Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/udeqcjgPvI5Vnt5NeMXQ0YVSew4.roa
File:                     udeqcjgPvI5Vnt5NeMXQ0YVSew4.roa (raw, json)
Hash identifier:          iGZGobhgQw1M9V8uibgNohfa9KM7gwaBPMJFOWLifSE=
Subject key identifier:   B9:D7:AA:72:38:0F:BC:8E:55:9E:DE:4D:78:C5:D0:D1:85:52:7B:0E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425223AA6110D624ECD8A78A794949CFC
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/udeqcjgPvI5Vnt5NeMXQ0YVSew4.roa
Signing time:             Thu 02 Jan 2025 03:49:47 +0000
ROA not before:           Thu 02 Jan 2025 03:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209735
IP address blocks:        2a06:de01:f6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 14:35:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:3a:a6:11:0d:62:4e:cd:8a:78:a7:94:94:9c:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b9d7aa72380fbc8e559ede4d78c5d0d185527b0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:51:64:38:c2:89:fc:7b:e0:88:10:69:2c:0a:
                    87:0a:f2:78:e9:bc:1a:51:9a:54:82:a7:6c:fc:c8:
                    83:e7:ec:1f:c2:ed:42:1d:e2:dc:bb:1b:2d:bc:4d:
                    11:6e:b8:1c:08:09:e2:c0:08:3e:28:f9:02:92:5b:
                    81:dd:4b:2b:50:17:84:71:c4:b0:5f:d1:a4:c2:f2:
                    9e:31:a3:18:af:3e:5d:57:aa:de:64:b8:5b:51:66:
                    ac:16:53:b1:f7:89:a3:ac:06:51:a7:70:a9:40:9d:
                    35:a0:9e:f2:18:d2:21:d2:6d:48:ae:f7:1b:be:41:
                    0b:6b:95:17:22:83:b1:ea:70:38:1e:e9:ff:f3:18:
                    22:b9:cc:72:b6:3a:28:1c:db:2a:fa:f9:75:76:e2:
                    56:8d:6f:c0:0e:65:97:94:48:0e:4f:32:76:d7:08:
                    f4:96:78:79:4d:24:98:aa:18:a0:de:4f:e1:ba:f6:
                    bf:b8:c2:09:85:a1:40:96:18:f9:df:02:c3:86:4c:
                    9d:28:b1:40:17:63:dc:b0:60:9d:c0:75:e4:67:83:
                    58:8f:b2:81:20:ff:06:0d:61:91:ac:ac:a0:27:66:
                    d1:a0:85:cb:c1:b2:3d:f1:40:4b:be:e2:7a:18:af:
                    e4:7c:d8:d2:e3:de:fb:b5:54:be:0a:02:e5:a0:fa:
                    32:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:D7:AA:72:38:0F:BC:8E:55:9E:DE:4D:78:C5:D0:D1:85:52:7B:0E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/udeqcjgPvI5Vnt5NeMXQ0YVSew4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de01:f6::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:46:3c:a5:f1:c2:3e:a6:6a:5e:18:a5:80:9c:b5:21:ae:f8:
         e1:76:9b:f5:c3:40:a1:11:4c:d4:5d:84:65:a1:59:98:c6:73:
         a1:aa:16:c8:ec:70:4b:bd:15:b8:9a:b1:ce:9a:bc:d9:bc:39:
         91:66:82:3e:1f:7d:06:f4:0a:d3:6b:57:d1:f0:77:e5:c4:d5:
         ca:71:19:2b:3d:42:67:b6:00:8c:ee:9a:3c:b1:be:72:c4:b7:
         ff:19:f8:60:80:6e:b7:8c:bd:fb:85:e3:32:d5:3b:ef:66:fc:
         6d:ad:2a:b5:a1:b7:0e:18:4a:03:52:8e:4a:8e:4f:5b:86:e2:
         87:f7:49:8b:ea:60:0d:99:64:bf:55:59:e8:6b:05:5f:de:cb:
         cf:db:dd:89:6e:f2:fb:d3:7e:c6:87:2c:ad:e1:d0:8e:a0:6f:
         04:8b:1b:21:35:70:ab:59:31:2d:1e:f3:c1:75:03:1a:f9:ff:
         48:7e:a4:72:c9:88:e7:22:e9:1d:31:67:ab:3d:3e:bf:ea:fa:
         e2:83:43:7f:6a:ec:a9:8d:fc:01:f9:64:33:03:b6:66:dd:ee:
         d9:1a:2f:3a:7a:5c:8d:53:3a:74:a0:7d:8e:ce:26:0c:ee:9b:
         49:fc:64:bb:f5:82:8c:e1:27:d8:5c:ca:d7:00:c6:8f:8b:c3:
         b5:d3:8a:33
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIjqmEQ1iTs2KeKeUlJz8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWQ3YWE3MjM4MGZiYzhlNTU5ZWRlNGQ3OGM1ZDBkMTg1NTI3YjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolFkOMKJ/HvgiBBpLAqHCvJ46bwa
UZpUgqds/MiD5+wfwu1CHeLcuxstvE0RbrgcCAniwAg+KPkCkluB3UsrUBeEccSw
X9GkwvKeMaMYrz5dV6reZLhbUWasFlOx94mjrAZRp3CpQJ01oJ7yGNIh0m1Irvcb
vkELa5UXIoOx6nA4Hun/8xgiucxytjooHNsq+vl1duJWjW/ADmWXlEgOTzJ21wj0
lnh5TSSYqhig3k/huva/uMIJhaFAlhj53wLDhkydKLFAF2PcsGCdwHXkZ4NYj7KB
IP8GDWGRrKygJ2bRoIXLwbI98UBLvuJ6GK/kfNjS4977tVS+CgLloPoylwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLnXqnI4D7yOVZ7eTXjF0NGFUnsOMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdWRlcWNqZ1B2STVWbnQ1TmVNWFEwWVZTZXc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgbeAQD2
MA0GCSqGSIb3DQEBCwUAA4IBAQBMRjyl8cI+pmpeGKWAnLUhrvjhdpv1w0ChEUzU
XYRloVmYxnOhqhbI7HBLvRW4mrHOmrzZvDmRZoI+H30G9ArTa1fR8HflxNXKcRkr
PUJntgCM7po8sb5yxLf/GfhggG63jL37heMy1TvvZvxtrSq1obcOGEoDUo5Kjk9b
huKH90mL6mANmWS/VVnoawVf3svP292JbvL7037Ghyyt4dCOoG8EixshNXCrWTEt
HvPBdQMa+f9IfqRyyYjnIukdMWerPT6/6vrig0N/auypjfwB+WQzA7Zm3e7ZGi86
elyNUzp0oH2OziYM7ptJ/GS79YKM4SfYXMrXAMaPi8O104oz
-----END CERTIFICATE-----