Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/mjuTVJdsBEYfWNT-iLhGNe4kyGg.roa
File:                     mjuTVJdsBEYfWNT-iLhGNe4kyGg.roa (raw, json)
Hash identifier:          FqmEqfS4KAI78I9HMNpLQWP9Mirmil9mXz5c2zyDqSQ=
Subject key identifier:   9A:3B:93:54:97:6C:04:46:1F:58:D4:FE:88:B8:46:35:EE:24:C8:68
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425222F5AFB1A8A99E9EF2422B77B6290
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/mjuTVJdsBEYfWNT-iLhGNe4kyGg.roa
Signing time:             Thu 02 Jan 2025 03:49:44 +0000
ROA not before:           Thu 02 Jan 2025 03:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208679
IP address blocks:        2a0e:b107:178c::/48 maxlen: 48
                          2a0e:b107:178d::/48 maxlen: 48
                          2a0e:b107:178e::/48 maxlen: 48
                          2a0e:b107:178f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:2f:5a:fb:1a:8a:99:e9:ef:24:22:b7:7b:62:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a3b9354976c04461f58d4fe88b84635ee24c868
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:93:b9:e9:c5:09:40:bd:44:32:75:02:76:57:
                    bd:fb:3c:c2:13:34:77:d4:15:ec:e6:f0:a4:ed:83:
                    99:11:40:ff:5e:45:5d:a3:b4:94:3f:d6:e4:6d:7c:
                    34:e8:ff:2b:1f:fb:07:3d:ed:ff:5d:96:3c:6a:84:
                    cc:01:bc:c7:e1:cd:f6:d1:b2:d1:4f:d6:17:42:96:
                    1e:63:c8:6c:ab:70:51:f1:a6:b7:e8:4e:bb:6c:62:
                    8d:ba:bf:e8:6c:ab:da:06:33:42:fd:73:08:31:16:
                    8f:6c:55:65:75:9a:ae:2f:10:5b:e6:61:42:f0:67:
                    40:e2:b4:b7:f3:e4:1f:57:c9:d9:08:04:7b:69:ff:
                    7c:1d:d9:76:e2:99:2c:a8:5d:81:55:05:9c:54:fc:
                    1d:b3:62:fd:48:d4:62:f7:b1:3b:be:bf:89:7f:23:
                    7e:a0:88:25:a7:b7:9d:90:b9:c0:ed:04:73:33:56:
                    e8:1a:b8:c9:77:8b:11:33:d2:9e:18:e7:ed:e9:93:
                    7a:0e:bb:6e:bb:fb:fc:31:0d:89:5b:07:e0:d7:86:
                    a6:da:61:a9:88:2f:50:c9:69:07:91:89:ae:d1:00:
                    98:12:84:5c:9e:bf:f1:51:53:f1:5e:9d:05:e1:c8:
                    ba:af:3a:63:95:bc:78:2d:f1:0f:96:f9:fb:39:c2:
                    c8:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:3B:93:54:97:6C:04:46:1F:58:D4:FE:88:B8:46:35:EE:24:C8:68
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/mjuTVJdsBEYfWNT-iLhGNe4kyGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:178c::/46

    Signature Algorithm: sha256WithRSAEncryption
         c4:7d:24:63:53:68:96:ff:dc:88:6a:01:c8:a7:8e:1a:87:b8:
         b8:e1:d9:da:ff:e7:ce:03:89:84:ee:e7:98:a7:11:84:f4:d5:
         f5:21:b8:db:4d:93:a7:42:19:5f:8f:af:2a:11:4d:b5:48:df:
         8b:c5:bd:31:28:84:39:f9:04:a4:27:96:f0:e7:6a:c9:2a:a7:
         e7:eb:84:37:ff:e0:99:eb:e7:28:90:18:46:48:62:2e:73:c8:
         51:24:2e:f1:45:11:ed:33:ca:91:ff:8d:f1:89:61:12:f4:5f:
         50:d7:cd:e5:fe:fd:2d:f0:4f:f1:53:fa:22:91:7d:c5:a4:76:
         b1:50:df:db:82:f0:e8:60:cf:5b:b7:d1:9c:e9:bc:9f:d8:0d:
         83:63:1b:ee:25:8e:d2:df:00:05:13:c2:c7:4f:11:8d:b6:5a:
         b5:3c:2a:ba:2e:3e:f5:54:46:81:58:c6:ab:c2:bd:b3:89:cf:
         64:28:ea:5f:4b:72:d8:08:a4:15:6a:b6:8a:19:99:99:b4:79:
         27:65:15:2b:b9:c2:f3:26:07:fb:bd:69:74:3f:80:3b:1c:b3:
         35:4d:ab:65:f7:24:08:07:1a:4c:83:69:51:e9:c0:80:41:f6:
         58:08:15:f8:1f:06:10:cd:87:12:cd:33:3e:b5:f9:42:30:b0:
         39:10:4b:f4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIi9a+xqKmenvJCK3e2KQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTNiOTM1NDk3NmMwNDQ2MWY1OGQ0ZmU4OGI4NDYzNWVlMjRjODY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZO56cUJQL1EMnUCdle9+zzCEzR3
1BXs5vCk7YOZEUD/XkVdo7SUP9bkbXw06P8rH/sHPe3/XZY8aoTMAbzH4c320bLR
T9YXQpYeY8hsq3BR8aa36E67bGKNur/obKvaBjNC/XMIMRaPbFVldZquLxBb5mFC
8GdA4rS38+QfV8nZCAR7af98Hdl24pksqF2BVQWcVPwds2L9SNRi97E7vr+JfyN+
oIglp7edkLnA7QRzM1boGrjJd4sRM9KeGOft6ZN6Drtuu/v8MQ2JWwfg14am2mGp
iC9QyWkHkYmu0QCYEoRcnr/xUVPxXp0F4ci6rzpjlbx4LfEPlvn7OcLIrwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJo7k1SXbARGH1jU/oi4RjXuJMhoMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbWp1VFZKZHNCRVlmV05ULWlMaEdOZTRreUdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKg6xBxeM
MA0GCSqGSIb3DQEBCwUAA4IBAQDEfSRjU2iW/9yIagHIp44ah7i44dna/+fOA4mE
7ueYpxGE9NX1IbjbTZOnQhlfj68qEU21SN+Lxb0xKIQ5+QSkJ5bw52rJKqfn64Q3
/+CZ6+cokBhGSGIuc8hRJC7xRRHtM8qR/43xiWES9F9Q183l/v0t8E/xU/oikX3F
pHaxUN/bgvDoYM9bt9Gc6byf2A2DYxvuJY7S3wAFE8LHTxGNtlq1PCq6Lj71VEaB
WMarwr2zic9kKOpfS3LYCKQVaraKGZmZtHknZRUrucLzJgf7vWl0P4A7HLM1Tatl
9yQIBxpMg2lR6cCAQfZYCBX4HwYQzYcSzTM+tflCMLA5EEv0
-----END CERTIFICATE-----