Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/oM18HQxh3339wq0HIQgOlLSRmt0.roa
File:                     oM18HQxh3339wq0HIQgOlLSRmt0.roa (raw, json)
Hash identifier:          QU9hxUfwQBG/nUdMYalZZGGTNUHFUr02rssN+tNFNjs=
Subject key identifier:   A0:CD:7C:1D:0C:61:DF:7D:FD:C2:AD:07:21:08:0E:94:B4:91:9A:DD
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521F9EAD2F036740A27D6D5E3B649A9
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/oM18HQxh3339wq0HIQgOlLSRmt0.roa
Signing time:             Thu 02 Jan 2025 03:49:31 +0000
ROA not before:           Thu 02 Jan 2025 03:49:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199183
IP address blocks:        2a0e:b107:b13::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 11:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:f9:ea:d2:f0:36:74:0a:27:d6:d5:e3:b6:49:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0cd7c1d0c61df7dfdc2ad0721080e94b4919add
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ed:8c:cb:2b:f9:55:f6:db:62:29:cb:09:0c:
                    df:47:11:7a:a1:0b:6e:72:be:6b:8d:d2:1f:8c:86:
                    86:3f:19:b9:7b:94:f6:5f:ca:aa:3b:ac:1e:9c:5a:
                    f8:5b:bf:7d:32:d8:fd:5a:8a:b4:8e:c2:48:6e:7a:
                    fd:fc:ec:3a:98:59:1b:00:87:8d:b0:a8:e1:17:45:
                    95:81:49:11:45:1e:f3:05:ee:38:0d:eb:23:30:a0:
                    09:b8:9c:b9:d5:e7:34:06:85:15:9e:05:6a:e6:46:
                    38:54:83:26:24:8d:d5:64:fe:d7:0e:10:c0:8d:16:
                    79:2e:cc:35:dc:f2:5e:51:3e:d0:4f:1d:68:3d:6e:
                    0b:f2:48:60:c9:b7:27:e3:0e:51:77:ba:e3:2c:99:
                    4f:c2:ae:f9:d2:78:87:d5:20:45:db:85:42:89:59:
                    9c:1c:3f:99:9e:a7:05:5c:f9:af:9c:1f:5d:b2:9f:
                    f7:e3:c4:66:66:fb:fe:be:b1:71:df:d8:9b:1d:ad:
                    4a:6c:f3:6a:7b:74:e8:86:ff:08:ed:96:d4:a2:f7:
                    ec:c7:d5:e6:b4:93:01:d8:9b:f5:c0:88:6f:2e:cf:
                    eb:3a:b3:26:38:c3:5f:be:eb:d7:cd:b7:54:a3:51:
                    a7:07:0d:e5:1e:dd:14:22:1a:a8:0b:11:e8:5a:ae:
                    dc:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:CD:7C:1D:0C:61:DF:7D:FD:C2:AD:07:21:08:0E:94:B4:91:9A:DD
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/oM18HQxh3339wq0HIQgOlLSRmt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:b13::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:4f:1e:42:45:d8:9f:09:9b:2b:02:f5:e0:52:17:27:c4:44:
         e8:a7:6b:fa:77:9d:68:b0:d4:de:c5:84:4c:d6:8e:94:73:aa:
         ec:b2:54:38:51:e8:8a:da:1d:60:9d:00:d6:cb:9c:87:47:37:
         4b:7e:d4:6a:15:b1:2d:d6:02:dd:03:61:e7:d3:73:cd:89:0b:
         c7:1f:f3:68:56:02:a4:4c:52:fe:e7:97:ce:12:e4:51:bd:e8:
         37:6c:0d:26:cc:82:d1:fe:bd:44:f0:49:66:3f:49:de:48:48:
         f8:0e:06:33:12:e1:b0:42:73:fb:fa:24:2e:97:eb:c2:fd:56:
         5d:97:92:f2:78:d6:50:ff:4c:f2:25:d5:9f:4f:ff:21:ca:ce:
         ac:6e:1f:15:f4:a1:35:80:f2:7e:ff:0a:89:62:02:17:55:17:
         cd:91:6a:57:96:26:10:33:51:38:99:57:3f:62:ac:f0:30:9f:
         07:f2:0c:83:ac:e3:e0:8f:e5:3b:07:f8:63:1d:af:be:14:c1:
         fb:bd:3f:c0:c6:83:be:2b:ae:2f:36:b0:28:b5:0e:16:1c:6d:
         0f:d2:fe:96:7a:8f:89:5b:5f:6d:16:a7:6f:21:a5:03:8f:ed:
         d0:e2:1d:44:ed:5a:bd:59:c0:f6:d4:d8:d6:c7:ed:ed:24:19:
         57:a2:6a:ee
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIfnq0vA2dAon1tXjtkmpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGNkN2MxZDBjNjFkZjdkZmRjMmFkMDcyMTA4MGU5NGI0OTE5YWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlu2Myyv5VfbbYinLCQzfRxF6oQtu
cr5rjdIfjIaGPxm5e5T2X8qqO6wenFr4W799Mtj9Woq0jsJIbnr9/Ow6mFkbAIeN
sKjhF0WVgUkRRR7zBe44DesjMKAJuJy51ec0BoUVngVq5kY4VIMmJI3VZP7XDhDA
jRZ5Lsw13PJeUT7QTx1oPW4L8khgybcn4w5Rd7rjLJlPwq750niH1SBF24VCiVmc
HD+ZnqcFXPmvnB9dsp/348RmZvv+vrFx39ibHa1KbPNqe3Tohv8I7ZbUovfsx9Xm
tJMB2Jv1wIhvLs/rOrMmOMNfvuvXzbdUo1GnBw3lHt0UIhqoCxHoWq7cUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKDNfB0MYd99/cKtByEIDpS0kZrdMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvb00xOEhReGgzMzM5d3EwSElRZ09sTFNSbXQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBwsT
MA0GCSqGSIb3DQEBCwUAA4IBAQCWTx5CRdifCZsrAvXgUhcnxETop2v6d51osNTe
xYRM1o6Uc6rsslQ4UeiK2h1gnQDWy5yHRzdLftRqFbEt1gLdA2Hn03PNiQvHH/No
VgKkTFL+55fOEuRRveg3bA0mzILR/r1E8ElmP0neSEj4DgYzEuGwQnP7+iQul+vC
/VZdl5LyeNZQ/0zyJdWfT/8hys6sbh8V9KE1gPJ+/wqJYgIXVRfNkWpXliYQM1E4
mVc/YqzwMJ8H8gyDrOPgj+U7B/hjHa++FMH7vT/AxoO+K64vNrAotQ4WHG0P0v6W
eo+JW19tFqdvIaUDj+3Q4h1E7Vq9WcD21NjWx+3tJBlXomru
-----END CERTIFICATE-----