Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/yWFN3NztyPu2lMbGrjerGBlCZB0.roa
File:                     yWFN3NztyPu2lMbGrjerGBlCZB0.roa (raw, json)
Hash identifier:          DVepJ0DjtmrkqkHgpAuRg50JmXF8m7eYRFNQ9pleAAU=
Subject key identifier:   C9:61:4D:DC:DC:ED:C8:FB:B6:94:C6:C6:AE:37:AB:18:19:42:64:1D
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425222890A881F5D7F27D0BE3EE3ECAC6
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/yWFN3NztyPu2lMbGrjerGBlCZB0.roa
Signing time:             Thu 02 Jan 2025 03:49:43 +0000
ROA not before:           Thu 02 Jan 2025 03:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207662
IP address blocks:        2a0e:97c0:760::/44 maxlen: 48
                          2a0e:97c0:76f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 13:24:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:28:90:a8:81:f5:d7:f2:7d:0b:e3:ee:3e:ca:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9614ddcdcedc8fbb694c6c6ae37ab181942641d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:2f:64:f1:65:11:90:15:38:f0:6e:11:78:3f:
                    92:d0:db:e5:d7:1f:6c:a4:49:05:fd:cf:c2:40:45:
                    5f:cd:b5:60:a8:34:3e:0f:39:29:74:56:a1:c2:3d:
                    ba:d4:a5:3a:bc:f8:76:3e:30:77:e1:48:40:cc:fa:
                    66:a6:d3:9d:97:a1:0b:50:3f:4f:3a:06:1c:be:ef:
                    9d:39:7c:fa:3e:d2:f2:59:f4:f7:e7:8d:d3:47:44:
                    d8:c0:67:f4:ef:de:1e:60:4d:8c:44:b0:7e:96:4c:
                    bc:d1:f8:84:6c:7a:26:c2:e7:aa:c9:61:7d:84:ce:
                    7a:1b:41:32:76:5a:c4:f9:02:3a:f9:b3:c0:9b:2b:
                    6d:6d:84:ee:8e:92:87:00:4d:42:7b:cb:18:2f:40:
                    d1:32:d4:1e:25:63:ed:58:3b:85:bb:fe:c7:fa:d7:
                    d2:a8:00:2b:d4:7f:b1:19:f6:11:9b:3c:15:99:b4:
                    92:1c:02:c7:65:ed:31:46:bf:e5:45:7b:f4:13:d8:
                    7e:70:73:d4:00:d2:4c:32:ac:f7:92:fc:8f:1a:d9:
                    57:4f:63:ce:1d:c7:11:79:9c:56:cc:17:b5:dc:30:
                    6a:5b:de:45:3a:30:1c:f0:e7:0f:ad:6d:58:39:d1:
                    b2:ad:81:90:5e:5a:7d:82:40:0b:cb:a2:e5:5f:18:
                    97:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:61:4D:DC:DC:ED:C8:FB:B6:94:C6:C6:AE:37:AB:18:19:42:64:1D
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/yWFN3NztyPu2lMbGrjerGBlCZB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:760::/44

    Signature Algorithm: sha256WithRSAEncryption
         c9:bd:d9:f6:b8:75:16:05:76:13:52:59:ea:58:db:44:74:b0:
         eb:df:ab:1b:6d:c5:93:2d:00:94:87:53:d0:fd:c6:94:62:8a:
         a1:8a:48:89:cf:40:a8:15:da:61:41:dd:52:e1:44:9a:62:72:
         9b:71:c1:6b:39:93:b2:ed:3d:ae:80:51:70:36:0a:8d:19:c3:
         5a:84:b4:53:9b:24:df:97:36:9f:34:b3:d9:ce:c8:94:9e:e6:
         80:13:98:a8:66:97:0a:a0:b4:80:29:33:de:4c:13:fb:42:3a:
         8c:d9:bb:f0:0a:e8:ee:d4:08:45:4d:72:fb:3d:0e:e5:96:7b:
         b6:7b:a9:3a:85:50:c2:d6:f7:87:d2:a5:0f:4e:d5:91:92:7b:
         fa:90:62:0d:4e:0e:18:0b:4f:42:ad:b2:8c:8a:7b:3a:fd:d2:
         77:67:c0:19:b6:de:f3:f5:a4:8f:2c:e9:66:cd:fb:33:c2:b4:
         b7:c7:0c:af:06:88:f1:70:d3:7d:09:38:99:ee:24:22:b9:ac:
         7c:81:72:86:f8:f6:7a:df:d2:be:bf:f0:1b:1b:f2:8f:b3:14:
         58:e2:93:b3:14:2b:a3:d7:e7:54:1f:fb:90:3d:85:a2:94:2e:
         ef:63:1b:d3:87:43:67:c8:5d:ef:59:14:58:0e:1e:83:23:58:
         31:59:70:a7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIiiQqIH11/J9C+PuPsrGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTYxNGRkY2RjZWRjOGZiYjY5NGM2YzZhZTM3YWIxODE5NDI2NDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvy9k8WURkBU48G4ReD+S0Nvl1x9s
pEkF/c/CQEVfzbVgqDQ+DzkpdFahwj261KU6vPh2PjB34UhAzPpmptOdl6ELUD9P
OgYcvu+dOXz6PtLyWfT3543TR0TYwGf0794eYE2MRLB+lky80fiEbHomwueqyWF9
hM56G0EydlrE+QI6+bPAmyttbYTujpKHAE1Ce8sYL0DRMtQeJWPtWDuFu/7H+tfS
qAAr1H+xGfYRmzwVmbSSHALHZe0xRr/lRXv0E9h+cHPUANJMMqz3kvyPGtlXT2PO
HccReZxWzBe13DBqW95FOjAc8OcPrW1YOdGyrYGQXlp9gkALy6LlXxiXGwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMlhTdzc7cj7tpTGxq43qxgZQmQdMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEveVdGTjNOenR5UHUybE1iR3JqZXJHQmxDWkIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAdg
MA0GCSqGSIb3DQEBCwUAA4IBAQDJvdn2uHUWBXYTUlnqWNtEdLDr36sbbcWTLQCU
h1PQ/caUYoqhikiJz0CoFdphQd1S4USaYnKbccFrOZOy7T2ugFFwNgqNGcNahLRT
myTflzafNLPZzsiUnuaAE5ioZpcKoLSAKTPeTBP7QjqM2bvwCuju1AhFTXL7PQ7l
lnu2e6k6hVDC1veH0qUPTtWRknv6kGINTg4YC09CrbKMins6/dJ3Z8AZtt7z9aSP
LOlmzfszwrS3xwyvBojxcNN9CTiZ7iQiuax8gXKG+PZ639K+v/AbG/KPsxRY4pOz
FCuj1+dUH/uQPYWilC7vYxvTh0NnyF3vWRRYDh6DI1gxWXCn
-----END CERTIFICATE-----