Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/pR3_ypJN63uSi-klkS7M1UZdeqc.roa
File:                     pR3_ypJN63uSi-klkS7M1UZdeqc.roa (raw, json)
Hash identifier:          lDt56XQoaPDOuu7lVVEI7MPjQw2jAiPKii+W8Z5YFkw=
Subject key identifier:   A5:1D:FF:CA:92:4D:EB:7B:92:8B:E9:25:91:2E:CC:D5:46:5D:7A:A7
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425220FF8A38755AE0ADE5EDC5C9499A5
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/pR3_ypJN63uSi-klkS7M1UZdeqc.roa
Signing time:             Thu 02 Jan 2025 03:49:36 +0000
ROA not before:           Thu 02 Jan 2025 03:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203446
IP address blocks:        2a0e:97c0:3ea::/48 maxlen: 48
                          2a0e:97c0:470::/48 maxlen: 48
                          2a0e:97c0:471::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:0f:f8:a3:87:55:ae:0a:de:5e:dc:5c:94:99:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a51dffca924deb7b928be925912eccd5465d7aa7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:f3:10:8c:5c:70:e2:05:47:3d:f1:fb:00:72:
                    7a:82:7f:02:e5:0b:70:2d:bb:ca:f6:aa:0c:24:df:
                    c8:97:eb:ef:ee:ad:08:2a:0b:99:5a:56:71:10:a8:
                    a0:d2:c5:8e:62:fc:6c:db:77:1b:83:b4:d0:36:b6:
                    ad:ac:53:40:5d:b6:85:3d:9a:c8:ac:f2:dc:ba:6f:
                    64:ab:99:4b:a5:a3:1c:65:d6:4a:03:fb:82:f8:92:
                    2f:ee:fc:fe:62:1a:5d:66:74:06:6f:76:f4:89:23:
                    5e:cb:dc:99:b2:e1:4f:52:72:7c:61:51:40:0b:d0:
                    80:82:70:15:bb:2a:97:ee:8a:f6:a1:9f:95:f9:4d:
                    43:89:95:3a:91:21:3d:6f:87:c4:c5:cb:d7:c3:5f:
                    42:38:70:a1:5f:2d:09:2c:97:16:6e:ad:b1:86:0c:
                    29:df:4b:ba:e6:9b:dc:ca:9e:2a:76:bc:13:9b:9f:
                    35:ba:dc:bb:ab:a6:a0:b5:02:5a:bb:5d:f0:5f:7e:
                    96:e6:21:c8:fa:01:7e:3b:9f:a6:19:a1:79:bf:0a:
                    93:0b:3a:40:3c:a1:2c:14:54:f4:9a:6f:b4:10:61:
                    69:41:ec:75:45:50:a4:28:7f:2a:23:fb:11:67:f9:
                    93:89:10:15:e3:b1:91:ae:d3:e8:a3:cd:c5:4c:13:
                    d3:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:1D:FF:CA:92:4D:EB:7B:92:8B:E9:25:91:2E:CC:D5:46:5D:7A:A7
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/pR3_ypJN63uSi-klkS7M1UZdeqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:3ea::/48
                  2a0e:97c0:470::/47

    Signature Algorithm: sha256WithRSAEncryption
         3a:c7:1b:99:84:fc:7e:28:ea:e4:dc:62:b8:60:c8:c4:ce:63:
         cf:db:6c:9d:b6:33:fc:16:f5:1a:f1:80:4d:4a:8b:83:94:f8:
         21:30:ec:da:ac:84:5c:4f:81:74:01:b5:f6:34:17:11:d6:e9:
         53:99:29:43:a1:fa:0d:50:60:48:de:82:4c:ec:81:ce:be:62:
         8b:46:4e:f2:4c:5c:3a:38:6b:1a:de:7b:17:92:a3:5b:c1:76:
         fd:19:ae:6a:56:c9:5a:0e:fe:96:59:50:77:cc:89:05:97:cc:
         2d:3d:94:27:0b:18:76:4c:a0:7c:29:6f:1c:de:33:19:b9:3b:
         10:d7:04:97:88:10:a0:b5:79:10:d7:74:f6:9d:21:ac:eb:af:
         ca:fa:d5:9e:df:a7:4a:39:03:91:43:d2:c3:14:99:78:12:a2:
         93:d8:1e:4c:71:6c:6f:10:5b:c2:ef:5d:6e:a1:c6:9d:2d:2e:
         e5:30:99:9f:28:be:15:a9:8d:29:17:b1:58:9f:ff:04:ec:97:
         cd:59:a4:ff:a7:1a:c5:2a:ad:6e:33:e6:20:23:e3:34:f9:53:
         1b:e1:a0:b5:fa:ce:b0:a7:fb:0a:4b:25:3f:5c:fd:9d:ae:05:
         73:37:c8:c0:72:e0:af:42:0d:95:63:2c:e8:4f:67:79:28:ad:
         aa:d5:ee:79
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIg/4o4dVrgreXtxclJmlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTFkZmZjYTkyNGRlYjdiOTI4YmU5MjU5MTJlY2NkNTQ2NWQ3YWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9fMQjFxw4gVHPfH7AHJ6gn8C5Qtw
LbvK9qoMJN/Il+vv7q0IKguZWlZxEKig0sWOYvxs23cbg7TQNratrFNAXbaFPZrI
rPLcum9kq5lLpaMcZdZKA/uC+JIv7vz+YhpdZnQGb3b0iSNey9yZsuFPUnJ8YVFA
C9CAgnAVuyqX7or2oZ+V+U1DiZU6kSE9b4fExcvXw19COHChXy0JLJcWbq2xhgwp
30u65pvcyp4qdrwTm581uty7q6agtQJau13wX36W5iHI+gF+O5+mGaF5vwqTCzpA
PKEsFFT0mm+0EGFpQex1RVCkKH8qI/sRZ/mTiRAV47GRrtPoo83FTBPTUQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKUd/8qSTet7kovpJZEuzNVGXXqnMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvcFIzX3lwSk42M3VTaS1rbGtTN00xVVpkZXFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6XwAPq
AwcBKg6XwARwMA0GCSqGSIb3DQEBCwUAA4IBAQA6xxuZhPx+KOrk3GK4YMjEzmPP
22ydtjP8FvUa8YBNSouDlPghMOzarIRcT4F0AbX2NBcR1ulTmSlDofoNUGBI3oJM
7IHOvmKLRk7yTFw6OGsa3nsXkqNbwXb9Ga5qVslaDv6WWVB3zIkFl8wtPZQnCxh2
TKB8KW8c3jMZuTsQ1wSXiBCgtXkQ13T2nSGs66/K+tWe36dKOQORQ9LDFJl4EqKT
2B5McWxvEFvC711uocadLS7lMJmfKL4VqY0pF7FYn/8E7JfNWaT/pxrFKq1uM+Yg
I+M0+VMb4aC1+s6wp/sKSyU/XP2drgVzN8jAcuCvQg2VYyzoT2d5KK2q1e55
-----END CERTIFICATE-----