Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/yQ71Y8JLhoVKxns_kcDhqWdTmBs.roa
File:                     yQ71Y8JLhoVKxns_kcDhqWdTmBs.roa (raw, json)
Hash identifier:          M+RjWlxI6Z4zgHD0MuObwu/oNfbLnRT5/QLimPpxAAg=
Subject key identifier:   C9:0E:F5:63:C2:4B:86:85:4A:C6:7B:3F:91:C0:E1:A9:67:53:98:1B
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252285C7E8B67B78537B7E92B088359B
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/yQ71Y8JLhoVKxns_kcDhqWdTmBs.roa
Signing time:             Thu 02 Jan 2025 03:50:06 +0000
ROA not before:           Thu 02 Jan 2025 03:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215192
IP address blocks:        2a0e:b107:28c0::/45 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:85:c7:e8:b6:7b:78:53:7b:7e:92:b0:88:35:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c90ef563c24b86854ac67b3f91c0e1a96753981b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:a6:be:e9:e7:69:2e:ed:60:e2:45:70:c3:31:
                    2d:fd:af:6d:29:3a:e0:c6:4a:ce:56:99:b7:4a:fa:
                    40:ec:26:cd:e9:e5:81:99:a7:e5:52:8d:5f:b0:3e:
                    bd:1c:b5:98:0b:6a:6b:d3:7f:53:29:1a:7e:ad:cb:
                    d8:d0:41:2c:5a:9e:32:53:b1:b1:39:e6:a9:d0:6b:
                    91:05:f4:58:09:b9:c2:43:5f:06:5e:52:10:81:57:
                    9e:75:b4:45:45:9a:b3:50:7d:c4:82:57:7e:b7:ce:
                    a5:b2:d7:83:3a:d0:9b:63:59:f4:80:28:70:a4:4b:
                    75:1c:e2:13:7c:f5:5a:c7:1b:51:55:1d:1f:1a:98:
                    b1:fc:83:86:2c:bb:29:d3:15:aa:5d:2a:70:58:1c:
                    d3:e6:a1:a2:a7:72:6e:0b:62:ce:a6:1d:5d:76:6f:
                    67:fd:f2:96:9a:ad:83:31:0e:c4:59:50:af:87:f6:
                    06:5d:68:dc:53:77:91:eb:95:f9:1d:10:91:b6:9f:
                    4c:41:fa:12:a0:49:d7:1c:eb:8b:47:19:aa:c6:83:
                    cb:e6:e9:58:92:13:18:2e:5d:d5:2f:ea:46:b2:d2:
                    d0:4c:76:75:b4:66:c1:f8:6a:f5:43:13:42:19:4d:
                    7d:5c:6a:a9:81:47:54:5f:66:25:af:cc:2f:53:f5:
                    30:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:0E:F5:63:C2:4B:86:85:4A:C6:7B:3F:91:C0:E1:A9:67:53:98:1B
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/yQ71Y8JLhoVKxns_kcDhqWdTmBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:28c0::/45

    Signature Algorithm: sha256WithRSAEncryption
         97:5b:40:3b:ae:e5:46:9d:8b:f1:01:08:e2:19:f7:36:19:b6:
         28:9f:2f:6e:47:58:6d:f2:42:0f:2b:55:0a:2b:e5:09:8b:e9:
         d9:a2:aa:b3:fa:cd:25:3b:d2:86:a2:c5:dc:56:a4:ba:3f:44:
         24:53:10:07:37:cd:bc:31:2e:ab:c1:61:fd:ac:22:9c:ad:1d:
         22:6d:f5:57:5a:eb:ff:65:83:01:a9:cb:51:03:3a:2f:7d:0c:
         9a:6d:66:c5:b9:a8:2e:d0:82:6c:13:d6:2c:19:02:d5:82:3e:
         9e:0b:6f:93:53:98:5d:2f:46:10:7c:8f:b8:25:9f:89:60:0f:
         31:4d:e0:28:96:56:36:0c:45:5d:f6:b7:d9:e5:1b:5f:38:19:
         27:1b:b9:ed:09:db:39:8f:55:8c:2a:7c:0b:06:e8:f6:20:4f:
         9d:ea:12:ff:21:9d:7b:90:2e:69:53:94:58:f6:14:45:0a:cb:
         f6:19:3c:7d:6b:32:de:c7:de:83:35:53:78:97:0b:8c:60:4e:
         39:63:5a:fe:78:22:99:bf:46:ee:01:15:d3:b2:86:19:22:bd:
         a1:a8:79:2c:f4:82:02:46:e6:f9:08:23:0e:d2:16:88:6d:d7:
         cf:4f:d2:c5:95:53:fb:73:24:49:65:b9:d5:43:a4:93:72:15:
         c4:c1:3d:c0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIoXH6LZ7eFN7fpKwiDWbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTBlZjU2M2MyNGI4Njg1NGFjNjdiM2Y5MWMwZTFhOTY3NTM5ODFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Ka+6edpLu1g4kVwwzEt/a9tKTrg
xkrOVpm3SvpA7CbN6eWBmaflUo1fsD69HLWYC2pr039TKRp+rcvY0EEsWp4yU7Gx
Oeap0GuRBfRYCbnCQ18GXlIQgVeedbRFRZqzUH3Egld+t86lsteDOtCbY1n0gChw
pEt1HOITfPVaxxtRVR0fGpix/IOGLLsp0xWqXSpwWBzT5qGip3JuC2LOph1ddm9n
/fKWmq2DMQ7EWVCvh/YGXWjcU3eR65X5HRCRtp9MQfoSoEnXHOuLRxmqxoPL5ulY
khMYLl3VL+pGstLQTHZ1tGbB+Gr1QxNCGU19XGqpgUdUX2Ylr8wvU/UwdwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMkO9WPCS4aFSsZ7P5HA4alnU5gbMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEveVE3MVk4Skxob1ZLeG5zX2tjRGhxV2RUbUJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcDKg6xByjA
MA0GCSqGSIb3DQEBCwUAA4IBAQCXW0A7ruVGnYvxAQjiGfc2GbYony9uR1ht8kIP
K1UKK+UJi+nZoqqz+s0lO9KGosXcVqS6P0QkUxAHN828MS6rwWH9rCKcrR0ibfVX
Wuv/ZYMBqctRAzovfQyabWbFuagu0IJsE9YsGQLVgj6eC2+TU5hdL0YQfI+4JZ+J
YA8xTeAollY2DEVd9rfZ5RtfOBknG7ntCds5j1WMKnwLBuj2IE+d6hL/IZ17kC5p
U5RY9hRFCsv2GTx9azLex96DNVN4lwuMYE45Y1r+eCKZv0buARXTsoYZIr2hqHks
9IICRub5CCMO0haIbdfPT9LFlVP7cyRJZbnVQ6STchXEwT3A
-----END CERTIFICATE-----