Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ohJlNwQOiC02jiQnHEvEjfTU0P8.roa
File:                     ohJlNwQOiC02jiQnHEvEjfTU0P8.roa (raw, json)
Hash identifier:          nDZ7yYzXpbmQNYnJ/GFKfc8S0FX7mEj8OEPOokiUGZk=
Subject key identifier:   A2:12:65:37:04:0E:88:2D:36:8E:24:27:1C:4B:C4:8D:F4:D4:D0:FF
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425225AEB8C5E8D19E632227425603340
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ohJlNwQOiC02jiQnHEvEjfTU0P8.roa
Signing time:             Thu 02 Jan 2025 03:49:56 +0000
ROA not before:           Thu 02 Jan 2025 03:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212173
IP address blocks:        2a0e:b107:1d40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 19:47:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:5a:eb:8c:5e:8d:19:e6:32:22:74:25:60:33:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2126537040e882d368e24271c4bc48df4d4d0ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:15:37:ab:b1:63:a8:b9:fb:76:0f:42:4c:57:
                    43:56:a1:40:bd:aa:de:91:6d:78:ab:be:73:cb:8f:
                    54:07:81:a3:a9:60:19:47:41:87:1a:24:07:4e:d3:
                    6b:44:f0:56:b6:36:dd:ea:b7:67:3d:fa:26:c5:75:
                    56:35:ee:b0:12:77:38:f3:d9:f8:77:5a:73:90:55:
                    81:32:57:53:94:af:16:ef:30:fc:fb:cb:be:12:80:
                    9d:29:ef:76:7b:15:f9:88:04:f1:56:dc:d8:b1:87:
                    05:3c:17:dc:d1:f6:04:b2:ab:17:33:de:b4:03:e0:
                    6a:80:16:60:55:94:42:a4:58:1e:05:38:2d:5f:b1:
                    3e:41:b3:26:20:a3:f4:5c:79:3b:f9:7d:48:68:8f:
                    34:e2:45:ae:3a:f9:03:9e:11:e8:8e:fd:79:8b:49:
                    12:1f:de:64:9e:9a:d4:ba:88:c5:6e:8f:c7:fb:85:
                    5e:c2:ff:cf:c4:16:57:7e:69:51:a3:5c:f9:b4:8a:
                    f5:09:16:9f:e7:57:46:f6:b9:6c:93:99:62:53:e1:
                    95:15:69:02:8f:a5:f5:1d:95:74:a8:99:a6:89:43:
                    7f:8d:04:8e:5f:76:7b:81:5f:ca:9d:5f:b5:ca:7c:
                    dc:f9:f6:22:23:e2:37:44:9f:3c:3d:ec:9f:27:77:
                    8f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:12:65:37:04:0E:88:2D:36:8E:24:27:1C:4B:C4:8D:F4:D4:D0:FF
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ohJlNwQOiC02jiQnHEvEjfTU0P8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1d40::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:e5:28:c1:ab:11:2f:94:a5:d6:65:88:8b:43:b0:56:17:22:
         45:03:23:6f:4b:f5:f3:97:7c:2a:c2:94:ee:ee:2a:d1:aa:6b:
         1a:82:5d:97:75:95:e1:98:c3:62:fc:1a:fd:8e:3e:2f:6b:e7:
         c0:02:b6:46:93:87:84:d7:70:37:ad:59:ed:56:81:f2:7b:c8:
         a5:86:15:32:4c:b7:cd:5f:32:62:55:77:24:d4:db:2b:77:fd:
         3f:5d:e6:ea:69:2f:04:43:3d:c0:d1:88:ef:64:b2:40:bf:e8:
         02:9e:88:63:f2:33:90:ca:43:94:07:de:e9:0e:90:10:92:5d:
         dc:e8:f5:bd:fb:9e:a9:48:a7:5e:c5:69:4a:32:fd:00:0d:68:
         6c:84:47:4e:e2:aa:bb:c1:22:ec:f2:08:11:dc:f0:f5:da:a7:
         c7:04:14:72:dd:19:2a:ae:39:05:cd:4f:99:d4:f5:1d:45:76:
         09:76:ce:d5:a7:20:e1:d3:c9:14:b3:bf:21:b4:39:0d:f7:90:
         fb:cd:37:2e:fd:f9:cb:82:8d:0e:75:75:36:de:6d:b4:55:85:
         74:25:5e:80:85:3e:f3:db:82:89:27:4a:7e:e5:36:40:e6:c1:
         fe:ed:16:9c:ec:77:3c:a7:af:60:7d:75:f7:b4:0a:dc:c2:f4:
         d5:61:df:61
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIlrrjF6NGeYyInQlYDNAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjEyNjUzNzA0MGU4ODJkMzY4ZTI0MjcxYzRiYzQ4ZGY0ZDRkMGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqxU3q7FjqLn7dg9CTFdDVqFAvare
kW14q75zy49UB4GjqWAZR0GHGiQHTtNrRPBWtjbd6rdnPfomxXVWNe6wEnc489n4
d1pzkFWBMldTlK8W7zD8+8u+EoCdKe92exX5iATxVtzYsYcFPBfc0fYEsqsXM960
A+BqgBZgVZRCpFgeBTgtX7E+QbMmIKP0XHk7+X1IaI804kWuOvkDnhHojv15i0kS
H95knprUuojFbo/H+4Vewv/PxBZXfmlRo1z5tIr1CRaf51dG9rlsk5liU+GVFWkC
j6X1HZV0qJmmiUN/jQSOX3Z7gV/KnV+1ynzc+fYiI+I3RJ88PeyfJ3ePZQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKISZTcEDogtNo4kJxxLxI301ND/MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvb2hKbE53UU9pQzAyamlRbkhFdkVqZlRVMFA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBx1A
MA0GCSqGSIb3DQEBCwUAA4IBAQBa5SjBqxEvlKXWZYiLQ7BWFyJFAyNvS/Xzl3wq
wpTu7irRqmsagl2XdZXhmMNi/Br9jj4va+fAArZGk4eE13A3rVntVoHye8ilhhUy
TLfNXzJiVXck1Nsrd/0/XebqaS8EQz3A0YjvZLJAv+gCnohj8jOQykOUB97pDpAQ
kl3c6PW9+56pSKdexWlKMv0ADWhshEdO4qq7wSLs8ggR3PD12qfHBBRy3RkqrjkF
zU+Z1PUdRXYJds7VpyDh08kUs78htDkN95D7zTcu/fnLgo0OdXU23m20VYV0JV6A
hT7z24KJJ0p+5TZA5sH+7Rac7Hc8p69gfXX3tArcwvTVYd9h
-----END CERTIFICATE-----