Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/fYfgIVduBQiu2xsX-gViEvLH6P0.roa
File:                     fYfgIVduBQiu2xsX-gViEvLH6P0.roa (raw, json)
Hash identifier:          3qYCUngA1POFjLThaKIQtxzhqGvc7QMbcMgqzLf8gns=
Subject key identifier:   7D:87:E0:21:57:6E:05:08:AE:DB:1B:17:FA:05:62:12:F2:C7:E8:FD
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425225CFDD1F4DAB6407F8F4BD4CB9254
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/fYfgIVduBQiu2xsX-gViEvLH6P0.roa
Signing time:             Thu 02 Jan 2025 03:49:56 +0000
ROA not before:           Thu 02 Jan 2025 03:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212227
IP address blocks:        2a0e:b107:139::/48 maxlen: 48
                          2a10:2f00:15e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 11:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:5c:fd:d1:f4:da:b6:40:7f:8f:4b:d4:cb:92:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d87e021576e0508aedb1b17fa056212f2c7e8fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b1:44:76:88:21:28:f7:83:bb:78:bd:f7:75:
                    82:97:74:ed:79:8b:b0:48:fc:dd:a8:e2:b8:62:9b:
                    1a:26:96:78:d4:c5:62:ca:e8:36:e0:56:be:38:7f:
                    1a:c7:d3:e0:ae:84:ca:1d:7d:89:c3:d0:1c:f8:29:
                    05:31:11:ca:85:76:62:4c:e5:ba:a1:dc:21:c9:ba:
                    0e:d7:c7:54:11:92:60:48:c3:2d:21:df:7c:19:84:
                    c8:0e:55:8f:f4:73:31:da:a7:c8:60:8a:87:ee:76:
                    a0:0d:8b:6e:42:de:8a:ee:b0:a1:d1:c4:7d:a1:50:
                    18:0e:6c:d6:81:51:43:a2:85:73:91:e6:7f:1d:06:
                    79:c8:51:ae:bf:c1:c3:11:bd:6d:17:85:be:19:9a:
                    04:07:1d:8f:9b:29:f8:a4:28:0a:5b:30:70:a5:25:
                    35:cf:c5:e7:c2:c0:34:92:5e:cc:27:e1:8d:a2:a9:
                    e1:ff:4e:f0:66:0b:d1:57:11:b9:9e:2a:bd:02:f9:
                    e2:75:b7:9a:b4:d0:f4:db:c0:81:f0:9c:a1:d2:e1:
                    4c:ba:f5:9f:80:cd:86:da:ef:03:f8:ef:e7:a5:bf:
                    12:47:55:ac:70:8d:10:09:9b:61:cd:bc:4d:72:d4:
                    c2:ba:a1:26:e5:97:18:1a:ce:c5:36:73:ee:53:64:
                    38:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:87:E0:21:57:6E:05:08:AE:DB:1B:17:FA:05:62:12:F2:C7:E8:FD
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/fYfgIVduBQiu2xsX-gViEvLH6P0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:139::/48
                  2a10:2f00:15e::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:8a:fe:79:1d:03:d0:a3:3d:c0:02:59:05:8b:9e:68:4b:da:
         b0:3e:d1:63:d4:96:15:60:cc:f2:c7:bd:31:f1:40:c6:fc:94:
         f4:0f:79:b3:69:bb:19:ac:74:17:07:34:32:72:1a:3b:75:50:
         e6:a3:28:0d:d3:99:b9:c1:c1:bf:d6:a0:92:0d:04:5e:9a:d8:
         1b:c9:13:0c:60:eb:7e:25:cc:53:c0:35:83:df:8c:7f:03:a2:
         c2:b1:ea:83:33:d3:c3:3a:30:66:26:62:23:f7:9f:5d:7b:79:
         b4:58:be:54:77:9c:15:0e:41:2f:1f:a8:0b:15:e9:62:a8:10:
         3b:42:48:58:a2:33:8e:66:35:4e:dd:a6:83:1d:dc:71:1c:6a:
         ee:f3:f5:d0:02:ea:cd:17:96:37:30:cc:d1:1d:31:6b:77:3f:
         ab:3a:7b:84:c3:b5:c6:31:81:bf:03:5f:c3:3d:bb:6b:7d:b9:
         79:e2:2e:a8:0d:60:f0:a6:3a:8b:5e:b9:a8:3c:a0:a7:77:0d:
         ff:12:bc:b5:4b:1b:dc:67:de:03:fa:00:54:3f:24:7e:a4:ba:
         06:dc:ab:a6:f1:16:22:b4:67:d4:3e:d7:3f:47:77:c6:b4:df:
         43:e1:a8:16:b4:9c:6a:a5:a2:9e:f8:c4:b1:c0:c0:9b:26:cc:
         ed:83:b0:e0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIlz90fTatkB/j0vUy5JUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDg3ZTAyMTU3NmUwNTA4YWVkYjFiMTdmYTA1NjIxMmYyYzdlOGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLFEdoghKPeDu3i993WCl3TteYuw
SPzdqOK4YpsaJpZ41MViyug24Fa+OH8ax9PgroTKHX2Jw9Ac+CkFMRHKhXZiTOW6
odwhyboO18dUEZJgSMMtId98GYTIDlWP9HMx2qfIYIqH7nagDYtuQt6K7rCh0cR9
oVAYDmzWgVFDooVzkeZ/HQZ5yFGuv8HDEb1tF4W+GZoEBx2Pmyn4pCgKWzBwpSU1
z8XnwsA0kl7MJ+GNoqnh/07wZgvRVxG5niq9AvnidbeatND028CB8Jyh0uFMuvWf
gM2G2u8D+O/npb8SR1WscI0QCZthzbxNctTCuqEm5ZcYGs7FNnPuU2Q46wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFH2H4CFXbgUIrtsbF/oFYhLyx+j9MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZllmZ0lWZHVCUWl1MnhzWC1nVmlFdkxINlAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6xBwE5
AwcAKhAvAAFeMA0GCSqGSIb3DQEBCwUAA4IBAQACiv55HQPQoz3AAlkFi55oS9qw
PtFj1JYVYMzyx70x8UDG/JT0D3mzabsZrHQXBzQycho7dVDmoygN05m5wcG/1qCS
DQRemtgbyRMMYOt+JcxTwDWD34x/A6LCseqDM9PDOjBmJmIj959de3m0WL5Ud5wV
DkEvH6gLFeliqBA7QkhYojOOZjVO3aaDHdxxHGru8/XQAurNF5Y3MMzRHTFrdz+r
OnuEw7XGMYG/A1/DPbtrfbl54i6oDWDwpjqLXrmoPKCndw3/Ery1SxvcZ94D+gBU
PyR+pLoG3Kum8RYitGfUPtc/R3fGtN9D4agWtJxqpaKe+MSxwMCbJsztg7Dg
-----END CERTIFICATE-----