Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RqUfVPlFbTJeGOroiyk_1OJZCJo.roa
File:                     RqUfVPlFbTJeGOroiyk_1OJZCJo.roa (raw, json)
Hash identifier:          90SlKDnk51QLJrirMTKCCyibKrMvFSNJcgc7caDa6Kg=
Subject key identifier:   46:A5:1F:54:F9:45:6D:32:5E:18:EA:E8:8B:29:3F:D4:E2:59:08:9A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019888DA7812842E949FFD35F143D83B0111
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RqUfVPlFbTJeGOroiyk_1OJZCJo.roa
Signing time:             Fri 08 Aug 2025 08:44:35 +0000
ROA not before:           Fri 08 Aug 2025 08:44:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215011
IP address blocks:        2a06:de00:50::/44 maxlen: 48
                          2a0e:97c0:8a0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Aug 2025 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:88:da:78:12:84:2e:94:9f:fd:35:f1:43:d8:3b:01:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Aug  8 08:44:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46a51f54f9456d325e18eae88b293fd4e259089a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:27:29:56:e8:33:1f:ab:d5:e4:ac:14:86:03:
                    64:9a:65:bf:dd:59:8c:9f:71:00:48:bb:bd:1d:c1:
                    63:01:71:14:b3:c4:78:6c:82:fe:4a:d8:07:8d:ec:
                    5a:a1:c2:ad:6d:fb:b9:8b:19:23:6b:ab:35:c2:81:
                    2e:7e:82:75:3d:5e:19:f0:d3:3c:67:f2:b8:e8:72:
                    58:2e:55:8c:9a:fc:cc:10:80:82:3c:1b:f3:ed:c7:
                    1b:4f:66:5a:24:7f:f7:d5:14:11:5a:9d:ff:1f:7a:
                    98:d5:28:52:f6:ba:2b:b4:82:90:73:7d:cb:bf:58:
                    01:e5:70:f3:b3:de:de:33:ec:d8:85:59:da:10:1c:
                    35:6c:0b:5d:27:cb:4f:fb:33:21:f1:71:75:3e:8a:
                    7b:8a:59:96:b9:c6:a3:a5:f2:52:a4:c4:f9:b7:68:
                    bf:f9:6e:b5:41:ac:86:05:9b:43:d3:4b:34:e5:01:
                    f0:dd:3f:b1:5e:78:c9:bc:ce:19:a7:ac:43:e7:24:
                    75:ca:a2:3a:25:17:f5:6c:be:8c:dc:47:21:81:76:
                    6f:e5:16:92:b1:c1:d6:92:d3:c4:df:81:07:b0:cf:
                    e9:f8:aa:4b:6e:11:48:91:98:77:e5:c0:26:0b:29:
                    e1:9f:76:c4:85:f0:8e:6b:95:fa:60:f9:50:4d:a2:
                    eb:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:A5:1F:54:F9:45:6D:32:5E:18:EA:E8:8B:29:3F:D4:E2:59:08:9A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RqUfVPlFbTJeGOroiyk_1OJZCJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de00:50::/44
                  2a0e:97c0:8a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         08:17:67:cb:c4:02:0e:be:b7:07:a7:f2:f9:84:f9:f6:ee:b0:
         3c:42:da:dc:f7:25:ad:da:a2:5d:b8:a6:76:ef:1e:f5:f3:b1:
         98:b2:20:45:f5:50:0f:69:11:47:5f:47:11:36:2f:12:61:8b:
         e6:21:aa:1d:f9:20:99:28:f8:b5:6f:cf:d0:6a:ac:ad:ab:78:
         bb:38:56:82:13:8e:9a:cf:d7:cb:a2:26:cd:52:6b:8f:b1:6e:
         e5:43:5e:78:ac:57:a5:fe:11:20:86:35:0d:68:42:b2:7d:40:
         ae:ec:19:5e:f9:15:ba:23:ab:74:0f:08:53:ec:46:f1:c8:62:
         24:ec:93:46:ac:2d:90:55:e1:34:b4:7d:d6:7d:05:22:de:2f:
         d5:75:9f:66:54:9f:27:26:ca:a6:9d:76:d9:b5:84:9f:9a:66:
         c5:98:1a:09:e4:ce:1a:2a:cf:a0:52:2d:c1:09:c5:b4:b7:0f:
         87:c2:bf:3f:59:90:ad:6a:01:57:d4:ae:78:8e:4b:d9:84:52:
         c3:8f:70:42:7b:35:9e:3f:aa:8e:da:be:c9:24:76:fe:7c:4d:
         b4:0c:d0:06:9f:32:bf:12:e5:6d:d9:7d:24:d5:ab:40:e3:bb:
         93:8f:45:b3:58:1a:a3:b3:e5:97:7e:74:be:97:1f:1d:34:2d:
         88:a1:26:b6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZiI2ngShC6Un/018UPYOwERMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwODA4MDg0NDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmE1MWY1NGY5NDU2ZDMyNWUxOGVhZTg4YjI5M2ZkNGUyNTkwODlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvycpVugzH6vV5KwUhgNkmmW/3VmM
n3EASLu9HcFjAXEUs8R4bIL+StgHjexaocKtbfu5ixkja6s1woEufoJ1PV4Z8NM8
Z/K46HJYLlWMmvzMEICCPBvz7ccbT2ZaJH/31RQRWp3/H3qY1ShS9rortIKQc33L
v1gB5XDzs97eM+zYhVnaEBw1bAtdJ8tP+zMh8XF1Pop7ilmWucajpfJSpMT5t2i/
+W61QayGBZtD00s05QHw3T+xXnjJvM4Zp6xD5yR1yqI6JRf1bL6M3EchgXZv5RaS
scHWktPE34EHsM/p+KpLbhFIkZh35cAmCynhn3bEhfCOa5X6YPlQTaLrYwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEalH1T5RW0yXhjq6IspP9TiWQiaMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUnFVZlZQbEZiVEplR09yb2l5a18xT0paQ0pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKgbeAABQ
AwcEKg6XwAigMA0GCSqGSIb3DQEBCwUAA4IBAQAIF2fLxAIOvrcHp/L5hPn27rA8
Qtrc9yWt2qJduKZ27x7187GYsiBF9VAPaRFHX0cRNi8SYYvmIaod+SCZKPi1b8/Q
aqytq3i7OFaCE46az9fLoibNUmuPsW7lQ154rFel/hEghjUNaEKyfUCu7Ble+RW6
I6t0DwhT7EbxyGIk7JNGrC2QVeE0tH3WfQUi3i/VdZ9mVJ8nJsqmnXbZtYSfmmbF
mBoJ5M4aKs+gUi3BCcW0tw+Hwr8/WZCtagFX1K54jkvZhFLDj3BCezWeP6qO2r7J
JHb+fE20DNAGnzK/EuVt2X0k1atA47uTj0WzWBqjs+WXfnS+lx8dNC2IoSa2
-----END CERTIFICATE-----