Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bfgER7zdmQhMwWg1irOmcuc-4mk.roa
File:                     bfgER7zdmQhMwWg1irOmcuc-4mk.roa (raw, json)
Hash identifier:          u7XmzIqn/1+XIHxKl1dvRH5w/Zah68wIjgpASiSP7+4=
Subject key identifier:   6D:F8:04:47:BC:DD:99:08:4C:C1:68:35:8A:B3:A6:72:E7:3E:E2:69
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521E10911B39599E49C631BE4070EE7
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bfgER7zdmQhMwWg1irOmcuc-4mk.roa
Signing time:             Thu 02 Jan 2025 03:49:24 +0000
ROA not before:           Thu 02 Jan 2025 03:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63279
IP address blocks:        2a0e:b107:a00::/44 maxlen: 48
                          2a0e:b107:a20::/44 maxlen: 48
                          2a0e:b107:b20::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 23:50:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:e1:09:11:b3:95:99:e4:9c:63:1b:e4:07:0e:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6df80447bcdd99084cc168358ab3a672e73ee269
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6f:93:e3:fb:e6:79:46:e5:3b:a6:4d:ac:0e:
                    2f:9e:9e:26:46:3f:1b:7d:e9:c7:62:b5:ac:e6:c4:
                    77:4b:f2:5a:29:5d:14:cc:24:94:3c:0b:93:3a:2a:
                    5b:94:29:dc:30:51:49:a3:20:a2:80:02:aa:33:8c:
                    ea:8c:90:55:54:d9:3a:94:59:00:e0:d1:14:38:f4:
                    35:20:ae:f8:cb:0a:f3:87:aa:dd:10:f6:b8:cf:86:
                    c9:31:1d:fc:cc:4d:7b:41:ce:bd:43:88:9d:14:af:
                    a1:7d:bf:68:37:4c:c4:71:76:89:39:7f:cf:6a:44:
                    ce:1d:cf:8c:c1:2d:de:f1:79:f1:3f:64:be:20:28:
                    d4:58:9b:ab:79:af:a6:5c:b3:24:98:4b:3f:e3:84:
                    98:c1:0a:74:d1:27:5f:ea:3b:76:3d:eb:ec:bc:b7:
                    ec:bd:c8:65:d3:e0:5d:44:e2:75:65:2a:00:c8:fb:
                    54:b5:df:bd:1b:ce:b2:6d:d2:d6:e4:87:d6:30:14:
                    2c:ba:42:bf:85:0d:d7:99:6e:04:e4:19:5b:aa:a8:
                    a4:b9:60:5e:97:c8:33:2c:92:b1:bb:e8:b6:79:17:
                    81:bb:41:01:f5:76:76:fc:0e:e9:51:58:44:8f:e0:
                    81:2e:cf:6e:42:2a:cd:39:dd:1b:20:63:67:c4:d8:
                    31:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:F8:04:47:BC:DD:99:08:4C:C1:68:35:8A:B3:A6:72:E7:3E:E2:69
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bfgER7zdmQhMwWg1irOmcuc-4mk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:a00::/44
                  2a0e:b107:a20::/44
                  2a0e:b107:b20::/44

    Signature Algorithm: sha256WithRSAEncryption
         3b:7a:45:01:9f:94:a7:32:b9:16:2b:17:96:ca:7b:9f:df:1a:
         ab:f7:92:25:39:15:d2:01:5a:d3:26:f7:d7:08:0b:4e:45:c2:
         28:c9:b6:88:97:7e:61:a2:05:fd:02:37:85:de:0f:8a:d1:e1:
         7f:fd:91:e7:81:f7:f9:dc:f6:64:85:04:de:e5:20:36:9a:36:
         69:e7:06:c6:ae:33:07:f7:4b:16:a0:d0:22:d5:4e:d0:aa:21:
         77:d8:cb:fc:4e:b8:e3:58:61:40:60:6b:fc:1f:73:17:37:27:
         bf:5b:c9:9c:72:47:91:6e:32:eb:0c:6e:1c:11:11:3a:41:ac:
         21:ac:a6:fb:45:c8:bb:69:4c:4a:b5:bd:c9:00:84:82:e5:91:
         95:88:f4:e5:20:15:83:c1:a8:60:27:93:61:7f:e4:dd:4f:b6:
         2b:49:f5:97:15:43:d9:51:06:67:7f:b2:dd:a6:f3:19:7a:0e:
         d0:77:48:f8:2a:3e:d0:61:c5:5a:e4:fc:11:cc:93:32:4f:74:
         b1:44:c5:ca:07:83:e6:7a:0c:95:85:be:ff:df:b3:72:d5:7f:
         3d:43:1a:26:48:b8:28:86:d4:7a:d1:66:0e:f9:5f:68:cb:9c:
         b4:45:0f:59:68:af:d3:28:47:7b:c0:39:8d:35:fd:0b:e2:27:
         79:02:d8:30
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQlIeEJEbOVmeScYxvkBw7nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGY4MDQ0N2JjZGQ5OTA4NGNjMTY4MzU4YWIzYTY3MmU3M2VlMjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2+T4/vmeUblO6ZNrA4vnp4mRj8b
fenHYrWs5sR3S/JaKV0UzCSUPAuTOipblCncMFFJoyCigAKqM4zqjJBVVNk6lFkA
4NEUOPQ1IK74ywrzh6rdEPa4z4bJMR38zE17Qc69Q4idFK+hfb9oN0zEcXaJOX/P
akTOHc+MwS3e8XnxP2S+ICjUWJurea+mXLMkmEs/44SYwQp00Sdf6jt2PevsvLfs
vchl0+BdROJ1ZSoAyPtUtd+9G86ybdLW5IfWMBQsukK/hQ3XmW4E5BlbqqikuWBe
l8gzLJKxu+i2eReBu0EB9XZ2/A7pUVhEj+CBLs9uQirNOd0bIGNnxNgxxwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFG34BEe83ZkITMFoNYqzpnLnPuJpMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvYmZnRVI3emRtUWhNd1dnMWlyT21jdWMtNG1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcEKg6xBwoA
AwcEKg6xBwogAwcEKg6xBwsgMA0GCSqGSIb3DQEBCwUAA4IBAQA7ekUBn5SnMrkW
KxeWynuf3xqr95IlORXSAVrTJvfXCAtORcIoybaIl35hogX9AjeF3g+K0eF//ZHn
gff53PZkhQTe5SA2mjZp5wbGrjMH90sWoNAi1U7QqiF32Mv8TrjjWGFAYGv8H3MX
Nye/W8mcckeRbjLrDG4cERE6QawhrKb7Rci7aUxKtb3JAISC5ZGViPTlIBWDwahg
J5Nhf+TdT7YrSfWXFUPZUQZnf7LdpvMZeg7Qd0j4Kj7QYcVa5PwRzJMyT3SxRMXK
B4PmegyVhb7/37Ny1X89QxomSLgohtR60WYO+V9oy5y0RQ9ZaK/TKEd7wDmNNf0L
4id5Atgw
-----END CERTIFICATE-----