Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/e7ig5a0O2cKAfYAqQAWXhGH69fQ.roa
File:                     e7ig5a0O2cKAfYAqQAWXhGH69fQ.roa (raw, json)
Hash identifier:          AtOOTXgkQoS3PSA4U5haQhMqcBiio+vkHDuDLifPm14=
Subject key identifier:   7B:B8:A0:E5:AD:0E:D9:C2:80:7D:80:2A:40:05:97:84:61:FA:F5:F4
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01953CF328092F45CD36149E5147FE87E003
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/e7ig5a0O2cKAfYAqQAWXhGH69fQ.roa
Signing time:             Tue 25 Feb 2025 11:52:03 +0000
ROA not before:           Tue 25 Feb 2025 11:52:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213641
IP address blocks:        2a0e:97c0:680::/44 maxlen: 48
                          2a0e:97c0:680::/48 maxlen: 48
                          2a0e:97c0:681::/48 maxlen: 48
                          2a0e:97c0:682::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3c:f3:28:09:2f:45:cd:36:14:9e:51:47:fe:87:e0:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb 25 11:52:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7bb8a0e5ad0ed9c2807d802a4005978461faf5f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c0:78:6c:be:17:4a:1d:31:00:4a:a5:ed:b1:
                    58:1c:b6:19:8f:b1:8d:8d:51:0a:6a:99:a0:45:79:
                    3b:f0:33:84:7b:c6:b8:56:94:54:c1:a8:e8:28:10:
                    25:e9:47:fd:49:43:11:fd:28:44:d1:a8:03:43:99:
                    c6:53:66:7d:26:c4:81:be:1e:88:bc:32:2b:78:bb:
                    a5:44:3c:64:d2:d4:86:50:cc:92:0d:55:c1:88:34:
                    bf:15:eb:9c:3e:9b:9d:1a:35:8e:a4:85:97:d3:5e:
                    e2:7b:55:67:f6:1f:11:a0:8f:de:8c:96:e7:f1:09:
                    5b:ee:8e:d7:9e:48:ae:9b:75:8b:ea:c3:7a:60:ca:
                    94:a4:4e:82:72:1e:61:94:02:c7:3d:63:2a:35:18:
                    c9:cb:fc:16:b5:ad:3b:2c:e1:90:7c:d9:4f:1e:62:
                    72:07:b4:c9:da:cc:14:7c:c5:d5:3d:8b:5a:e2:63:
                    d6:b1:11:b9:27:4f:3c:50:58:b2:f0:b4:df:6c:03:
                    eb:3b:7b:ea:b0:41:a6:e4:1f:09:7b:e2:6f:17:69:
                    c1:ab:14:50:0c:5d:17:e3:3d:ac:b5:c6:d6:b1:a9:
                    29:98:a1:16:f6:2b:c4:01:fa:bb:24:56:e8:c7:4d:
                    b4:0b:06:77:47:c4:e8:6c:73:97:f6:ad:6c:33:e4:
                    a0:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:B8:A0:E5:AD:0E:D9:C2:80:7D:80:2A:40:05:97:84:61:FA:F5:F4
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/e7ig5a0O2cKAfYAqQAWXhGH69fQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:680::/44

    Signature Algorithm: sha256WithRSAEncryption
         72:7f:84:ef:fb:cc:2b:a3:f8:d5:e8:77:b7:60:cc:3b:71:90:
         02:87:9e:f9:84:0f:98:94:45:09:bf:71:59:0f:79:6e:b3:29:
         27:b5:05:25:eb:86:55:ef:b7:51:d9:31:c9:ee:2e:fb:de:0a:
         1f:34:74:12:90:dd:7a:07:be:3a:e3:52:d0:4d:7b:98:38:7e:
         13:9d:f5:d3:76:2d:9e:af:d6:14:ce:33:65:5a:38:41:39:e4:
         24:c9:af:0d:4c:c5:9e:53:4b:f1:b7:b0:1f:ff:87:1b:ff:e4:
         bb:1c:ea:d1:48:6f:6b:85:49:e6:27:cd:1e:aa:a8:fc:52:48:
         51:1a:43:75:f5:cc:1c:82:e4:d3:fc:cd:05:d7:ed:65:27:9f:
         dd:87:df:e7:2e:bb:d7:f5:b7:51:bd:45:64:c2:52:ca:85:07:
         38:d7:3b:9a:8e:20:71:15:53:be:ed:7c:57:9e:1b:0e:3c:fe:
         25:42:cd:62:cc:4e:00:21:a2:50:a8:db:8c:09:71:5b:05:67:
         10:47:be:55:46:ed:34:50:f0:04:f5:79:dd:67:94:02:d8:da:
         ab:f4:97:47:6f:b3:3f:20:e7:f1:f6:98:83:f9:35:3b:a1:8e:
         28:b4:ac:6a:ce:02:5d:22:d7:90:fa:63:95:22:a8:63:bd:8c:
         19:df:02:64
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZU88ygJL0XNNhSeUUf+h+ADMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMjI1MTE1MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmI4YTBlNWFkMGVkOWMyODA3ZDgwMmE0MDA1OTc4NDYxZmFmNWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsB4bL4XSh0xAEql7bFYHLYZj7GN
jVEKapmgRXk78DOEe8a4VpRUwajoKBAl6Uf9SUMR/ShE0agDQ5nGU2Z9JsSBvh6I
vDIreLulRDxk0tSGUMySDVXBiDS/FeucPpudGjWOpIWX017ie1Vn9h8RoI/ejJbn
8Qlb7o7Xnkium3WL6sN6YMqUpE6Cch5hlALHPWMqNRjJy/wWta07LOGQfNlPHmJy
B7TJ2swUfMXVPYta4mPWsRG5J088UFiy8LTfbAPrO3vqsEGm5B8Je+JvF2nBqxRQ
DF0X4z2stcbWsakpmKEW9ivEAfq7JFbox020CwZ3R8TobHOX9q1sM+SgaQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHu4oOWtDtnCgH2AKkAFl4Rh+vX0MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZTdpZzVhME8yY0tBZllBcVFBV1hoR0g2OWZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAaA
MA0GCSqGSIb3DQEBCwUAA4IBAQByf4Tv+8wro/jV6He3YMw7cZACh575hA+YlEUJ
v3FZD3lusykntQUl64ZV77dR2THJ7i773gofNHQSkN16B74641LQTXuYOH4TnfXT
di2er9YUzjNlWjhBOeQkya8NTMWeU0vxt7Af/4cb/+S7HOrRSG9rhUnmJ80eqqj8
UkhRGkN19cwcguTT/M0F1+1lJ5/dh9/nLrvX9bdRvUVkwlLKhQc41zuajiBxFVO+
7XxXnhsOPP4lQs1izE4AIaJQqNuMCXFbBWcQR75VRu00UPAE9XndZ5QC2Nqr9JdH
b7M/IOfx9piD+TU7oY4otKxqzgJdIteQ+mOVIqhjvYwZ3wJk
-----END CERTIFICATE-----