Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/qgz0UbtpbKdK_b8I0BSijh80TMQ.roa
File:                     qgz0UbtpbKdK_b8I0BSijh80TMQ.roa (raw, json)
Hash identifier:          AnOS30XGtV2tlW0Ii5qEYF+oQK8niSHopByEqmj7bsI=
Subject key identifier:   AA:0C:F4:51:BB:69:6C:A7:4A:FD:BF:08:D0:14:A2:8E:1F:34:4C:C4
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521C72602700F341E6C1472A45D12F9
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/qgz0UbtpbKdK_b8I0BSijh80TMQ.roa
Signing time:             Thu 02 Jan 2025 03:49:18 +0000
ROA not before:           Thu 02 Jan 2025 03:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24239
IP address blocks:        2a0e:b107:740::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 06:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:c7:26:02:70:0f:34:1e:6c:14:72:a4:5d:12:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa0cf451bb696ca74afdbf08d014a28e1f344cc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ad:14:22:09:61:6e:3b:3b:be:48:12:8e:d4:
                    88:bc:f6:89:1b:f4:68:7c:70:92:23:6e:43:77:0b:
                    65:3d:60:e6:37:b2:33:4c:3b:2d:b6:77:65:48:08:
                    31:d9:02:f6:fe:fd:ae:65:b1:40:d3:5f:b5:c3:eb:
                    2e:a7:59:7a:b1:d9:f1:c0:16:19:43:d4:2b:54:cb:
                    f5:d2:91:05:82:e1:7a:c4:44:22:ef:d0:4d:98:46:
                    e8:50:6e:4a:cf:86:52:8e:46:c2:56:2c:c6:d1:05:
                    70:81:06:30:8c:bb:92:46:7d:46:03:d4:b1:85:07:
                    87:1a:9c:ca:57:be:8e:2e:bd:8c:cb:38:44:1e:98:
                    2e:a7:e5:70:f4:99:f2:b6:18:38:64:5c:5a:88:ef:
                    41:b6:60:a3:04:76:db:5d:8d:4f:0d:d5:5d:cf:55:
                    c3:25:cd:51:46:3a:1a:de:2a:ce:d6:1d:10:2c:66:
                    b3:d0:17:7c:d1:75:e8:7b:da:77:aa:12:63:e8:42:
                    91:16:d6:17:40:72:35:89:6a:bf:10:43:97:8b:da:
                    95:e4:90:2a:78:fc:ba:e7:90:e6:44:d4:b6:e0:76:
                    b5:35:47:1d:84:ff:1a:31:2a:dd:48:22:2b:3d:ec:
                    9f:a9:50:b6:14:a4:f7:64:d3:39:0d:0d:6c:fe:43:
                    59:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:0C:F4:51:BB:69:6C:A7:4A:FD:BF:08:D0:14:A2:8E:1F:34:4C:C4
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/qgz0UbtpbKdK_b8I0BSijh80TMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:740::/44

    Signature Algorithm: sha256WithRSAEncryption
         68:bd:e0:87:9f:cc:dd:72:f1:9a:99:0b:f4:52:e7:f0:78:a4:
         f5:c3:bb:39:f2:d9:dd:f7:c9:bd:4c:76:15:d0:5b:9c:9f:52:
         12:bc:f8:22:2b:4a:10:11:f0:d0:81:51:53:72:df:23:13:f1:
         0a:54:45:37:29:fd:95:18:22:38:85:0d:48:dc:16:68:5b:e0:
         75:77:6d:28:ad:05:04:62:80:d8:a1:43:7d:d9:ff:66:36:e6:
         8c:49:6b:d0:17:32:69:41:c4:7e:87:2e:d5:67:d6:16:9d:45:
         f6:e0:8d:42:4a:7b:d0:58:eb:a0:dc:ed:37:af:26:6c:87:dc:
         93:5e:d9:22:f8:e9:e9:15:0b:66:6d:0b:e6:65:b3:e0:4b:de:
         16:5f:03:6e:ee:18:60:9a:ff:09:a6:28:bf:fc:b9:ba:47:0c:
         54:33:ed:2c:ea:81:58:00:ec:2c:fd:cd:31:52:f2:1e:f5:6d:
         eb:98:85:e2:3d:a7:f0:21:a7:13:45:f5:7d:ff:e3:02:1f:96:
         84:f9:d7:dd:69:d4:16:ae:11:76:2f:4f:e2:08:c6:bc:28:03:
         fe:ec:40:6a:c5:da:12:33:0c:c1:bd:9b:ed:74:06:88:4d:2e:
         8b:16:25:b5:ce:ee:9b:b1:5e:0a:5f:4f:54:18:74:96:b8:6f:
         df:91:a1:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIccmAnAPNB5sFHKkXRL5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTBjZjQ1MWJiNjk2Y2E3NGFmZGJmMDhkMDE0YTI4ZTFmMzQ0Y2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx60UIglhbjs7vkgSjtSIvPaJG/Ro
fHCSI25DdwtlPWDmN7IzTDsttndlSAgx2QL2/v2uZbFA01+1w+sup1l6sdnxwBYZ
Q9QrVMv10pEFguF6xEQi79BNmEboUG5Kz4ZSjkbCVizG0QVwgQYwjLuSRn1GA9Sx
hQeHGpzKV76OLr2MyzhEHpgup+Vw9Jnythg4ZFxaiO9BtmCjBHbbXY1PDdVdz1XD
Jc1RRjoa3irO1h0QLGaz0Bd80XXoe9p3qhJj6EKRFtYXQHI1iWq/EEOXi9qV5JAq
ePy655DmRNS24Ha1NUcdhP8aMSrdSCIrPeyfqVC2FKT3ZNM5DQ1s/kNZCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKoM9FG7aWynSv2/CNAUoo4fNEzEMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvcWd6MFVidHBiS2RLX2I4STBCU2lqaDgwVE1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBwdA
MA0GCSqGSIb3DQEBCwUAA4IBAQBoveCHn8zdcvGamQv0UufweKT1w7s58tnd98m9
THYV0Fucn1ISvPgiK0oQEfDQgVFTct8jE/EKVEU3Kf2VGCI4hQ1I3BZoW+B1d20o
rQUEYoDYoUN92f9mNuaMSWvQFzJpQcR+hy7VZ9YWnUX24I1CSnvQWOug3O03ryZs
h9yTXtki+OnpFQtmbQvmZbPgS94WXwNu7hhgmv8Jpii//Lm6RwxUM+0s6oFYAOws
/c0xUvIe9W3rmIXiPafwIacTRfV9/+MCH5aE+dfdadQWrhF2L0/iCMa8KAP+7EBq
xdoSMwzBvZvtdAaITS6LFiW1zu6bsV4KX09UGHSWuG/fkaG7
-----END CERTIFICATE-----