Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/dX90WuF9NTYJcIOanfeLMA3Sk4c.roa
File:                     dX90WuF9NTYJcIOanfeLMA3Sk4c.roa (raw, json)
Hash identifier:          u+IqiqFfDqvLc0qHCWJ8ERoyapDsacTDTV4HkVu08no=
Subject key identifier:   75:7F:74:5A:E1:7D:35:36:09:70:83:9A:9D:F7:8B:30:0D:D2:93:87
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252254D7A41849D2E3FD21C7ACDD9AEF
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/dX90WuF9NTYJcIOanfeLMA3Sk4c.roa
Signing time:             Thu 02 Jan 2025 03:49:54 +0000
ROA not before:           Thu 02 Jan 2025 03:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211685
IP address blocks:        2a0e:97c0:250::/44 maxlen: 48
                          2a0e:97c0:250::/48 maxlen: 48
                          2a0e:97c0:251::/48 maxlen: 48
                          2a0e:97c0:252::/48 maxlen: 48
                          2a0e:97c0:253::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 11:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:54:d7:a4:18:49:d2:e3:fd:21:c7:ac:dd:9a:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=757f745ae17d35360970839a9df78b300dd29387
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:73:5f:d3:ba:ab:25:f1:3a:a9:76:93:f5:24:
                    a2:2c:10:88:43:c1:c3:16:4b:48:52:c2:00:69:a4:
                    d4:a9:5e:b5:05:f6:83:1f:6f:0b:97:42:29:a5:fe:
                    7d:77:f4:c9:9d:cb:9e:47:92:4f:31:e4:6b:02:48:
                    73:fd:81:9d:44:e1:5d:35:ea:98:2e:59:4b:1e:d7:
                    e2:e8:73:b6:a1:53:cc:8c:74:a9:7b:a3:7d:96:44:
                    52:48:ee:ed:86:44:32:95:a4:ec:a0:bd:1b:f7:bf:
                    b1:9b:08:aa:e9:2c:e7:77:37:d4:9e:b9:65:f7:83:
                    26:df:8e:c1:27:ec:c4:40:f3:63:01:a4:d0:cd:52:
                    09:b8:d3:a0:86:5c:06:27:d5:01:f4:2f:1e:6e:6d:
                    d0:81:5a:b0:01:79:10:b3:00:0a:91:d6:29:58:0c:
                    84:a0:27:50:de:f6:96:f7:45:7c:c1:41:9b:03:cb:
                    fc:72:7c:41:a1:aa:7d:9f:af:00:3e:ea:d9:85:b0:
                    67:e2:52:56:d9:45:af:1a:ac:1f:81:78:71:e0:f3:
                    7f:9f:f0:f4:8f:ea:a7:42:e6:8d:84:47:5a:aa:93:
                    42:3f:58:63:61:c5:d7:79:c5:00:9b:55:69:0f:a2:
                    3f:70:9c:48:f5:1d:1e:74:6e:5b:43:ae:7e:6f:38:
                    be:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:7F:74:5A:E1:7D:35:36:09:70:83:9A:9D:F7:8B:30:0D:D2:93:87
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/dX90WuF9NTYJcIOanfeLMA3Sk4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:250::/44

    Signature Algorithm: sha256WithRSAEncryption
         2d:83:1c:95:38:5c:a6:ca:23:03:26:f3:86:71:27:b4:d8:31:
         33:1e:67:d8:0f:52:03:3a:87:0a:08:76:fe:76:7c:66:d3:36:
         c0:2c:ce:b7:d9:d1:e9:a2:c0:7f:3b:0b:f8:86:5a:66:b0:23:
         93:e6:79:df:cd:59:82:2d:33:b7:ad:8c:de:85:d2:c3:b7:73:
         34:00:a3:0f:e0:3a:4d:ce:f9:38:36:95:c2:d0:96:90:fb:02:
         5f:d2:48:56:b5:29:88:30:da:4e:ea:5e:8c:1e:79:7b:1f:c8:
         53:e0:5f:1e:4c:86:4f:05:cf:ff:a4:24:95:ca:6b:6d:26:f3:
         d9:8c:fd:67:0e:47:31:74:8a:8a:05:16:40:e8:85:ce:15:b4:
         e5:cc:58:f8:46:50:fc:d4:67:42:1a:01:b8:e8:6b:9f:e5:1b:
         71:98:71:9e:f5:0d:21:33:dc:df:72:57:29:8f:52:41:3f:13:
         84:ca:0c:d0:21:20:b5:79:cd:01:4d:97:21:ad:8c:4b:09:ee:
         e7:c9:e4:03:da:d0:77:70:09:1d:7b:92:82:2d:04:cd:9c:a7:
         72:3b:be:96:35:50:b0:f3:98:cf:3b:53:e9:51:a8:55:d8:ce:
         ae:6c:f3:22:9c:de:ac:c6:b8:ab:0a:7e:1f:af:a2:e5:ef:4c:
         65:d5:9c:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIlTXpBhJ0uP9Ices3ZrvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTdmNzQ1YWUxN2QzNTM2MDk3MDgzOWE5ZGY3OGIzMDBkZDI5Mzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7XNf07qrJfE6qXaT9SSiLBCIQ8HD
FktIUsIAaaTUqV61BfaDH28Ll0Ippf59d/TJncueR5JPMeRrAkhz/YGdROFdNeqY
LllLHtfi6HO2oVPMjHSpe6N9lkRSSO7thkQylaTsoL0b97+xmwiq6SzndzfUnrll
94Mm347BJ+zEQPNjAaTQzVIJuNOghlwGJ9UB9C8ebm3QgVqwAXkQswAKkdYpWAyE
oCdQ3vaW90V8wUGbA8v8cnxBoap9n68APurZhbBn4lJW2UWvGqwfgXhx4PN/n/D0
j+qnQuaNhEdaqpNCP1hjYcXXecUAm1VpD6I/cJxI9R0edG5bQ65+bzi+MQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHV/dFrhfTU2CXCDmp33izAN0pOHMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZFg5MFd1RjlOVFlKY0lPYW5mZUxNQTNTazRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAJQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAtgxyVOFymyiMDJvOGcSe02DEzHmfYD1IDOocK
CHb+dnxm0zbALM632dHposB/Owv4hlpmsCOT5nnfzVmCLTO3rYzehdLDt3M0AKMP
4DpNzvk4NpXC0JaQ+wJf0khWtSmIMNpO6l6MHnl7H8hT4F8eTIZPBc//pCSVymtt
JvPZjP1nDkcxdIqKBRZA6IXOFbTlzFj4RlD81GdCGgG46Guf5RtxmHGe9Q0hM9zf
clcpj1JBPxOEygzQISC1ec0BTZchrYxLCe7nyeQD2tB3cAkde5KCLQTNnKdyO76W
NVCw85jPO1PpUahV2M6ubPMinN6sxrirCn4fr6Ll70xl1ZxM
-----END CERTIFICATE-----