Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cGSIdZC-I5uXgES7rHNyvUY-rU0.roa
File:                     cGSIdZC-I5uXgES7rHNyvUY-rU0.roa (raw, json)
Hash identifier:          ekxfl7DSCYBHiYuz01d/NWNVMgm4GGMEVXtt4SP26Kw=
Subject key identifier:   70:64:88:75:90:BE:23:9B:97:80:44:BB:AC:73:72:BD:46:3E:AD:4D
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521CCA413AAD347AC76E33EA1771F67
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cGSIdZC-I5uXgES7rHNyvUY-rU0.roa
Signing time:             Thu 02 Jan 2025 03:49:19 +0000
ROA not before:           Thu 02 Jan 2025 03:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39282
IP address blocks:        2a0e:b107:e80::/44 maxlen: 48
                          2a10:2f00:15d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:cc:a4:13:aa:d3:47:ac:76:e3:3e:a1:77:1f:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7064887590be239b978044bbac7372bd463ead4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f4:a9:05:36:a5:c2:46:f4:64:75:11:65:ea:
                    8b:bb:d5:16:bc:ef:82:fd:4b:d7:87:10:e0:95:7d:
                    f9:28:7d:77:e3:ea:91:34:90:54:82:82:d8:1b:a8:
                    50:35:8e:8e:22:3b:0c:d2:6d:48:6e:81:3a:8f:6d:
                    f6:ad:f4:1e:d9:cc:3a:3c:97:2d:05:e5:4c:b1:03:
                    ba:67:66:8b:c8:29:53:39:a9:89:0b:b8:d0:49:2e:
                    f0:a9:75:53:34:13:ec:9a:52:3b:c6:e4:56:c0:da:
                    46:fb:6c:e6:a6:8f:f2:c2:72:6f:9f:67:0e:41:79:
                    24:a2:ba:e4:30:dd:85:81:1e:07:bd:7d:6d:cf:a4:
                    8e:15:e7:b6:94:0b:df:78:80:da:d6:ff:40:11:41:
                    5a:46:60:c0:61:2d:ac:bf:d8:54:0f:04:1f:8e:26:
                    8c:57:33:4a:b9:b8:39:74:0c:55:46:53:d9:fb:a3:
                    38:a9:85:0c:fd:d4:58:73:fd:a4:23:d6:3e:ff:0e:
                    80:4c:d0:60:54:a6:e9:86:ec:7a:f4:04:90:64:4d:
                    43:e6:d0:f1:6e:30:3b:53:e4:28:27:a9:b6:a6:45:
                    11:cc:45:a5:9d:92:80:94:62:c2:49:85:fc:1b:96:
                    4b:15:e5:72:03:6d:92:ea:27:70:1b:c1:63:e8:0a:
                    4c:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:64:88:75:90:BE:23:9B:97:80:44:BB:AC:73:72:BD:46:3E:AD:4D
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cGSIdZC-I5uXgES7rHNyvUY-rU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:e80::/44
                  2a10:2f00:15d::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:cb:f0:4a:48:37:48:20:f1:e4:f0:3c:be:b2:70:47:45:4a:
         32:89:b7:0d:11:41:31:fe:bc:b9:8f:3e:44:c3:e5:be:db:07:
         a6:e6:29:4c:4b:fc:09:96:e2:ab:bc:e4:d8:e7:c7:21:2a:fe:
         60:ec:ac:29:e5:b0:84:6a:53:a6:fc:5e:fa:0b:4c:0d:26:f8:
         ab:6b:fc:29:e1:11:03:f1:e1:84:f1:53:f8:ee:40:0f:46:f1:
         7a:fa:43:0a:a6:36:32:c2:1f:cc:de:b0:f9:4b:bf:47:97:aa:
         85:21:00:0d:74:09:7e:26:dd:aa:df:c0:82:f8:81:91:25:20:
         ce:1b:d1:cf:4d:cb:fb:66:62:ef:54:6b:0c:58:1b:14:2d:c9:
         a1:3a:c7:84:bd:56:2a:d3:d6:a8:08:84:f4:7a:bb:bf:b0:16:
         fc:0f:6f:e0:fd:f9:ef:71:a5:9a:81:1d:80:7f:8d:31:b8:7b:
         d9:37:cc:fe:97:11:64:f1:12:1d:a4:fc:82:7e:f0:a1:18:36:
         73:65:c9:c6:72:ac:6f:cf:70:e0:80:fe:be:04:3e:8b:9f:8d:
         11:a9:de:ef:e0:b9:5d:e3:a3:8a:7c:ab:47:ed:dd:d9:65:27:
         78:67:e8:aa:45:42:05:77:dd:2e:c2:8c:fb:64:d5:47:a9:b9:
         f7:20:37:e3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIcykE6rTR6x24z6hdx9nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDY0ODg3NTkwYmUyMzliOTc4MDQ0YmJhYzczNzJiZDQ2M2VhZDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/SpBTalwkb0ZHURZeqLu9UWvO+C
/UvXhxDglX35KH134+qRNJBUgoLYG6hQNY6OIjsM0m1IboE6j232rfQe2cw6PJct
BeVMsQO6Z2aLyClTOamJC7jQSS7wqXVTNBPsmlI7xuRWwNpG+2zmpo/ywnJvn2cO
QXkkorrkMN2FgR4HvX1tz6SOFee2lAvfeIDa1v9AEUFaRmDAYS2sv9hUDwQfjiaM
VzNKubg5dAxVRlPZ+6M4qYUM/dRYc/2kI9Y+/w6ATNBgVKbphux69ASQZE1D5tDx
bjA7U+QoJ6m2pkURzEWlnZKAlGLCSYX8G5ZLFeVyA22S6idwG8Fj6ApMoQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHBkiHWQviObl4BEu6xzcr1GPq1NMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvY0dTSWRaQy1JNXVYZ0VTN3JITnl2VVktclUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6xBw6A
AwcAKhAvAAFdMA0GCSqGSIb3DQEBCwUAA4IBAQCny/BKSDdIIPHk8Dy+snBHRUoy
ibcNEUEx/ry5jz5Ew+W+2wem5ilMS/wJluKrvOTY58chKv5g7Kwp5bCEalOm/F76
C0wNJvira/wp4RED8eGE8VP47kAPRvF6+kMKpjYywh/M3rD5S79Hl6qFIQANdAl+
Jt2q38CC+IGRJSDOG9HPTcv7ZmLvVGsMWBsULcmhOseEvVYq09aoCIT0eru/sBb8
D2/g/fnvcaWagR2Af40xuHvZN8z+lxFk8RIdpPyCfvChGDZzZcnGcqxvz3DggP6+
BD6Ln40Rqd7v4Lld46OKfKtH7d3ZZSd4Z+iqRUIFd90uwoz7ZNVHqbn3IDfj
-----END CERTIFICATE-----