Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/zMCpFWa6PslNf2YLkyRavsMfHr4.roa
File:                     zMCpFWa6PslNf2YLkyRavsMfHr4.roa (raw, json)
Hash identifier:          y2T1YRlRLTfVtzVq02jCu27BdNg3VU4sPHmeC0t67dA=
Subject key identifier:   CC:C0:A9:15:66:BA:3E:C9:4D:7F:66:0B:93:24:5A:BE:C3:1F:1E:BE
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425224AECD18280B28EC9C5CB894F9B8C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/zMCpFWa6PslNf2YLkyRavsMfHr4.roa
Signing time:             Thu 02 Jan 2025 03:49:51 +0000
ROA not before:           Thu 02 Jan 2025 03:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211139
IP address blocks:        2a0e:b107:1910::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Mar 2025 19:20:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:4a:ec:d1:82:80:b2:8e:c9:c5:cb:89:4f:9b:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ccc0a91566ba3ec94d7f660b93245abec31f1ebe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:b6:e9:81:97:43:81:b5:19:ee:cf:9d:00:a3:
                    d5:bd:8a:d0:f1:5b:1d:07:f7:d1:2c:15:c9:49:26:
                    6f:71:c3:42:09:be:af:4a:c6:cf:bf:6e:90:1e:b5:
                    69:43:4a:2b:26:ad:ca:d8:ac:5e:b0:7a:f5:c9:28:
                    b8:de:9c:f2:91:d4:10:ad:c2:9b:32:7d:c0:f2:58:
                    25:9d:2f:d9:aa:b7:4e:0a:1c:3d:14:3b:93:7a:ae:
                    16:fb:29:bb:5c:34:7b:f8:39:33:d3:bb:3a:a5:f9:
                    fe:0f:42:50:24:74:3c:88:df:05:51:98:2f:5e:98:
                    7a:f3:7e:cc:60:81:da:50:d5:7c:df:3d:50:99:6d:
                    f4:d9:ff:fd:38:c6:e4:07:4d:31:66:b2:0c:eb:c1:
                    49:3f:1b:1f:41:c7:d6:53:58:37:8b:35:43:8c:1a:
                    be:e1:54:f5:54:8a:f0:a3:1d:31:e2:6a:79:af:45:
                    8a:82:43:f8:49:dc:f9:32:27:46:c7:70:5e:44:6a:
                    74:f2:be:7b:29:7c:f9:56:a2:17:4d:99:22:33:05:
                    37:31:6a:3f:6a:80:d0:ad:04:b0:b2:5d:6c:86:80:
                    8d:4e:53:39:0c:16:61:07:04:bc:f9:d3:f1:0e:ce:
                    e5:47:f3:96:fe:a2:cf:98:ff:44:5f:6e:41:6d:52:
                    44:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:C0:A9:15:66:BA:3E:C9:4D:7F:66:0B:93:24:5A:BE:C3:1F:1E:BE
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/zMCpFWa6PslNf2YLkyRavsMfHr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1910::/44

    Signature Algorithm: sha256WithRSAEncryption
         12:ce:73:22:11:ed:68:eb:1a:9d:47:ff:6b:d9:94:49:2f:fe:
         c0:81:47:d1:bd:79:2f:74:b8:32:e7:da:85:f1:55:b4:ab:fb:
         c6:73:70:1b:0e:fc:0c:ec:69:20:f4:55:c3:0e:da:7c:66:e4:
         42:3f:6e:87:2d:f3:fc:aa:e9:33:47:eb:95:e6:6a:63:3c:e6:
         71:ea:82:b4:66:52:c0:0c:d7:67:95:8c:b7:5f:2d:fe:35:25:
         18:b2:d4:ea:56:48:13:e6:7e:51:37:83:ce:26:29:94:9e:0a:
         6d:33:ad:6f:44:3a:83:18:01:13:cf:58:da:f2:64:5f:fe:95:
         b6:79:fa:db:b1:1b:14:16:d6:ea:63:07:c7:74:2b:5a:fc:99:
         75:1c:4b:71:bc:64:79:42:cf:05:08:ee:cb:92:0f:f6:8f:a7:
         32:99:10:45:e8:24:a4:23:a2:38:06:82:b0:df:a6:f8:48:dd:
         b8:91:ae:e9:de:23:37:de:42:0b:dc:45:6b:0e:8d:1b:f1:4b:
         f0:3d:85:0b:bf:ce:0b:57:aa:8a:93:b2:0b:67:a1:66:ef:f3:
         d9:ef:cd:f6:b9:21:7d:b8:4f:de:fb:3f:25:df:0c:15:18:34:
         02:40:7b:a5:cc:bd:92:e3:1b:c2:ea:b1:3b:2d:70:75:01:f5:
         4a:84:6f:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIkrs0YKAso7JxcuJT5uMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2MwYTkxNTY2YmEzZWM5NGQ3ZjY2MGI5MzI0NWFiZWMzMWYxZWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LbpgZdDgbUZ7s+dAKPVvYrQ8Vsd
B/fRLBXJSSZvccNCCb6vSsbPv26QHrVpQ0orJq3K2KxesHr1ySi43pzykdQQrcKb
Mn3A8lglnS/ZqrdOChw9FDuTeq4W+ym7XDR7+Dkz07s6pfn+D0JQJHQ8iN8FUZgv
Xph6837MYIHaUNV83z1QmW302f/9OMbkB00xZrIM68FJPxsfQcfWU1g3izVDjBq+
4VT1VIrwox0x4mp5r0WKgkP4Sdz5MidGx3BeRGp08r57KXz5VqIXTZkiMwU3MWo/
aoDQrQSwsl1shoCNTlM5DBZhBwS8+dPxDs7lR/OW/qLPmP9EX25BbVJEIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMzAqRVmuj7JTX9mC5MkWr7DHx6+MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvek1DcEZXYTZQc2xOZjJZTGt5UmF2c01mSHI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxkQ
MA0GCSqGSIb3DQEBCwUAA4IBAQASznMiEe1o6xqdR/9r2ZRJL/7AgUfRvXkvdLgy
59qF8VW0q/vGc3AbDvwM7Gkg9FXDDtp8ZuRCP26HLfP8qukzR+uV5mpjPOZx6oK0
ZlLADNdnlYy3Xy3+NSUYstTqVkgT5n5RN4POJimUngptM61vRDqDGAETz1ja8mRf
/pW2efrbsRsUFtbqYwfHdCta/Jl1HEtxvGR5Qs8FCO7Lkg/2j6cymRBF6CSkI6I4
BoKw36b4SN24ka7p3iM33kIL3EVrDo0b8UvwPYULv84LV6qKk7ILZ6Fm7/PZ7832
uSF9uE/e+z8l3wwVGDQCQHulzL2S4xvC6rE7LXB1AfVKhG/D
-----END CERTIFICATE-----