Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/smT5ntzu5X91ZMvMz7yXjnoS0Nw.roa
File:                     smT5ntzu5X91ZMvMz7yXjnoS0Nw.roa (raw, json)
Hash identifier:          5W8qH08FsUkat/gm7uOqNSm4is+Mvj95a4Q2I6bOEsI=
Subject key identifier:   B2:64:F9:9E:DC:EE:E5:7F:75:64:CB:CC:CF:BC:97:8E:7A:12:D0:DC
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194BB9F00548F416ACA1E82FB5A489FC03D
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/smT5ntzu5X91ZMvMz7yXjnoS0Nw.roa
Signing time:             Fri 31 Jan 2025 09:09:07 +0000
ROA not before:           Fri 31 Jan 2025 09:09:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197649
IP address blocks:        2a0e:97c0:c48::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:bb:9f:00:54:8f:41:6a:ca:1e:82:fb:5a:48:9f:c0:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan 31 09:09:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b264f99edceee57f7564cbcccfbc978e7a12d0dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c2:1c:51:89:bb:a7:81:5f:4f:38:af:8a:8a:
                    2f:91:ac:70:be:f2:cb:4b:00:f0:6e:cb:d2:9c:81:
                    d1:58:18:de:d8:1f:12:1c:13:9a:e0:34:f7:37:ff:
                    de:d8:b9:18:55:5b:db:a8:18:80:63:cc:ab:66:b0:
                    40:de:6e:a3:37:85:48:21:08:01:bb:2e:43:30:b6:
                    ca:41:a2:30:a8:f6:47:78:4d:6d:0e:7d:64:c0:1f:
                    dc:15:b2:76:7e:cb:cc:d5:08:f5:77:af:50:b7:6a:
                    6a:b1:63:cb:5b:8b:b9:19:7c:2f:0b:ae:2e:1b:4e:
                    53:71:f0:92:a9:93:ca:3a:87:b3:72:8a:0c:e5:5d:
                    b1:26:b8:5d:bd:8a:99:45:16:c4:5b:b2:6b:ef:cb:
                    d6:d1:a3:49:e2:93:59:01:e0:f4:b4:ab:09:8e:e4:
                    12:79:ed:7f:3e:b0:39:73:21:5d:61:02:58:46:b5:
                    29:f7:d2:17:78:00:6e:11:9d:b2:6f:62:ea:50:08:
                    b9:e8:2a:a0:f4:b4:27:cc:80:f4:ff:e5:a4:91:a7:
                    80:17:de:73:02:d7:a9:1c:d8:8a:2f:94:c4:03:ec:
                    03:fa:c8:96:f1:a9:37:fb:81:29:e9:0b:99:f4:1c:
                    ce:35:37:32:93:03:f3:c2:49:84:20:8e:51:dd:79:
                    e6:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:64:F9:9E:DC:EE:E5:7F:75:64:CB:CC:CF:BC:97:8E:7A:12:D0:DC
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/smT5ntzu5X91ZMvMz7yXjnoS0Nw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:c48::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:4e:44:02:eb:b1:a3:71:73:80:d0:82:bc:24:af:7a:b0:84:
         24:5b:b7:67:8f:ba:c1:37:38:a8:e9:ff:2f:19:77:04:2e:0a:
         da:fc:ef:c2:21:e3:00:cb:80:ea:80:ef:ec:8f:0e:d6:2b:e4:
         a5:ff:97:60:9e:be:5d:dc:a5:e3:6b:73:2f:8c:b7:d4:35:4f:
         48:3a:3b:e2:52:6a:79:fa:6d:f8:ba:bf:ff:4a:dd:03:ef:87:
         10:e6:09:57:53:06:d3:31:4e:e0:47:93:1c:4f:63:dd:21:0e:
         d8:ea:d6:fb:f2:88:f5:92:72:64:99:7b:89:67:07:e0:da:af:
         ec:14:46:81:0e:95:f8:b6:d0:39:36:fb:a3:12:ec:bf:6d:e7:
         e8:1b:a1:0f:e6:85:55:79:72:3d:58:b1:51:12:ec:0a:20:cd:
         06:ba:da:9d:8d:96:5c:b9:85:de:39:eb:b8:3f:af:8c:8c:75:
         aa:b3:b7:45:7b:a2:e0:5e:7a:a0:d5:ba:9c:45:11:54:63:46:
         e8:b9:32:f8:a2:3d:56:a5:fb:ff:47:26:69:1c:54:d8:27:c8:
         eb:1c:8d:d2:de:5d:da:66:c3:1c:4c:01:da:38:df:a6:bb:e2:
         86:53:f2:49:df:16:dd:c1:1d:f9:0f:73:24:ee:63:b2:5c:01:
         e9:46:23:97
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZS7nwBUj0Fqyh6C+1pIn8A9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTMxMDkwOTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjY0Zjk5ZWRjZWVlNTdmNzU2NGNiY2NjZmJjOTc4ZTdhMTJkMGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1MIcUYm7p4FfTzivioovkaxwvvLL
SwDwbsvSnIHRWBje2B8SHBOa4DT3N//e2LkYVVvbqBiAY8yrZrBA3m6jN4VIIQgB
uy5DMLbKQaIwqPZHeE1tDn1kwB/cFbJ2fsvM1Qj1d69Qt2pqsWPLW4u5GXwvC64u
G05TcfCSqZPKOoezcooM5V2xJrhdvYqZRRbEW7Jr78vW0aNJ4pNZAeD0tKsJjuQS
ee1/PrA5cyFdYQJYRrUp99IXeABuEZ2yb2LqUAi56Cqg9LQnzID0/+WkkaeAF95z
AtepHNiKL5TEA+wD+siW8ak3+4Ep6QuZ9BzONTcykwPzwkmEII5R3XnmMQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLJk+Z7c7uV/dWTLzM+8l456EtDcMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvc21UNW50enU1WDkxWk12TXo3eVhqbm9TME53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6XwAxI
MA0GCSqGSIb3DQEBCwUAA4IBAQCOTkQC67GjcXOA0IK8JK96sIQkW7dnj7rBNzio
6f8vGXcELgra/O/CIeMAy4DqgO/sjw7WK+Sl/5dgnr5d3KXja3MvjLfUNU9IOjvi
Ump5+m34ur//St0D74cQ5glXUwbTMU7gR5McT2PdIQ7Y6tb78oj1knJkmXuJZwfg
2q/sFEaBDpX4ttA5NvujEuy/befoG6EP5oVVeXI9WLFREuwKIM0GutqdjZZcuYXe
Oeu4P6+MjHWqs7dFe6LgXnqg1bqcRRFUY0bouTL4oj1Wpfv/RyZpHFTYJ8jrHI3S
3l3aZsMcTAHaON+mu+KGU/JJ3xbdwR35D3Mk7mOyXAHpRiOX
-----END CERTIFICATE-----