Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/x2FBQSlOBRjGyj3n2TYC1yPssW8.roa
File:                     x2FBQSlOBRjGyj3n2TYC1yPssW8.roa (raw, json)
Hash identifier:          SUrXe7p47/Q+x1ucb9ucmrRGcUEaUNQ3Aki5QbXUM9I=
Subject key identifier:   C7:61:41:41:29:4E:05:18:C6:CA:3D:E7:D9:36:02:D7:23:EC:B1:6F
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522191A0CC2ED1900C0721FA75D8CD6
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/x2FBQSlOBRjGyj3n2TYC1yPssW8.roa
Signing time:             Thu 02 Jan 2025 03:49:39 +0000
ROA not before:           Thu 02 Jan 2025 03:49:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204611
IP address blocks:        2a0e:b107:19cd::/48 maxlen: 48
                          2a0e:b107:1b9b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 11:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:19:1a:0c:c2:ed:19:00:c0:72:1f:a7:5d:8c:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7614141294e0518c6ca3de7d93602d723ecb16f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0b:c8:0e:06:95:c1:c7:28:34:db:ca:98:b4:
                    76:b6:85:b7:09:74:4b:c0:9f:b1:65:fb:78:cf:ab:
                    28:bf:72:ec:dd:da:0f:bc:95:8c:e7:67:e4:87:0f:
                    7f:68:1c:2f:f8:79:ac:32:3d:5e:16:b2:a2:4b:23:
                    79:d6:82:a3:ec:91:4d:c2:eb:5f:71:b0:20:61:a2:
                    80:e9:0c:f5:f5:e4:fa:46:37:d9:82:ac:e5:73:8d:
                    92:d1:76:c4:27:97:81:57:69:2a:3a:23:83:64:f6:
                    51:68:30:67:f8:a9:63:a1:90:24:15:db:a7:52:b2:
                    f4:f2:66:4e:56:db:d2:a5:26:cd:9a:83:71:ed:9b:
                    89:ea:9a:cd:fc:39:d8:68:00:da:4e:65:f0:c6:a7:
                    49:d7:d3:b6:16:53:30:d7:82:3c:d5:ff:7f:0a:7c:
                    54:5e:26:89:9c:c0:02:83:4a:13:7b:bc:10:7e:48:
                    e2:cf:e0:03:b4:49:85:1c:91:ca:ca:0f:c9:0a:04:
                    a4:64:0e:0d:c3:77:c1:59:cc:92:bd:45:8e:94:46:
                    f9:cf:e6:c6:d9:ed:a6:de:54:16:27:c9:11:ef:98:
                    9e:8d:07:f6:74:9c:7d:08:7d:05:ed:84:87:70:b7:
                    ff:ef:2e:da:59:c9:89:f4:7c:b7:4e:c7:a8:b7:fa:
                    ac:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:61:41:41:29:4E:05:18:C6:CA:3D:E7:D9:36:02:D7:23:EC:B1:6F
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/x2FBQSlOBRjGyj3n2TYC1yPssW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:19cd::/48
                  2a0e:b107:1b9b::/48

    Signature Algorithm: sha256WithRSAEncryption
         8f:90:ed:91:4b:a8:22:f8:6a:97:2d:69:c5:61:b9:15:1d:93:
         fc:5e:b1:db:d1:ab:54:59:4f:20:b8:55:35:9c:64:73:f0:a4:
         1b:0e:36:d2:a6:82:60:ca:c0:cf:2c:51:ff:b6:6e:7d:13:bb:
         13:0e:4d:17:1d:fd:c9:7f:91:3c:5b:97:8d:8c:25:5b:6a:5b:
         12:e7:68:24:05:32:4b:6c:5d:51:df:7b:d2:7f:fe:29:3f:b5:
         90:d2:4b:67:3e:53:f5:8c:69:f9:26:74:05:97:48:31:e7:ee:
         b6:c1:d6:5d:68:18:21:2f:93:6f:55:2a:b8:9d:f4:11:61:b9:
         68:03:a9:43:c9:eb:95:1c:bd:bd:91:56:15:2e:2a:9b:0f:6c:
         e8:9a:0b:f8:88:46:fe:7b:68:62:3c:7e:b8:27:16:5e:01:21:
         8e:e7:0d:21:01:0d:c6:ab:a9:bc:b7:24:5e:15:59:ef:69:46:
         4d:42:38:11:b2:62:15:8a:d2:bf:3c:b9:11:54:48:38:c6:f0:
         bc:29:ec:77:78:ce:22:43:a4:36:dd:e6:49:b4:41:60:00:5f:
         6e:e1:d4:74:2a:b6:6a:4d:c9:2b:17:35:0a:b3:d2:f8:cd:ad:
         02:fc:86:02:d7:e5:48:b2:e6:70:a6:02:93:9a:bf:2c:6f:a8:
         c4:e9:3d:65
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIhkaDMLtGQDAch+nXYzWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzYxNDE0MTI5NGUwNTE4YzZjYTNkZTdkOTM2MDJkNzIzZWNiMTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugvIDgaVwccoNNvKmLR2toW3CXRL
wJ+xZft4z6sov3Ls3doPvJWM52fkhw9/aBwv+HmsMj1eFrKiSyN51oKj7JFNwutf
cbAgYaKA6Qz19eT6RjfZgqzlc42S0XbEJ5eBV2kqOiODZPZRaDBn+KljoZAkFdun
UrL08mZOVtvSpSbNmoNx7ZuJ6prN/DnYaADaTmXwxqdJ19O2FlMw14I81f9/CnxU
XiaJnMACg0oTe7wQfkjiz+ADtEmFHJHKyg/JCgSkZA4Nw3fBWcySvUWOlEb5z+bG
2e2m3lQWJ8kR75iejQf2dJx9CH0F7YSHcLf/7y7aWcmJ9Hy3Tseot/qsYQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMdhQUEpTgUYxso959k2Atcj7LFvMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEveDJGQlFTbE9CUmpHeWozbjJUWUMxeVBzc1c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6xBxnN
AwcAKg6xBxubMA0GCSqGSIb3DQEBCwUAA4IBAQCPkO2RS6gi+GqXLWnFYbkVHZP8
XrHb0atUWU8guFU1nGRz8KQbDjbSpoJgysDPLFH/tm59E7sTDk0XHf3Jf5E8W5eN
jCVbalsS52gkBTJLbF1R33vSf/4pP7WQ0ktnPlP1jGn5JnQFl0gx5+62wdZdaBgh
L5NvVSq4nfQRYbloA6lDyeuVHL29kVYVLiqbD2zomgv4iEb+e2hiPH64JxZeASGO
5w0hAQ3Gq6m8tyReFVnvaUZNQjgRsmIVitK/PLkRVEg4xvC8Kex3eM4iQ6Q23eZJ
tEFgAF9u4dR0KrZqTckrFzUKs9L4za0C/IYC1+VIsuZwpgKTmr8sb6jE6T1l
-----END CERTIFICATE-----