash identifier:          4aGAr3I/d2ZZekItwzbVvQQhvysMzxqA5HF7Kc2otrQ=
Subject key identifier:   6C:A6:18:18:74:9A:E6:C1:0E:A8:7E:16:56:BC:EE:74:08:78:9E:24
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425224712A2914873865D5746EFDAB00C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bKYYGHSa5sEOqH4WVrzudAh4niQ.roa
Signing time:             Thu 02 Jan 2025 03:49:50 +0000
ROA not before:           Thu 02 Jan 2025 03:49:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210951
IP address blocks:        2a0e:b107:15d0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:47:12:a2:91:48:73:86:5d:57:46:ef:da:b0:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ca61818749ae6c10ea87e1656bcee7408789e24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a4:4a:57:e4:dc:95:41:b2:59:e5:9e:ed:b3:
                    33:28:bf:3e:1d:11:19:ea:37:a6:2a:ac:4f:d6:0b:
                    58:1b:93:5a:12:cd:58:04:1e:9a:91:0b:61:25:71:
                    d4:bd:f5:d3:0a:40:ee:83:c4:07:f1:34:6d:f2:ea:
                    f0:d5:a8:70:a7:e0:1b:a6:28:af:79:07:41:16:48:
                    f7:11:d3:97:16:c6:b9:60:99:a7:89:8c:f7:77:fb:
                    44:69:24:e4:bb:7f:61:a6:d8:ac:b0:24:05:6d:89:
                    71:e6:b2:ab:19:28:05:e9:c0:4c:43:17:58:34:6e:
                    41:c1:1a:e3:86:5c:1d:3e:7f:b7:12:cb:e7:23:44:
                    9a:2e:fc:0c:0a:24:99:a0:1f:dc:b2:f2:c0:47:15:
                    1c:24:12:1a:49:b7:05:6c:eb:99:62:78:89:0b:11:
                    95:c5:88:c6:da:d9:ce:99:06:7d:9b:d8:8f:20:3a:
                    91:c8:5c:16:9a:93:76:23:dc:fd:70:91:ab:36:c8:
                    e7:17:71:12:6e:0d:43:68:ac:4e:a2:7a:40:56:23:
                    a5:a8:6a:7e:ca:5d:77:09:b7:a3:6b:c9:88:1b:85:
                    80:3f:f3:fb:fd:30:74:31:e8:3c:63:24:30:73:7d:
                    60:07:a9:a7:18:5a:55:49:b2:c6:77:76:23:be:ff:
                    22:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:A6:18:18:74:9A:E6:C1:0E:A8:7E:16:56:BC:EE:74:08:78:9E:24
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bKYYGHSa5sEOqH4WVrzudAh4niQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:15d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         4b:df:74:29:f7:ef:89:c8:3a:17:4f:30:2d:13:2f:c2:05:92:
         e6:d0:a7:8b:fd:0b:27:45:8d:59:45:e8:2e:3b:ed:ba:ed:e6:
         bd:ca:9d:a1:4c:f1:b0:f4:2c:61:14:fd:36:55:00:4c:d0:53:
         78:40:32:b7:89:d7:70:86:eb:ca:cb:00:d6:df:22:e9:94:0e:
         04:59:02:70:02:c8:58:8b:12:c5:82:79:5b:68:b4:be:43:37:
         aa:5b:bf:d1:25:b8:43:e9:f6:19:f2:57:48:48:67:79:85:3d:
         7b:98:8e:80:8e:1a:08:93:b0:b6:f8:a2:be:42:cf:82:2e:10:
         51:23:e2:5c:b7:c9:ca:8a:55:dc:86:9a:cc:da:b8:3c:68:17:
         d5:9a:5e:de:e5:a6:a9:47:0f:5e:f1:b3:24:3e:5d:e9:e4:b3:
         1a:79:29:75:8a:53:a0:64:ba:18:3e:4a:15:df:f0:22:49:98:
         eb:26:3f:55:c0:cd:0d:ec:d8:d7:da:a1:10:8b:d7:03:c9:77:
         cd:be:c6:0d:1d:9c:b9:7c:07:e2:de:d6:56:b5:57:3a:f2:b3:
         53:16:0b:d3:7f:d9:5b:ea:89:5b:b6:04:bb:e4:33:37:01:37:
         01:52:87:70:72:34:ae:2e:18:48:2a:7d:85:e5:aa:aa:51:13:
         2d:2e:e8:b9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIkcSopFIc4ZdV0bv2rAMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2E2MTgxODc0OWFlNmMxMGVhODdlMTY1NmJjZWU3NDA4Nzg5ZTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaRKV+TclUGyWeWe7bMzKL8+HREZ
6jemKqxP1gtYG5NaEs1YBB6akQthJXHUvfXTCkDug8QH8TRt8urw1ahwp+Abpiiv
eQdBFkj3EdOXFsa5YJmniYz3d/tEaSTku39hptissCQFbYlx5rKrGSgF6cBMQxdY
NG5BwRrjhlwdPn+3EsvnI0SaLvwMCiSZoB/csvLARxUcJBIaSbcFbOuZYniJCxGV
xYjG2tnOmQZ9m9iPIDqRyFwWmpN2I9z9cJGrNsjnF3ESbg1DaKxOonpAViOlqGp+
yl13Cbeja8mIG4WAP/P7/TB0Meg8YyQwc31gB6mnGFpVSbLGd3Yjvv8iHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGymGBh0mubBDqh+Fla87nQIeJ4kMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvYktZWUdIU2E1c0VPcUg0V1ZyenVkQWg0bmlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxXQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBL33Qp9++JyDoXTzAtEy/CBZLm0KeL/QsnRY1Z
ReguO+267ea9yp2hTPGw9CxhFP02VQBM0FN4QDK3iddwhuvKywDW3yLplA4EWQJw
AshYixLFgnlbaLS+QzeqW7/RJbhD6fYZ8ldISGd5hT17mI6AjhoIk7C2+KK+Qs+C
LhBRI+Jct8nKilXchprM2rg8aBfVml7e5aapRw9e8bMkPl3p5LMaeSl1ilOgZLoY
PkoV3/AiSZjrJj9VwM0N7NjX2qEQi9cDyXfNvsYNHZy5fAfi3tZWtVc68rNTFgvT
f9lb6olbtgS75DM3ATcBUodwcjSuLhhIKn2F5aqqURMtLui5
-----END CERTIFICATE-----