Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/rvdrQHNZkuJWqUy7uyCfY959TXE.roa
File:                     rvdrQHNZkuJWqUy7uyCfY959TXE.roa (raw, json)
Hash identifier:          haE1bx1woG5vHZPEVEg00517ar8fY7e99YTfCQqahXI=
Subject key identifier:   AE:F7:6B:40:73:59:92:E2:56:A9:4C:BB:BB:20:9F:63:DE:7D:4D:71
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522207D8998A4E2D01EFF8A10298B6A
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/rvdrQHNZkuJWqUy7uyCfY959TXE.roa
Signing time:             Thu 02 Jan 2025 03:49:41 +0000
ROA not before:           Thu 02 Jan 2025 03:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205398
IP address blocks:        2a0e:b107:19c8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:20:7d:89:98:a4:e2:d0:1e:ff:8a:10:29:8b:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aef76b40735992e256a94cbbbb209f63de7d4d71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:0d:21:f2:50:c1:14:bf:f1:6f:d4:77:75:62:
                    5a:83:1f:f4:66:04:84:0f:e9:0b:43:09:00:ec:90:
                    b3:6c:50:7b:27:23:58:a3:7a:1a:f6:50:2b:70:e8:
                    a2:4a:5a:97:f4:f4:3d:f4:72:13:f1:6d:da:f6:6e:
                    b8:8c:a2:c8:f5:8c:76:b4:3a:e6:b9:a4:88:a3:3f:
                    73:93:07:fc:15:6a:6c:b1:87:3e:5b:61:d7:b9:63:
                    fe:58:e5:69:87:07:85:31:b8:08:2f:49:dc:e0:0b:
                    2e:3b:69:7f:ef:7d:38:82:71:ae:94:c9:56:a1:65:
                    fc:17:3f:d1:f9:26:41:90:3b:cb:b5:bb:4b:a7:7a:
                    fa:a7:01:fd:5e:b6:2a:64:2c:30:66:5a:7f:7b:ab:
                    4d:ae:ea:a5:45:0c:a2:f2:15:0b:bb:38:36:5f:5c:
                    a5:52:b2:b6:8e:a4:1b:9e:a6:1c:99:a5:7e:8a:92:
                    08:65:2a:e9:40:ea:26:02:7a:52:ea:48:de:3d:aa:
                    c9:eb:bf:ea:79:19:6d:db:a2:59:27:f8:d6:97:e9:
                    df:16:58:25:f1:0f:3b:ed:c6:f4:c5:78:5b:56:e3:
                    b1:b4:e4:c5:24:00:f4:7c:9c:04:0c:cc:c8:8e:81:
                    4d:64:c6:c6:af:40:12:bb:0e:69:2b:2f:f3:71:85:
                    17:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:F7:6B:40:73:59:92:E2:56:A9:4C:BB:BB:20:9F:63:DE:7D:4D:71
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/rvdrQHNZkuJWqUy7uyCfY959TXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:19c8::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:99:d7:e3:69:44:55:c3:ca:83:df:72:01:6d:57:ae:00:a3:
         05:55:6d:2b:28:42:db:cb:9b:61:79:65:22:52:ff:a6:db:51:
         27:94:6f:b3:e8:b9:40:29:cd:26:ed:0b:cc:b3:ff:f5:cb:26:
         7c:75:47:63:9d:a6:88:f9:c9:d2:3a:9b:c5:d0:69:5d:d5:56:
         3e:8c:c8:4b:32:de:68:8d:3c:ea:b0:03:72:8c:49:d4:b2:00:
         55:02:d7:fb:38:16:1f:2b:e1:34:78:fc:27:83:33:b1:60:d4:
         e1:e7:68:11:53:14:2d:86:9a:f6:5d:a8:cd:5b:e1:26:d2:0e:
         d5:07:25:32:bd:68:47:17:55:1c:34:e7:4f:5e:0b:95:fb:7f:
         8b:84:f7:59:e6:14:9a:62:20:e0:05:61:26:5c:83:5d:79:38:
         84:27:11:da:94:85:f0:90:3d:62:47:6a:00:9c:38:cc:9c:ce:
         52:7e:62:6d:42:64:c0:f1:27:0a:77:42:33:0a:d4:e3:13:62:
         50:46:3f:56:44:aa:75:be:1c:22:ef:8f:9c:fe:7c:fb:5e:60:
         da:18:11:34:c7:77:cf:d5:30:39:93:f7:34:bd:53:ec:70:d6:
         2a:05:c6:e2:ca:b0:9f:f0:7f:71:e9:a4:b0:72:0d:71:4f:9c:
         f6:3b:64:65
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIiB9iZik4tAe/4oQKYtqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWY3NmI0MDczNTk5MmUyNTZhOTRjYmJiYjIwOWY2M2RlN2Q0ZDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0w0h8lDBFL/xb9R3dWJagx/0ZgSE
D+kLQwkA7JCzbFB7JyNYo3oa9lArcOiiSlqX9PQ99HIT8W3a9m64jKLI9Yx2tDrm
uaSIoz9zkwf8FWpssYc+W2HXuWP+WOVphweFMbgIL0nc4AsuO2l/7304gnGulMlW
oWX8Fz/R+SZBkDvLtbtLp3r6pwH9XrYqZCwwZlp/e6tNruqlRQyi8hULuzg2X1yl
UrK2jqQbnqYcmaV+ipIIZSrpQOomAnpS6kjeParJ67/qeRlt26JZJ/jWl+nfFlgl
8Q877cb0xXhbVuOxtOTFJAD0fJwEDMzIjoFNZMbGr0ASuw5pKy/zcYUXiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK73a0BzWZLiVqlMu7sgn2PefU1xMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvcnZkclFITlprdUpXcVV5N3V5Q2ZZOTU5VFhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBxnI
MA0GCSqGSIb3DQEBCwUAA4IBAQAxmdfjaURVw8qD33IBbVeuAKMFVW0rKELby5th
eWUiUv+m21EnlG+z6LlAKc0m7QvMs//1yyZ8dUdjnaaI+cnSOpvF0Gld1VY+jMhL
Mt5ojTzqsANyjEnUsgBVAtf7OBYfK+E0ePwngzOxYNTh52gRUxQthpr2XajNW+Em
0g7VByUyvWhHF1UcNOdPXguV+3+LhPdZ5hSaYiDgBWEmXINdeTiEJxHalIXwkD1i
R2oAnDjMnM5SfmJtQmTA8ScKd0IzCtTjE2JQRj9WRKp1vhwi74+c/nz7XmDaGBE0
x3fP1TA5k/c0vVPscNYqBcbiyrCf8H9x6aSwcg1xT5z2O2Rl
-----END CERTIFICATE-----