Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kKGZGy5GUDJTXS4ttOIk9-nBmr8.roa
File:                     kKGZGy5GUDJTXS4ttOIk9-nBmr8.roa (raw, json)
Hash identifier:          UWeBMRgYhwsn4ByM5lQm4eA2jyTUXsmyBPlxnd8GaFE=
Subject key identifier:   90:A1:99:1B:2E:46:50:32:53:5D:2E:2D:B4:E2:24:F7:E9:C1:9A:BF
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425222995B2D7E2CFFB9156A09AE7FF71
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kKGZGy5GUDJTXS4ttOIk9-nBmr8.roa
Signing time:             Thu 02 Jan 2025 03:49:43 +0000
ROA not before:           Thu 02 Jan 2025 03:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207716
IP address blocks:        2a0e:97c0:7b0::/44 maxlen: 48
                          2a0e:97c0:7bd::/48 maxlen: 48
                          2a0e:97c0:7be::/48 maxlen: 48
                          2a0e:97c0:7bf::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:29:95:b2:d7:e2:cf:fb:91:56:a0:9a:e7:ff:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90a1991b2e465032535d2e2db4e224f7e9c19abf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:19:12:18:ea:0d:c9:a2:39:46:c3:41:b1:38:
                    70:6e:81:a0:5b:64:59:7c:ad:f7:b8:88:ee:d8:7f:
                    d5:f6:58:b0:90:73:1f:16:0e:31:64:1d:e5:5c:d2:
                    3c:db:52:2c:84:9f:82:13:6b:83:61:7e:97:53:7a:
                    9d:54:25:83:bf:45:9f:cd:d1:ab:bd:8e:6c:a9:8e:
                    34:27:a6:12:2e:e1:e0:f7:5f:3a:31:17:7d:ce:22:
                    8f:e2:ca:48:11:b6:2a:8f:2a:d8:c6:72:50:76:10:
                    14:24:87:dc:e7:d9:be:a0:d5:81:c0:d0:41:24:e1:
                    1b:7b:10:d2:66:22:89:dd:ca:30:e1:e9:26:cf:e4:
                    a6:bf:a2:85:5b:95:d4:f3:bb:56:87:ad:98:02:aa:
                    a5:9d:75:a1:3c:45:cd:a1:f4:40:c8:24:ae:4b:73:
                    3b:09:49:cb:d1:98:02:3d:76:10:c6:fe:96:4d:f3:
                    cd:7a:ed:16:5d:c9:4b:d1:34:ff:35:3b:7f:10:2f:
                    da:2f:42:a8:41:46:ea:62:f0:f5:e2:83:43:2d:e9:
                    0d:80:b8:13:aa:72:25:ca:d8:e6:7c:f3:91:21:9c:
                    9b:1f:27:01:eb:3a:ed:c8:48:88:3c:fb:69:a9:f4:
                    92:ba:17:57:63:00:5a:2d:5b:09:55:73:b0:11:b9:
                    b6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:A1:99:1B:2E:46:50:32:53:5D:2E:2D:B4:E2:24:F7:E9:C1:9A:BF
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kKGZGy5GUDJTXS4ttOIk9-nBmr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:7b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         b5:ab:eb:b2:44:36:23:60:5f:0e:8f:71:be:be:bc:ba:cd:cc:
         52:65:19:0c:ae:b2:52:10:29:70:9c:1a:ab:74:1d:f1:01:4d:
         ce:c0:9b:a3:73:98:ed:1b:ac:ab:ea:a9:ce:30:f2:5f:d3:f7:
         d2:6d:d9:40:47:52:ba:5a:13:14:6f:a2:10:5c:dc:a0:b2:c9:
         2e:14:40:10:fd:e7:5c:bd:da:16:7c:b8:92:b5:ef:5d:0b:9a:
         b7:26:5a:9e:8a:9b:df:3a:f4:28:aa:a7:4f:4c:b3:ea:7d:8d:
         99:d3:20:e2:02:b2:7e:21:0b:d9:e4:f1:50:f0:e4:48:54:b4:
         4a:15:fc:3c:1d:76:33:5f:3e:75:8c:0f:ee:b9:c0:9f:7f:71:
         25:2e:d3:21:c8:f1:6d:a3:d7:f4:33:c6:7d:18:a8:1b:a1:8f:
         57:c5:fd:ec:f7:19:a0:1b:d0:8b:6c:b4:47:b1:25:72:b9:c3:
         ac:56:9d:c2:58:83:03:61:16:33:ae:98:90:fa:c9:81:5a:4e:
         bd:e0:dc:89:4f:d2:a7:7b:bc:d0:df:47:76:d6:dc:23:d8:36:
         12:a4:81:18:4d:fe:06:4d:fe:2f:c4:15:f1:8e:89:d6:8d:e4:
         5b:48:e5:a2:3b:04:33:d3:cc:e4:b9:f0:7f:fa:e5:26:51:dd:
         b6:5c:0e:35
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIimVstfiz/uRVqCa5/9xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGExOTkxYjJlNDY1MDMyNTM1ZDJlMmRiNGUyMjRmN2U5YzE5YWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxRkSGOoNyaI5RsNBsThwboGgW2RZ
fK33uIju2H/V9liwkHMfFg4xZB3lXNI821IshJ+CE2uDYX6XU3qdVCWDv0WfzdGr
vY5sqY40J6YSLuHg9186MRd9ziKP4spIEbYqjyrYxnJQdhAUJIfc59m+oNWBwNBB
JOEbexDSZiKJ3cow4ekmz+Smv6KFW5XU87tWh62YAqqlnXWhPEXNofRAyCSuS3M7
CUnL0ZgCPXYQxv6WTfPNeu0WXclL0TT/NTt/EC/aL0KoQUbqYvD14oNDLekNgLgT
qnIlytjmfPORIZybHycB6zrtyEiIPPtpqfSSuhdXYwBaLVsJVXOwEbm2BwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJChmRsuRlAyU10uLbTiJPfpwZq/MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEva0tHWkd5NUdVREpUWFM0dHRPSWs5LW5CbXI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAew
MA0GCSqGSIb3DQEBCwUAA4IBAQC1q+uyRDYjYF8Oj3G+vry6zcxSZRkMrrJSEClw
nBqrdB3xAU3OwJujc5jtG6yr6qnOMPJf0/fSbdlAR1K6WhMUb6IQXNygsskuFEAQ
/edcvdoWfLiSte9dC5q3JlqeipvfOvQoqqdPTLPqfY2Z0yDiArJ+IQvZ5PFQ8ORI
VLRKFfw8HXYzXz51jA/uucCff3ElLtMhyPFto9f0M8Z9GKgboY9Xxf3s9xmgG9CL
bLRHsSVyucOsVp3CWIMDYRYzrpiQ+smBWk694NyJT9Kne7zQ30d21twj2DYSpIEY
Tf4GTf4vxBXxjonWjeRbSOWiOwQz08zkufB/+uUmUd22XA41
-----END CERTIFICATE-----