Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bdrbiT1df-SROUUSmZy0htSgxEc.roa
File:                     bdrbiT1df-SROUUSmZy0htSgxEc.roa (raw, json)
Hash identifier:          8wwm3LaF2pmKLtkpMo5I+1wKqItmDPmUBbhkZPpiUbI=
Subject key identifier:   6D:DA:DB:89:3D:5D:7F:E4:91:39:45:12:99:9C:B4:86:D4:A0:C4:47
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252231790C221E45DF53F4A6C0A084AC
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bdrbiT1df-SROUUSmZy0htSgxEc.roa
Signing time:             Thu 02 Jan 2025 03:49:45 +0000
ROA not before:           Thu 02 Jan 2025 03:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208755
IP address blocks:        2a0e:b107:3a7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:31:79:0c:22:1e:45:df:53:f4:a6:c0:a0:84:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ddadb893d5d7fe491394512999cb486d4a0c447
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:9d:75:50:a5:07:bd:22:a0:e3:c1:0b:df:50:
                    fc:41:b2:4f:de:b8:69:e5:e0:69:63:a6:d1:2f:0c:
                    4c:44:4e:d3:6e:f9:4b:9b:03:f4:b4:5a:f1:af:33:
                    63:9a:fe:6b:ba:33:9c:4e:db:ae:87:0f:7d:11:42:
                    09:ed:6f:e3:29:a2:7b:12:32:95:72:4d:bb:b5:9c:
                    8d:46:54:df:32:32:2e:0e:60:dd:f9:91:d6:b6:ee:
                    a7:95:3b:06:ee:4a:f0:46:a5:c7:36:d7:40:66:2e:
                    ac:e9:9f:b9:ed:55:aa:07:41:b0:67:39:9c:ea:00:
                    62:af:09:16:19:5d:f2:19:59:dc:ef:37:04:67:1a:
                    7f:49:52:9c:d4:08:c3:40:0b:ef:7b:2d:39:9f:7f:
                    fd:43:cf:bc:89:ad:8d:7e:07:ee:83:72:0c:54:e8:
                    b4:93:7e:23:a6:ae:da:f3:2a:1a:01:b9:cc:89:ea:
                    34:39:81:0d:cc:f4:09:f0:ca:0f:69:d7:75:ba:c9:
                    bd:46:e9:dd:15:c7:a0:cb:ae:c8:32:9f:5e:81:91:
                    91:6d:69:d8:3e:e2:fd:45:d3:16:6a:f2:1a:98:fc:
                    bf:40:10:bb:5b:92:70:f9:87:2e:fb:fe:a5:9c:de:
                    9e:8f:6f:a1:0a:36:26:72:33:cf:97:74:3c:89:a9:
                    13:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:DA:DB:89:3D:5D:7F:E4:91:39:45:12:99:9C:B4:86:D4:A0:C4:47
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bdrbiT1df-SROUUSmZy0htSgxEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:3a7::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:4d:ee:2e:2e:1e:74:22:ba:13:de:03:0d:af:28:ea:02:67:
         98:02:03:b6:42:a9:78:06:32:e7:85:d9:cc:b9:1f:72:27:5a:
         1e:67:cd:75:3f:39:fe:81:74:ba:c4:c6:11:f0:33:ce:b8:9e:
         69:53:9e:c5:92:bf:57:ed:4c:49:ee:e6:e4:af:11:94:cf:78:
         97:ab:85:84:c1:17:62:35:28:12:59:62:64:9b:4c:5c:14:e0:
         d2:b6:3f:7d:87:c3:9f:24:d1:8c:6f:35:53:cf:69:cf:f5:23:
         3b:6a:e4:32:e1:47:07:1d:01:1e:2e:19:de:46:ea:0b:20:53:
         68:7d:3f:a8:55:59:4e:e2:ab:f0:ad:27:4a:79:bf:32:d1:50:
         b7:82:55:4e:e5:e8:41:c3:34:d5:92:ec:b2:02:a5:89:d6:13:
         19:bf:7e:7c:37:44:78:19:83:a1:4c:33:52:35:87:65:82:18:
         2b:93:f1:74:22:72:cf:45:e2:84:f1:a1:af:42:fb:f8:6e:be:
         1f:3b:dc:77:5a:97:24:9f:a6:df:10:b3:63:b0:8e:f3:97:a1:
         b3:78:58:ed:ab:9f:91:85:46:bb:3e:6c:52:4b:15:27:22:36:
         94:11:a1:4c:33:4e:4e:4d:30:d6:19:ab:6d:d2:1a:ad:8e:26:
         f1:76:ce:1d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIjF5DCIeRd9T9KbAoISsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGRhZGI4OTNkNWQ3ZmU0OTEzOTQ1MTI5OTljYjQ4NmQ0YTBjNDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn511UKUHvSKg48EL31D8QbJP3rhp
5eBpY6bRLwxMRE7TbvlLmwP0tFrxrzNjmv5rujOcTtuuhw99EUIJ7W/jKaJ7EjKV
ck27tZyNRlTfMjIuDmDd+ZHWtu6nlTsG7krwRqXHNtdAZi6s6Z+57VWqB0GwZzmc
6gBirwkWGV3yGVnc7zcEZxp/SVKc1AjDQAvvey05n3/9Q8+8ia2Nfgfug3IMVOi0
k34jpq7a8yoaAbnMieo0OYENzPQJ8MoPadd1usm9RundFcegy67IMp9egZGRbWnY
PuL9RdMWavIamPy/QBC7W5Jw+Ycu+/6lnN6ej2+hCjYmcjPPl3Q8iakTVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG3a24k9XX/kkTlFEpmctIbUoMRHMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvYmRyYmlUMWRmLVNST1VVU21aeTBodFNneEVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBwOn
MA0GCSqGSIb3DQEBCwUAA4IBAQBlTe4uLh50IroT3gMNryjqAmeYAgO2Qql4BjLn
hdnMuR9yJ1oeZ811Pzn+gXS6xMYR8DPOuJ5pU57Fkr9X7UxJ7ubkrxGUz3iXq4WE
wRdiNSgSWWJkm0xcFODStj99h8OfJNGMbzVTz2nP9SM7auQy4UcHHQEeLhneRuoL
IFNofT+oVVlO4qvwrSdKeb8y0VC3glVO5ehBwzTVkuyyAqWJ1hMZv358N0R4GYOh
TDNSNYdlghgrk/F0InLPReKE8aGvQvv4br4fO9x3Wpckn6bfELNjsI7zl6GzeFjt
q5+RhUa7PmxSSxUnIjaUEaFMM05OTTDWGatt0hqtjibxds4d
-----END CERTIFICATE-----