Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/z94QxTi0yvM-Lqx2jN-b9oRx62I.roa
File:                     z94QxTi0yvM-Lqx2jN-b9oRx62I.roa (raw, json)
Hash identifier:          7G+e0fxou9I3UBkR9jZJg3eJpWemDIonqaPuWHkCt08=
Subject key identifier:   CF:DE:10:C5:38:B4:CA:F3:3E:2E:AC:76:8C:DF:9B:F6:84:71:EB:62
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252223D2AB6FD09A40E0092050C68522
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/z94QxTi0yvM-Lqx2jN-b9oRx62I.roa
Signing time:             Thu 02 Jan 2025 03:49:41 +0000
ROA not before:           Thu 02 Jan 2025 03:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206895
IP address blocks:        2a0e:97c0:a10::/48 maxlen: 48
                          2a0e:97c0:a11::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 11:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:23:d2:ab:6f:d0:9a:40:e0:09:20:50:c6:85:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cfde10c538b4caf33e2eac768cdf9bf68471eb62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:2f:fc:fb:14:4c:8f:f1:77:02:83:0e:66:b5:
                    ab:bf:14:52:44:c0:5b:dc:b1:a4:57:7e:14:7e:39:
                    f4:df:21:34:f3:d2:b9:66:04:b0:a2:c2:1e:e8:ac:
                    bd:7e:41:63:72:14:de:27:0f:8e:cb:63:a9:82:a9:
                    1d:f2:71:70:dc:6b:f1:fa:bc:37:77:06:49:99:c1:
                    05:e5:2a:49:b1:fa:22:33:8f:c6:bd:5b:46:98:93:
                    e1:c5:b4:e8:a3:22:5d:81:6f:96:0d:53:cd:49:1c:
                    ea:7a:02:9b:b8:2a:b4:17:6a:2e:7a:26:22:e9:76:
                    0f:17:0f:8f:fe:e0:3d:9b:c8:8d:81:53:ff:56:ca:
                    04:24:1a:62:df:f9:02:7e:ad:c3:89:26:a2:ff:ff:
                    44:59:aa:65:17:50:6b:10:99:f7:56:25:f0:2d:48:
                    46:09:1d:94:6c:2f:c8:9c:8a:b3:db:5b:15:e6:93:
                    5f:04:a3:ec:ec:56:6e:db:21:4e:eb:ce:e7:e8:f9:
                    67:a4:74:93:1c:80:4b:08:cf:53:aa:10:cf:71:ec:
                    48:f7:4f:ce:4e:ba:88:7f:6d:9f:d4:be:66:fb:f2:
                    1d:94:a9:d9:e4:d5:31:5a:08:29:4f:c5:8d:11:04:
                    5d:02:8f:20:72:72:65:a5:3d:4d:61:3d:e5:fb:d7:
                    f4:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:DE:10:C5:38:B4:CA:F3:3E:2E:AC:76:8C:DF:9B:F6:84:71:EB:62
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/z94QxTi0yvM-Lqx2jN-b9oRx62I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:a10::/47

    Signature Algorithm: sha256WithRSAEncryption
         43:50:20:74:3e:39:2b:77:9b:4e:d6:76:29:d2:39:1f:0f:c3:
         e1:04:95:1d:52:51:7c:65:92:78:ed:ed:a5:34:6e:50:b9:6a:
         97:ac:29:31:b8:b1:d9:05:20:90:e8:28:f3:e6:3a:a2:1b:5b:
         98:92:b5:fa:df:e6:f8:97:96:b2:05:7c:3c:78:ac:98:92:75:
         81:f2:85:84:22:9f:e6:31:91:18:b8:10:df:b9:0d:51:c8:d2:
         8a:c8:38:29:47:9c:6d:d7:a2:0b:16:e2:24:94:86:c0:ba:a7:
         47:48:40:34:57:73:25:78:53:a2:d4:2a:0f:df:3b:e6:6e:65:
         a0:c9:b2:a4:7c:f7:51:66:7c:c7:7e:5c:33:31:83:1b:7c:97:
         22:1a:63:22:5c:71:ba:d6:44:06:f8:83:51:25:89:9e:9f:76:
         f2:ed:17:f1:70:2b:99:51:76:29:e5:61:ce:c7:5f:ac:3c:45:
         fc:8b:15:1e:5a:8f:16:84:13:98:fc:86:b7:2f:ff:92:0f:b1:
         f2:07:12:de:d4:7e:b3:11:9a:80:a5:30:91:86:c5:c3:59:bf:
         e7:d5:0c:90:19:a1:e7:5d:76:ca:fb:15:8d:61:55:d4:e0:07:
         ee:22:92:7c:ed:3b:2c:ae:f9:3b:48:40:86:c5:65:1f:49:bf:
         c4:2e:4f:88
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIiPSq2/QmkDgCSBQxoUiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmRlMTBjNTM4YjRjYWYzM2UyZWFjNzY4Y2RmOWJmNjg0NzFlYjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzC/8+xRMj/F3AoMOZrWrvxRSRMBb
3LGkV34Ufjn03yE089K5ZgSwosIe6Ky9fkFjchTeJw+Oy2Opgqkd8nFw3Gvx+rw3
dwZJmcEF5SpJsfoiM4/GvVtGmJPhxbTooyJdgW+WDVPNSRzqegKbuCq0F2oueiYi
6XYPFw+P/uA9m8iNgVP/VsoEJBpi3/kCfq3DiSai//9EWaplF1BrEJn3ViXwLUhG
CR2UbC/InIqz21sV5pNfBKPs7FZu2yFO687n6PlnpHSTHIBLCM9TqhDPcexI90/O
TrqIf22f1L5m+/IdlKnZ5NUxWggpT8WNEQRdAo8gcnJlpT1NYT3l+9f0JwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM/eEMU4tMrzPi6sdozfm/aEcetiMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvejk0UXhUaTB5dk0tTHF4MmpOLWI5b1J4NjJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKg6XwAoQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBDUCB0Pjkrd5tO1nYp0jkfD8PhBJUdUlF8ZZJ4
7e2lNG5QuWqXrCkxuLHZBSCQ6Cjz5jqiG1uYkrX63+b4l5ayBXw8eKyYknWB8oWE
Ip/mMZEYuBDfuQ1RyNKKyDgpR5xt16ILFuIklIbAuqdHSEA0V3MleFOi1CoP3zvm
bmWgybKkfPdRZnzHflwzMYMbfJciGmMiXHG61kQG+INRJYmen3by7RfxcCuZUXYp
5WHOx1+sPEX8ixUeWo8WhBOY/Ia3L/+SD7HyBxLe1H6zEZqApTCRhsXDWb/n1QyQ
GaHnXXbK+xWNYVXU4AfuIpJ87Tssrvk7SECGxWUfSb/ELk+I
-----END CERTIFICATE-----