Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/sjxo1thPRYwTYf8X5xO-lOtvObw.roa
File:                     sjxo1thPRYwTYf8X5xO-lOtvObw.roa (raw, json)
Hash identifier:          3GdcDXh1lQDRwsuP4Bx8K/esUMPK6ri9n8Rits5RzFo=
Subject key identifier:   B2:3C:68:D6:D8:4F:45:8C:13:61:FF:17:E7:13:BE:94:EB:6F:39:BC
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0195B0D20E4246E52D0F78AC525A8566687C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/sjxo1thPRYwTYf8X5xO-lOtvObw.roa
Signing time:             Wed 19 Mar 2025 23:51:50 +0000
ROA not before:           Wed 19 Mar 2025 23:51:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202256
IP address blocks:        2a06:de01:800::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b0:d2:0e:42:46:e5:2d:0f:78:ac:52:5a:85:66:68:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Mar 19 23:51:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b23c68d6d84f458c1361ff17e713be94eb6f39bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d1:da:7e:b1:eb:93:50:c9:72:90:52:cc:94:
                    dd:37:bb:07:cb:17:cc:19:af:78:67:37:85:ea:9f:
                    c1:34:00:3a:7f:49:56:1f:8e:95:67:21:61:db:85:
                    01:fe:92:98:94:46:a5:df:03:cb:a7:82:1c:34:7f:
                    81:f6:1a:7c:5a:d2:cc:4b:0c:25:b6:47:dc:b7:a5:
                    cd:cc:2a:ba:9c:54:6e:a0:b0:f3:8d:62:47:5c:c3:
                    44:c4:7e:4a:99:ed:b1:00:79:2b:30:c0:01:97:6c:
                    ca:c7:18:ad:10:ca:2a:97:53:50:6d:9d:b7:e5:e2:
                    d8:90:e8:a6:10:dc:cc:a8:6f:30:0a:c3:22:4d:96:
                    f1:98:60:72:93:c5:20:cd:de:4a:78:be:b9:01:cc:
                    91:08:69:8d:17:11:0f:06:09:69:37:95:00:04:6b:
                    64:dc:05:95:c2:32:88:30:2b:fb:97:87:b6:56:43:
                    d5:1c:19:28:e6:f2:57:29:85:84:65:95:df:c7:d1:
                    9c:1b:f2:1b:75:8f:e8:5f:00:d0:45:62:60:87:e9:
                    1e:32:89:37:95:f9:17:01:19:4e:e4:c9:49:75:59:
                    16:ef:21:bb:a7:84:0a:5b:fe:fa:28:a0:09:6e:c4:
                    e9:bf:10:fd:16:5e:89:9e:c2:db:8e:40:b3:a4:b0:
                    bc:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:3C:68:D6:D8:4F:45:8C:13:61:FF:17:E7:13:BE:94:EB:6F:39:BC
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/sjxo1thPRYwTYf8X5xO-lOtvObw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de01:800::/38

    Signature Algorithm: sha256WithRSAEncryption
         25:50:d5:6c:b8:a5:74:ba:42:ae:18:32:df:14:96:e3:f7:6c:
         0f:bb:e7:97:1c:be:2e:5c:24:72:47:8d:b1:50:37:ef:ec:ad:
         e2:66:23:d8:81:88:59:e1:31:6e:a0:b9:9b:9c:3d:16:1c:ca:
         4b:91:a5:d3:f5:8c:33:a0:65:cd:e8:7a:58:94:80:a3:b5:11:
         fe:af:f4:bd:b5:2d:80:bb:fe:69:16:e7:f3:34:52:9e:0f:e5:
         0c:78:94:79:39:59:a9:38:51:76:0c:90:f9:50:d4:c2:d1:91:
         a5:ae:a3:4f:98:8b:db:a4:d0:9b:7f:3a:2f:91:4c:03:5d:8f:
         93:5d:e3:0a:7a:ce:56:4e:ec:1a:49:f2:2e:1f:68:36:04:b8:
         bd:1c:82:5d:74:4e:ed:a1:c0:a0:3a:aa:5f:87:ea:ef:7e:91:
         1f:18:da:49:3b:9c:fd:97:cf:ef:58:17:3a:4e:80:78:21:3b:
         ea:85:b8:ed:ef:2a:ee:3f:ee:59:9e:f9:ec:c3:e1:a5:67:8c:
         c9:e6:d5:56:92:38:b1:d3:c0:95:fb:11:75:d8:55:1c:d3:2f:
         a6:6d:e7:66:11:e3:9c:c4:07:8e:1d:2d:61:bd:ab:5a:c6:6c:
         4a:b4:a7:02:07:a9:fc:6c:50:42:fe:6f:9d:2e:ae:a0:9e:a0:
         b0:b0:07:fc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZWw0g5CRuUtD3isUlqFZmh8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMzE5MjM1MTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjNjNjhkNmQ4NGY0NThjMTM2MWZmMTdlNzEzYmU5NGViNmYzOWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNHafrHrk1DJcpBSzJTdN7sHyxfM
Ga94ZzeF6p/BNAA6f0lWH46VZyFh24UB/pKYlEal3wPLp4IcNH+B9hp8WtLMSwwl
tkfct6XNzCq6nFRuoLDzjWJHXMNExH5Kme2xAHkrMMABl2zKxxitEMoql1NQbZ23
5eLYkOimENzMqG8wCsMiTZbxmGByk8Ugzd5KeL65AcyRCGmNFxEPBglpN5UABGtk
3AWVwjKIMCv7l4e2VkPVHBko5vJXKYWEZZXfx9GcG/IbdY/oXwDQRWJgh+keMok3
lfkXARlO5MlJdVkW7yG7p4QKW/76KKAJbsTpvxD9Fl6JnsLbjkCzpLC8uQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLI8aNbYT0WME2H/F+cTvpTrbzm8MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvc2p4bzF0aFBSWXdUWWY4WDV4Ty1sT3R2T2J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgbeAQgw
DQYJKoZIhvcNAQELBQADggEBACVQ1Wy4pXS6Qq4YMt8UluP3bA+755ccvi5cJHJH
jbFQN+/sreJmI9iBiFnhMW6guZucPRYcykuRpdP1jDOgZc3oeliUgKO1Ef6v9L21
LYC7/mkW5/M0Up4P5Qx4lHk5Wak4UXYMkPlQ1MLRkaWuo0+Yi9uk0Jt/Oi+RTANd
j5Nd4wp6zlZO7BpJ8i4faDYEuL0cgl10Tu2hwKA6ql+H6u9+kR8Y2kk7nP2Xz+9Y
FzpOgHghO+qFuO3vKu4/7lme+ezD4aVnjMnm1VaSOLHTwJX7EXXYVRzTL6Zt52YR
45zEB44dLWG9q1rGbEq0pwIHqfxsUEL+b50urqCeoLCwB/w=
-----END CERTIFICATE-----