Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/iBH_KfjteZyf13nwwl6wBcLkFeo.roa
File:                     iBH_KfjteZyf13nwwl6wBcLkFeo.roa (raw, json)
Hash identifier:          VWMwUCimxG0rYi0PIZAKfhkdI+KeGlrgfz9U4hQY/7Y=
Subject key identifier:   88:11:FF:29:F8:ED:79:9C:9F:D7:79:F0:C2:5E:B0:05:C2:E4:15:EA
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252258AAAF1CAFAAB1FEF9BE70D398DD
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/iBH_KfjteZyf13nwwl6wBcLkFeo.roa
Signing time:             Thu 02 Jan 2025 03:49:55 +0000
ROA not before:           Thu 02 Jan 2025 03:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212085
IP address blocks:        2a0e:b107:ea4::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:58:aa:af:1c:af:aa:b1:fe:f9:be:70:d3:98:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8811ff29f8ed799c9fd779f0c25eb005c2e415ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:b8:12:2b:38:34:07:7a:71:79:ad:a1:f5:77:
                    97:a8:03:62:2b:1b:d3:8a:b9:44:e1:fc:8f:9f:20:
                    42:90:af:8c:b8:ec:cc:d0:26:e3:37:c7:e0:92:83:
                    49:0e:dd:e2:7b:41:4f:ec:11:b4:6e:29:5d:45:15:
                    13:c5:76:18:3d:61:6e:5e:d7:9c:11:01:00:a3:bc:
                    4c:6e:64:98:2e:13:63:85:98:43:4c:42:63:c8:94:
                    f0:3a:aa:37:73:89:96:b3:e8:86:95:58:03:dc:72:
                    7a:ba:77:5b:ec:1a:1d:3a:c5:a9:30:cf:dd:9c:ca:
                    23:4c:f5:47:60:fa:db:04:ba:94:e5:77:8d:ef:1c:
                    bf:4b:d3:1d:1f:5a:b3:b8:58:e9:2d:00:68:39:9c:
                    d1:30:72:e0:9d:f4:7d:c9:9d:bb:75:c8:47:bd:1c:
                    22:17:5a:46:51:02:8c:d6:30:12:4d:12:96:f1:70:
                    6b:c5:e3:40:09:59:1a:e8:ad:0e:c0:cd:a1:dd:c4:
                    7a:a0:c1:76:5c:8f:71:cd:12:e3:6d:c5:20:32:05:
                    5c:c3:f5:16:07:93:17:b2:48:14:6e:73:bd:b5:ed:
                    3b:a9:5f:c8:e9:e3:c9:a6:57:1f:46:74:66:8c:c8:
                    aa:f2:74:82:14:27:e6:36:2e:66:17:a6:c0:6f:66:
                    84:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:11:FF:29:F8:ED:79:9C:9F:D7:79:F0:C2:5E:B0:05:C2:E4:15:EA
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/iBH_KfjteZyf13nwwl6wBcLkFeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:ea4::/46

    Signature Algorithm: sha256WithRSAEncryption
         2c:71:a4:b0:c1:c3:c8:ad:39:8a:6d:b8:9c:25:76:35:56:79:
         35:35:b7:9f:51:9b:79:0b:a9:72:a9:12:71:5b:6b:1d:6b:20:
         fd:5e:c2:36:c7:90:2d:f4:94:9a:8d:6c:d4:fc:9f:b6:69:b8:
         62:82:0e:32:a7:0d:b9:98:0a:e2:11:03:aa:6e:73:a4:6d:f2:
         70:14:f2:c0:48:da:a0:3a:7a:25:0f:66:70:34:3e:f9:54:3f:
         cf:02:9b:5c:6d:6a:52:da:bd:27:71:60:66:78:e3:e8:9d:ca:
         57:e9:a9:d6:5c:7e:e6:01:aa:f1:66:fd:ae:03:09:dc:b5:c2:
         96:d8:62:05:da:ce:eb:2c:1f:f4:c8:88:43:f5:0b:06:37:1a:
         a3:1b:95:ae:ea:b4:b6:ee:c7:c5:1f:be:43:10:38:42:27:12:
         74:30:c7:53:9a:42:2f:55:06:b1:8b:4f:70:7e:fe:8d:8a:b0:
         4f:85:fc:4f:1b:49:56:02:dd:f2:6d:48:ce:37:d9:d0:c9:3c:
         da:18:af:20:27:5d:36:c5:56:9b:b1:71:52:23:c3:13:7c:bc:
         c9:22:25:f1:58:f6:22:2e:6f:52:ce:7d:d7:0e:43:d8:72:e8:
         51:fa:b6:d9:cc:1c:0b:17:bc:7c:b1:37:99:52:ca:6c:a2:68:
         37:ab:b2:20
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIliqrxyvqrH++b5w05jdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODExZmYyOWY4ZWQ3OTljOWZkNzc5ZjBjMjVlYjAwNWMyZTQxNWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7gSKzg0B3pxea2h9XeXqANiKxvT
irlE4fyPnyBCkK+MuOzM0CbjN8fgkoNJDt3ie0FP7BG0bildRRUTxXYYPWFuXtec
EQEAo7xMbmSYLhNjhZhDTEJjyJTwOqo3c4mWs+iGlVgD3HJ6undb7BodOsWpMM/d
nMojTPVHYPrbBLqU5XeN7xy/S9MdH1qzuFjpLQBoOZzRMHLgnfR9yZ27dchHvRwi
F1pGUQKM1jASTRKW8XBrxeNACVka6K0OwM2h3cR6oMF2XI9xzRLjbcUgMgVcw/UW
B5MXskgUbnO9te07qV/I6ePJplcfRnRmjMiq8nSCFCfmNi5mF6bAb2aEKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIgR/yn47Xmcn9d58MJesAXC5BXqMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvaUJIX0tmanRlWnlmMTNud3dsNndCY0xrRmVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKg6xBw6k
MA0GCSqGSIb3DQEBCwUAA4IBAQAscaSwwcPIrTmKbbicJXY1Vnk1NbefUZt5C6ly
qRJxW2sdayD9XsI2x5At9JSajWzU/J+2abhigg4ypw25mAriEQOqbnOkbfJwFPLA
SNqgOnolD2ZwND75VD/PAptcbWpS2r0ncWBmeOPoncpX6anWXH7mAarxZv2uAwnc
tcKW2GIF2s7rLB/0yIhD9QsGNxqjG5Wu6rS27sfFH75DEDhCJxJ0MMdTmkIvVQax
i09wfv6NirBPhfxPG0lWAt3ybUjON9nQyTzaGK8gJ102xVabsXFSI8MTfLzJIiXx
WPYiLm9Szn3XDkPYcuhR+rbZzBwLF7x8sTeZUspsomg3q7Ig
-----END CERTIFICATE-----