Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/gRXw7MoSxQr0qND6KeBbDmAszqc.roa
File:                     gRXw7MoSxQr0qND6KeBbDmAszqc.roa (raw, json)
Hash identifier:          m95yCSlJOpPZMPE1dFmr9el0L4cMAVURgEoNQT60zdk=
Subject key identifier:   81:15:F0:EC:CA:12:C5:0A:F4:A8:D0:FA:29:E0:5B:0E:60:2C:CE:A7
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01974B8023CC5EBBE83BF906771E090E6116
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/gRXw7MoSxQr0qND6KeBbDmAszqc.roa
Signing time:             Sat 07 Jun 2025 17:46:18 +0000
ROA not before:           Sat 07 Jun 2025 17:46:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216112
IP address blocks:        2a0e:97c0:de0::/44 maxlen: 48
                          2a0e:97c0:de1::/48 maxlen: 48
                          2a0e:97c0:de2::/48 maxlen: 48
                          2a0e:97c0:de3::/48 maxlen: 48
                          2a0e:97c0:de4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Jun 2025 21:26:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4b:80:23:cc:5e:bb:e8:3b:f9:06:77:1e:09:0e:61:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun  7 17:46:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8115f0ecca12c50af4a8d0fa29e05b0e602ccea7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:c3:86:9b:ec:ff:ba:0d:1c:28:47:df:72:c9:
                    3c:ef:2d:9c:95:80:b9:54:21:35:da:64:05:0e:3d:
                    cb:54:ef:06:10:3a:03:7b:df:d0:1a:2a:61:62:82:
                    e3:e1:25:8b:1a:5a:4f:1b:fa:27:4f:18:01:c4:47:
                    11:1e:3c:f4:a5:c8:78:ec:9c:66:a0:24:e5:33:14:
                    a8:41:26:11:6d:64:b3:f0:76:d9:bd:56:ba:3a:22:
                    ef:a4:14:fa:ac:c8:62:18:7e:08:2b:d3:7a:9d:02:
                    14:8c:25:1c:e0:c2:a8:99:ad:f8:55:2e:c7:1e:e1:
                    13:a5:99:51:49:c1:eb:4e:7c:f1:00:9b:ba:b3:73:
                    24:c7:63:47:88:08:54:c3:dd:e3:23:94:1d:5c:32:
                    a6:94:3c:03:43:e2:63:31:30:2e:34:a1:52:a3:cf:
                    ed:a1:f8:41:68:11:4d:d8:b8:46:61:fa:e8:72:72:
                    98:7b:d5:a4:8a:51:79:c4:86:e7:18:2e:9c:94:7d:
                    1a:0a:42:07:67:32:09:4a:2c:59:65:16:ee:f5:e0:
                    f3:37:16:e4:df:b9:d4:8d:91:8d:9e:66:97:b2:86:
                    5d:60:6a:51:1a:b9:32:dc:13:65:7e:2e:59:00:63:
                    17:af:1c:e6:41:41:8d:7e:57:41:f4:53:c4:37:12:
                    85:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:15:F0:EC:CA:12:C5:0A:F4:A8:D0:FA:29:E0:5B:0E:60:2C:CE:A7
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/gRXw7MoSxQr0qND6KeBbDmAszqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:de0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a9:40:8e:d2:d4:7b:5c:fe:ab:b7:2c:12:31:df:b2:aa:57:83:
         29:e3:d7:a7:ba:c4:11:64:b2:ae:1e:2e:34:56:10:e8:01:5f:
         b1:92:89:58:b7:04:90:f8:ec:93:20:6f:af:e4:45:59:82:f6:
         b1:b6:d0:d3:55:4c:e8:1e:3c:5e:74:52:65:6f:38:a9:58:8d:
         ac:ed:fe:74:ef:ad:a8:d9:d6:6a:af:30:da:63:50:2b:c3:32:
         16:31:c6:c9:0e:e9:6b:fa:bc:98:2f:a4:e3:1f:27:7b:c9:39:
         ed:2d:37:fc:b6:bf:1d:bc:0d:64:e2:05:3a:12:0f:42:14:78:
         63:7e:ba:57:2b:2e:71:7d:55:6f:5c:bf:94:2a:24:f0:9f:e9:
         83:47:7c:fd:96:35:05:68:af:df:01:b2:28:64:94:0f:69:21:
         86:77:0c:a1:b6:b4:54:91:4c:4f:6b:04:b8:2d:aa:f8:36:3d:
         d0:2a:0c:91:9b:b7:01:74:69:de:db:c2:09:e4:5b:3e:f6:2e:
         59:eb:fe:82:eb:8b:2a:7d:7c:b9:15:c1:f4:f4:f7:36:7b:1e:
         24:90:90:fb:b2:cb:3f:c6:6a:b0:8c:af:d2:15:27:3c:cc:0d:
         19:94:70:c3:03:8e:e9:f4:f6:15:82:8c:9a:86:4c:9c:24:0e:
         12:ae:1f:ad
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZdLgCPMXrvoO/kGdx4JDmEWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNjA3MTc0NjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTE1ZjBlY2NhMTJjNTBhZjRhOGQwZmEyOWUwNWIwZTYwMmNjZWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcOGm+z/ug0cKEffcsk87y2clYC5
VCE12mQFDj3LVO8GEDoDe9/QGiphYoLj4SWLGlpPG/onTxgBxEcRHjz0pch47Jxm
oCTlMxSoQSYRbWSz8HbZvVa6OiLvpBT6rMhiGH4IK9N6nQIUjCUc4MKoma34VS7H
HuETpZlRScHrTnzxAJu6s3Mkx2NHiAhUw93jI5QdXDKmlDwDQ+JjMTAuNKFSo8/t
ofhBaBFN2LhGYfrocnKYe9WkilF5xIbnGC6clH0aCkIHZzIJSixZZRbu9eDzNxbk
37nUjZGNnmaXsoZdYGpRGrky3BNlfi5ZAGMXrxzmQUGNfldB9FPENxKF4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIEV8OzKEsUK9KjQ+ingWw5gLM6nMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZ1JYdzdNb1N4UXIwcU5ENktlQmJEbUFzenFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwA3g
MA0GCSqGSIb3DQEBCwUAA4IBAQCpQI7S1Htc/qu3LBIx37KqV4Mp49enusQRZLKu
Hi40VhDoAV+xkolYtwSQ+OyTIG+v5EVZgvaxttDTVUzoHjxedFJlbzipWI2s7f50
762o2dZqrzDaY1ArwzIWMcbJDulr+ryYL6TjHyd7yTntLTf8tr8dvA1k4gU6Eg9C
FHhjfrpXKy5xfVVvXL+UKiTwn+mDR3z9ljUFaK/fAbIoZJQPaSGGdwyhtrRUkUxP
awS4Lar4Nj3QKgyRm7cBdGne28IJ5Fs+9i5Z6/6C64sqfXy5FcH09Pc2ex4kkJD7
sss/xmqwjK/SFSc8zA0ZlHDDA47p9PYVgoyahkycJA4Srh+t
-----END CERTIFICATE-----