Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/qEjDmPX6c4ZLOz8VvqCgJuyOjJc.roa
File:                     qEjDmPX6c4ZLOz8VvqCgJuyOjJc.roa (raw, json)
Hash identifier:          uEEIoJwo5BPJGQfJZs72T8jloqNP0q5sQKF5La+MK6o=
Subject key identifier:   A8:48:C3:98:F5:FA:73:86:4B:3B:3F:15:BE:A0:A0:26:EC:8E:8C:97
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425229716FD4E92C1ECDA4920901C42CA
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/qEjDmPX6c4ZLOz8VvqCgJuyOjJc.roa
Signing time:             Thu 02 Jan 2025 03:50:11 +0000
ROA not before:           Thu 02 Jan 2025 03:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216364
IP address blocks:        2a10:2f00:199::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:97:16:fd:4e:92:c1:ec:da:49:20:90:1c:42:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a848c398f5fa73864b3b3f15bea0a026ec8e8c97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d5:1a:4d:c3:f8:84:9a:93:7b:18:6f:62:5c:
                    53:fc:7f:c7:01:02:e0:ac:75:b7:16:44:00:64:7e:
                    a4:e3:05:64:b0:a2:43:57:7c:14:88:c0:e2:2a:68:
                    d7:38:b4:d0:23:da:52:0e:05:0a:ea:2d:57:d5:df:
                    fe:a4:12:bb:a1:0b:b1:f6:fc:00:74:7b:a2:77:87:
                    80:29:66:e9:d6:33:82:dd:70:4b:3f:a7:45:36:fe:
                    38:7b:1f:fa:2a:23:ea:bb:8b:af:b7:3f:8b:10:0a:
                    24:0a:25:a7:05:a9:85:e9:f6:2d:cb:d2:96:20:fd:
                    02:69:de:ae:2b:a9:48:71:1a:4b:c0:7e:30:d5:d9:
                    58:ef:f5:18:7e:72:7e:d7:e5:0f:cb:54:f4:f8:16:
                    8b:a9:85:70:18:a0:46:ac:09:06:43:93:5d:30:4b:
                    46:3f:fe:d5:02:63:3a:48:da:1c:19:26:93:e9:fc:
                    f0:93:1f:2f:33:bb:fe:49:d0:a3:3b:70:5f:2b:96:
                    71:9b:d7:fb:7b:4a:a1:74:cc:2a:53:45:c6:e3:0d:
                    f8:57:d4:d5:27:0c:7a:fd:4e:9c:50:2a:de:7d:ac:
                    0d:dc:8c:db:1b:a9:7c:eb:8b:8e:4d:d8:a4:e1:70:
                    2f:63:fc:e3:55:d2:a5:95:85:51:f5:de:0b:05:7d:
                    43:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:48:C3:98:F5:FA:73:86:4B:3B:3F:15:BE:A0:A0:26:EC:8E:8C:97
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/qEjDmPX6c4ZLOz8VvqCgJuyOjJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:199::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:20:93:77:3f:e7:91:5b:02:0e:ff:f0:b1:a7:01:5b:6d:13:
         77:a7:fb:ab:98:5a:46:76:b7:1f:95:45:ad:06:9b:d9:4e:9d:
         12:e7:c7:62:7f:de:aa:9b:16:4f:c1:90:41:9d:e4:fa:35:05:
         16:14:d8:2c:61:40:09:ec:a4:b6:ed:d8:d4:5e:ad:2b:a1:74:
         8a:a5:f1:a6:6f:4c:11:77:05:cc:7a:f2:03:fd:d2:c0:c2:98:
         0f:53:2d:33:e8:0c:60:1f:70:f0:1d:1b:d2:8e:e4:9c:ac:5c:
         8c:a9:76:5d:ba:5a:ac:a1:43:0d:ce:d2:f1:a3:76:f9:eb:71:
         c2:48:ae:a0:33:b7:3c:9d:45:99:50:00:50:78:fc:ae:d9:4a:
         93:66:25:db:84:ad:78:5b:3f:dc:2a:36:3e:26:44:f1:f4:0c:
         3c:16:05:53:e7:70:e6:33:6a:e6:f7:dc:c2:d6:55:a7:0c:af:
         c2:22:b9:3c:3c:9a:8f:9b:52:b5:5c:23:08:ba:f3:b7:e9:a1:
         b1:85:39:9d:e0:fe:fa:15:f4:d2:f7:05:a1:65:5f:7d:d1:c5:
         7a:17:ff:a8:45:33:2c:f6:97:ba:13:26:96:b8:20:99:e2:63:
         40:a7:72:a2:82:d3:12:2c:7d:af:7c:6e:7b:5c:8a:e6:7c:3c:
         5d:07:aa:cb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIpcW/U6SwezaSSCQHELKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODQ4YzM5OGY1ZmE3Mzg2NGIzYjNmMTViZWEwYTAyNmVjOGU4Yzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtUaTcP4hJqTexhvYlxT/H/HAQLg
rHW3FkQAZH6k4wVksKJDV3wUiMDiKmjXOLTQI9pSDgUK6i1X1d/+pBK7oQux9vwA
dHuid4eAKWbp1jOC3XBLP6dFNv44ex/6KiPqu4uvtz+LEAokCiWnBamF6fYty9KW
IP0Cad6uK6lIcRpLwH4w1dlY7/UYfnJ+1+UPy1T0+BaLqYVwGKBGrAkGQ5NdMEtG
P/7VAmM6SNocGSaT6fzwkx8vM7v+SdCjO3BfK5Zxm9f7e0qhdMwqU0XG4w34V9TV
Jwx6/U6cUCrefawN3IzbG6l864uOTdik4XAvY/zjVdKllYVR9d4LBX1DxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKhIw5j1+nOGSzs/Fb6goCbsjoyXMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvcUVqRG1QWDZjNFpMT3o4VnZxQ2dKdXlPakpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAGZ
MA0GCSqGSIb3DQEBCwUAA4IBAQCdIJN3P+eRWwIO//CxpwFbbRN3p/urmFpGdrcf
lUWtBpvZTp0S58dif96qmxZPwZBBneT6NQUWFNgsYUAJ7KS27djUXq0roXSKpfGm
b0wRdwXMevID/dLAwpgPUy0z6AxgH3DwHRvSjuScrFyMqXZdulqsoUMNztLxo3b5
63HCSK6gM7c8nUWZUABQePyu2UqTZiXbhK14Wz/cKjY+JkTx9Aw8FgVT53DmM2rm
99zC1lWnDK/CIrk8PJqPm1K1XCMIuvO36aGxhTmd4P76FfTS9wWhZV990cV6F/+o
RTMs9pe6EyaWuCCZ4mNAp3KigtMSLH2vfG57XIrmfDxdB6rL
-----END CERTIFICATE-----