Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ImD0XZF48YW_IqBPX5nC9zuLy6Q.roa
File:                     ImD0XZF48YW_IqBPX5nC9zuLy6Q.roa (raw, json)
Hash identifier:          EV84plbYUr2lQFUMwrCVuE3yfviZmVKKAhKZIA3ZcHg=
Subject key identifier:   22:60:F4:5D:91:78:F1:85:BF:22:A0:4F:5F:99:C2:F7:3B:8B:CB:A4
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0198587664845744E94F001BDCB752343FA4
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ImD0XZF48YW_IqBPX5nC9zuLy6Q.roa
Signing time:             Tue 29 Jul 2025 23:13:30 +0000
ROA not before:           Tue 29 Jul 2025 23:13:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58336
IP address blocks:        2a0e:97c0:550::/44 maxlen: 48
                          2a10:cc44:100::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Aug 2025 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:58:76:64:84:57:44:e9:4f:00:1b:dc:b7:52:34:3f:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jul 29 23:13:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2260f45d9178f185bf22a04f5f99c2f73b8bcba4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:03:f8:e3:46:0b:59:36:a4:8c:53:3f:e6:91:
                    fb:e2:8e:ee:3d:97:64:fe:37:6b:7c:f0:7c:92:ca:
                    66:e5:83:d1:30:0e:ab:8f:ef:ed:d0:00:60:f4:5a:
                    9a:42:b9:70:ec:8e:0e:1b:67:ed:b1:af:62:c4:1d:
                    e7:77:04:ad:5e:26:e8:3d:36:2b:2d:61:79:5a:e2:
                    43:73:f7:0e:e2:49:40:91:44:ac:79:25:d3:05:63:
                    76:ae:a9:da:41:ca:26:d2:c5:e3:22:e1:c8:e5:7a:
                    3b:cc:29:f1:c7:a0:95:92:5a:60:ef:e6:9b:f4:9c:
                    56:cd:cc:65:96:25:36:10:4e:32:b1:21:1b:75:40:
                    5c:df:e5:32:df:d8:b8:1d:e2:9b:95:4b:04:15:8d:
                    c5:43:5b:65:8b:a2:2e:a0:85:a8:be:5f:3a:a4:7e:
                    b7:65:65:14:72:f4:a6:73:f0:80:bb:6c:3b:9d:34:
                    ca:ba:04:1e:16:fd:56:02:7e:18:4b:b2:53:8d:e5:
                    29:0a:ee:19:4f:9b:7a:06:a3:cf:88:3c:39:bb:af:
                    44:7c:74:11:61:72:e3:50:19:d5:11:58:29:2c:46:
                    d5:59:25:fa:73:39:5e:48:d5:a1:30:6e:3b:23:04:
                    ae:25:1b:67:f1:3c:34:3c:8d:07:05:4d:66:6f:66:
                    53:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:60:F4:5D:91:78:F1:85:BF:22:A0:4F:5F:99:C2:F7:3B:8B:CB:A4
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ImD0XZF48YW_IqBPX5nC9zuLy6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:550::/44
                  2a10:cc44:100::/44

    Signature Algorithm: sha256WithRSAEncryption
         b0:ba:c8:e0:15:71:8f:1b:69:45:75:03:74:22:0c:da:03:33:
         42:0e:26:b3:93:68:8c:32:ce:a7:ee:67:80:82:e1:8b:68:30:
         be:f3:d7:fa:f5:a6:b0:64:a7:5b:69:79:a8:c9:49:6d:33:eb:
         b3:c7:4d:a3:29:8a:c1:da:5c:0f:5b:df:f4:09:4e:f4:81:c1:
         b0:a0:50:1d:a3:55:51:25:9b:aa:ee:c4:5e:11:26:c9:6c:d6:
         d0:97:ac:8c:e0:c3:f2:2d:19:b5:1d:95:4a:4e:ce:2f:31:a0:
         7b:8a:fd:2a:b6:8e:2e:63:40:2d:e6:ec:13:67:2b:b9:e3:55:
         79:21:8d:f7:b1:5b:fc:43:de:78:13:09:e1:37:22:d0:e0:c8:
         a8:d2:b5:93:ab:73:08:04:d6:da:b0:e9:d6:16:cd:30:8e:f6:
         bf:76:03:ba:b2:a9:4a:6d:5c:aa:9e:50:8f:c8:16:18:2e:67:
         57:8c:68:ff:5d:98:88:d8:5b:ba:09:b4:c4:71:ef:05:a0:23:
         d1:33:f1:64:c0:c9:67:1e:97:6d:b4:9d:3f:87:d2:30:42:cc:
         42:17:c9:c3:71:b0:db:d5:7a:e7:86:6a:7a:ef:a9:cf:66:9d:
         a7:56:d4:1e:a9:fc:f6:da:88:91:c3:e9:1a:27:89:6d:c1:82:
         52:4d:c1:75
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZhYdmSEV0TpTwAb3LdSND+kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNzI5MjMxMzMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjYwZjQ1ZDkxNzhmMTg1YmYyMmEwNGY1Zjk5YzJmNzNiOGJjYmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAP440YLWTakjFM/5pH74o7uPZdk
/jdrfPB8kspm5YPRMA6rj+/t0ABg9FqaQrlw7I4OG2ftsa9ixB3ndwStXiboPTYr
LWF5WuJDc/cO4klAkUSseSXTBWN2rqnaQcom0sXjIuHI5Xo7zCnxx6CVklpg7+ab
9JxWzcxlliU2EE4ysSEbdUBc3+Uy39i4HeKblUsEFY3FQ1tli6IuoIWovl86pH63
ZWUUcvSmc/CAu2w7nTTKugQeFv1WAn4YS7JTjeUpCu4ZT5t6BqPPiDw5u69EfHQR
YXLjUBnVEVgpLEbVWSX6czleSNWhMG47IwSuJRtn8Tw0PI0HBU1mb2ZTzwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCJg9F2RePGFvyKgT1+Zwvc7i8ukMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSW1EMFhaRjQ4WVdfSXFCUFg1bkM5enVMeTZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6XwAVQ
AwcEKhDMRAEAMA0GCSqGSIb3DQEBCwUAA4IBAQCwusjgFXGPG2lFdQN0IgzaAzNC
Diazk2iMMs6n7meAguGLaDC+89f69aawZKdbaXmoyUltM+uzx02jKYrB2lwPW9/0
CU70gcGwoFAdo1VRJZuq7sReESbJbNbQl6yM4MPyLRm1HZVKTs4vMaB7iv0qto4u
Y0At5uwTZyu541V5IY33sVv8Q954EwnhNyLQ4Mio0rWTq3MIBNbasOnWFs0wjva/
dgO6sqlKbVyqnlCPyBYYLmdXjGj/XZiI2Fu6CbTEce8FoCPRM/FkwMlnHpdttJ0/
h9IwQsxCF8nDcbDb1Xrnhmp676nPZp2nVtQeqfz22oiRw+kaJ4ltwYJSTcF1
-----END CERTIFICATE-----