Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/groAACBR_--DPDRRLro3-8savpA.roa
File:                     groAACBR_--DPDRRLro3-8savpA.roa (raw, json)
Hash identifier:          /OmmUukIzPCs+3dVi/zscf+a/2RTulCTP8ptMHKE53A=
Subject key identifier:   82:BA:00:00:20:51:FF:EF:83:3C:34:51:2E:BA:37:FB:CB:1A:BE:90
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521F9B4DF09B6634E29DBF6AF41FCD5
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/groAACBR_--DPDRRLro3-8savpA.roa
Signing time:             Thu 02 Jan 2025 03:49:31 +0000
ROA not before:           Thu 02 Jan 2025 03:49:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199177
IP address blocks:        2a0e:b107:2080::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:f9:b4:df:09:b6:63:4e:29:db:f6:af:41:fc:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82ba00002051ffef833c34512eba37fbcb1abe90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:6c:98:60:97:c4:93:6f:e2:0e:fb:25:ed:c1:
                    60:18:00:e1:43:66:1b:de:8a:c2:d7:d3:19:7e:84:
                    7d:91:a4:6e:1c:c3:d1:b1:7b:d5:11:40:e8:ca:db:
                    c0:33:9c:d0:a6:6d:50:c9:5f:42:bb:ae:e6:3f:b3:
                    b9:b2:3b:2b:ae:00:96:88:23:6e:a2:54:ae:ff:8a:
                    57:f3:51:a8:ce:81:8d:79:11:bb:76:13:17:3d:54:
                    00:73:28:60:4f:dd:11:4e:86:a5:0e:bd:14:22:48:
                    99:99:9c:48:3e:d1:99:44:64:b8:3d:7d:7b:fd:a7:
                    b7:67:fe:e9:7a:78:06:6a:fa:3b:d0:92:d3:65:99:
                    5c:11:82:4f:80:2c:8c:ab:de:40:57:b2:ac:ac:aa:
                    9f:49:2c:cb:8d:8b:59:ec:b7:a0:07:8d:1d:e0:b7:
                    52:7a:02:4f:8b:8c:56:4b:e1:e1:f5:c1:19:b1:b9:
                    c3:e7:1d:1c:5e:9c:1a:8d:d2:18:bd:08:b5:12:a3:
                    4a:92:17:3e:8b:24:e1:67:f4:b7:0e:f1:51:dd:11:
                    d1:b7:95:1c:d7:ca:9a:af:4c:fd:e1:91:16:b6:27:
                    94:ab:58:9d:a8:cd:77:9e:9e:01:48:05:89:07:ea:
                    45:de:e5:fb:0b:26:7b:91:4a:90:71:4b:ee:ec:7f:
                    f0:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:BA:00:00:20:51:FF:EF:83:3C:34:51:2E:BA:37:FB:CB:1A:BE:90
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/groAACBR_--DPDRRLro3-8savpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:2080::/44

    Signature Algorithm: sha256WithRSAEncryption
         6e:83:78:5a:bb:09:ca:94:0c:ed:3a:d2:e7:9a:7d:9e:36:0a:
         99:a4:28:50:9a:f6:28:60:e0:cf:27:47:1f:16:4c:62:85:0e:
         50:8c:77:11:fe:76:b5:b2:75:cc:b4:a1:cf:f9:10:ac:f5:15:
         29:5d:1a:98:1c:ed:42:90:a5:1d:48:2c:c6:e9:28:02:e3:1a:
         64:a4:5d:57:f3:e2:03:c9:6e:f9:0b:cd:c6:77:6c:d3:92:f9:
         ef:04:5c:7b:06:29:ee:24:54:2f:cd:b8:1b:b5:11:43:22:56:
         7e:cc:69:4a:28:ef:50:fa:95:c3:76:0c:e7:72:bc:ba:d5:fd:
         4a:e1:ad:85:f0:69:9f:31:10:50:01:b7:3f:86:20:8c:46:03:
         04:ea:e8:14:2a:de:ca:66:ea:99:0f:87:5f:bb:3f:11:b5:9e:
         54:0a:d4:3c:d8:d8:41:cd:a8:36:44:43:b2:e7:9c:d7:f0:56:
         3d:fc:1a:04:af:d2:86:f3:ff:8c:c5:f1:16:db:41:7f:59:f7:
         2f:38:9d:30:bf:e9:e2:8f:33:32:24:ec:36:6f:e7:d6:8f:a0:
         ee:fe:ad:c5:a6:19:28:ff:74:e6:1b:e3:67:95:68:e7:31:31:
         b7:84:28:2d:89:09:ba:36:8a:cf:5b:55:75:cc:b1:e2:f1:60:
         01:8f:db:bf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIfm03wm2Y04p2/avQfzVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmJhMDAwMDIwNTFmZmVmODMzYzM0NTEyZWJhMzdmYmNiMWFiZTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWyYYJfEk2/iDvsl7cFgGADhQ2Yb
3orC19MZfoR9kaRuHMPRsXvVEUDoytvAM5zQpm1QyV9Cu67mP7O5sjsrrgCWiCNu
olSu/4pX81GozoGNeRG7dhMXPVQAcyhgT90RToalDr0UIkiZmZxIPtGZRGS4PX17
/ae3Z/7pengGavo70JLTZZlcEYJPgCyMq95AV7KsrKqfSSzLjYtZ7LegB40d4LdS
egJPi4xWS+Hh9cEZsbnD5x0cXpwajdIYvQi1EqNKkhc+iyThZ/S3DvFR3RHRt5Uc
18qar0z94ZEWtieUq1idqM13np4BSAWJB+pF3uX7CyZ7kUqQcUvu7H/wjwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIK6AAAgUf/vgzw0US66N/vLGr6QMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZ3JvQUFDQlJfLS1EUERSUkxybzMtOHNhdnBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xByCA
MA0GCSqGSIb3DQEBCwUAA4IBAQBug3hauwnKlAztOtLnmn2eNgqZpChQmvYoYODP
J0cfFkxihQ5QjHcR/na1snXMtKHP+RCs9RUpXRqYHO1CkKUdSCzG6SgC4xpkpF1X
8+IDyW75C83Gd2zTkvnvBFx7BinuJFQvzbgbtRFDIlZ+zGlKKO9Q+pXDdgzncry6
1f1K4a2F8GmfMRBQAbc/hiCMRgME6ugUKt7KZuqZD4dfuz8RtZ5UCtQ82NhBzag2
REOy55zX8FY9/BoEr9KG8/+MxfEW20F/WfcvOJ0wv+nijzMyJOw2b+fWj6Du/q3F
phko/3TmG+NnlWjnMTG3hCgtiQm6NorPW1V1zLHi8WABj9u/
-----END CERTIFICATE-----