Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/mmbA74oYNdVM9H4YteZQqC2rT3I.roa
File:                     mmbA74oYNdVM9H4YteZQqC2rT3I.roa (raw, json)
Hash identifier:          GStTv7kCZd6sA6vPkuQUk5LrmFRg8T1bgfPzpedXd00=
Subject key identifier:   9A:66:C0:EF:8A:18:35:D5:4C:F4:7E:18:B5:E6:50:A8:2D:AB:4F:72
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0197366A315CAF2F673CAAE4EB06E64E8AE1
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/mmbA74oYNdVM9H4YteZQqC2rT3I.roa
Signing time:             Tue 03 Jun 2025 15:30:18 +0000
ROA not before:           Tue 03 Jun 2025 15:30:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207596
IP address blocks:        2a0e:97c0:2f0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 13:26:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:36:6a:31:5c:af:2f:67:3c:aa:e4:eb:06:e6:4e:8a:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun  3 15:30:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a66c0ef8a1835d54cf47e18b5e650a82dab4f72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:d4:07:4d:fc:78:01:e4:ff:49:62:d5:00:75:
                    90:1b:ec:12:f0:fc:cd:3a:ec:25:44:57:33:5e:16:
                    f5:65:32:a2:8a:2a:20:16:01:6b:6a:18:6f:22:e9:
                    8b:75:8a:40:7e:6c:dd:03:29:7d:ce:23:3a:e4:c6:
                    3d:27:77:dc:ff:a0:36:31:74:b0:4f:9a:ca:0e:8c:
                    10:26:06:fc:20:a2:9a:77:68:0a:71:37:40:9c:c2:
                    bb:37:9a:be:7a:26:d3:3e:75:ab:59:47:b4:c9:92:
                    f5:2a:0a:f7:8b:aa:9c:24:d3:d3:8e:19:af:9a:25:
                    e2:6a:c4:8e:25:b0:c5:d8:82:96:bd:99:5e:1a:93:
                    a7:de:b5:3b:27:13:1d:74:03:37:28:53:a9:7b:ce:
                    8c:2f:a6:27:a7:be:21:66:35:3b:d3:24:43:bf:8e:
                    fe:ea:40:ad:3e:de:6a:4a:01:b0:a4:fa:1c:66:02:
                    12:62:16:79:74:ac:6c:d7:8f:95:28:e9:fa:d6:c5:
                    40:38:d3:fb:b8:98:00:ef:29:14:3b:6f:4c:28:5b:
                    4e:69:f3:f8:26:73:0a:c6:4c:c6:0d:18:9a:8d:7c:
                    3e:e7:65:a7:68:4f:cb:7d:45:21:5a:5e:88:1b:87:
                    38:dc:34:7c:dc:86:ff:cd:14:b1:86:59:e1:b8:d9:
                    a0:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:66:C0:EF:8A:18:35:D5:4C:F4:7E:18:B5:E6:50:A8:2D:AB:4F:72
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/mmbA74oYNdVM9H4YteZQqC2rT3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:2f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         55:33:59:7b:00:b3:cb:53:ee:24:7f:48:fd:50:4e:7f:10:ae:
         3d:f4:f1:b5:4d:7b:89:f1:2e:21:44:b1:ad:3a:fc:98:ae:6f:
         67:75:5b:62:eb:cd:a3:4a:36:69:c5:ce:fc:62:cb:0d:f8:b4:
         80:03:c2:24:0e:91:3f:c0:73:ec:cd:0a:12:06:f8:33:1b:c9:
         71:7c:80:b5:f2:66:df:b3:8a:1a:88:bb:97:6f:cb:6b:d3:17:
         f1:8c:a8:bb:a7:16:78:c4:48:52:e9:2f:09:97:6a:40:25:f9:
         a5:d4:02:bd:47:91:b7:a8:7d:e5:b3:22:33:43:31:69:8e:64:
         bc:f8:34:58:d7:29:89:f0:d3:89:e2:0a:2b:89:fd:85:90:0b:
         4e:19:7c:84:b7:11:c2:c3:d3:05:80:8d:a1:5c:b1:46:58:b6:
         34:86:14:38:54:7e:95:92:1a:44:33:97:58:52:1b:e7:81:f8:
         fa:3b:e8:34:ee:5f:a9:7c:37:fe:a5:59:d8:fb:4f:44:e3:fb:
         3b:87:47:f5:c6:8d:24:b6:84:1b:f8:f9:9d:ff:47:8a:28:8e:
         63:9b:bd:eb:94:5f:16:f5:7f:ae:6e:b0:e3:a3:7b:50:6e:c1:
         34:4a:3c:f5:a8:b8:89:e4:64:a4:bd:3d:2b:ce:4c:89:d9:48:
         0c:77:5b:03
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZc2ajFcry9nPKrk6wbmTorhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNjAzMTUzMDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTY2YzBlZjhhMTgzNWQ1NGNmNDdlMThiNWU2NTBhODJkYWI0ZjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA39QHTfx4AeT/SWLVAHWQG+wS8PzN
OuwlRFczXhb1ZTKiiiogFgFrahhvIumLdYpAfmzdAyl9ziM65MY9J3fc/6A2MXSw
T5rKDowQJgb8IKKad2gKcTdAnMK7N5q+eibTPnWrWUe0yZL1Kgr3i6qcJNPTjhmv
miXiasSOJbDF2IKWvZleGpOn3rU7JxMddAM3KFOpe86ML6Ynp74hZjU70yRDv47+
6kCtPt5qSgGwpPocZgISYhZ5dKxs14+VKOn61sVAONP7uJgA7ykUO29MKFtOafP4
JnMKxkzGDRiajXw+52WnaE/LfUUhWl6IG4c43DR83Ib/zRSxhlnhuNmg3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJpmwO+KGDXVTPR+GLXmUKgtq09yMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbW1iQTc0b1lOZFZNOUg0WXRlWlFxQzJyVDNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwALw
MA0GCSqGSIb3DQEBCwUAA4IBAQBVM1l7ALPLU+4kf0j9UE5/EK499PG1TXuJ8S4h
RLGtOvyYrm9ndVti682jSjZpxc78YssN+LSAA8IkDpE/wHPszQoSBvgzG8lxfIC1
8mbfs4oaiLuXb8tr0xfxjKi7pxZ4xEhS6S8Jl2pAJfml1AK9R5G3qH3lsyIzQzFp
jmS8+DRY1ymJ8NOJ4gorif2FkAtOGXyEtxHCw9MFgI2hXLFGWLY0hhQ4VH6VkhpE
M5dYUhvngfj6O+g07l+pfDf+pVnY+09E4/s7h0f1xo0ktoQb+Pmd/0eKKI5jm73r
lF8W9X+ubrDjo3tQbsE0Sjz1qLiJ5GSkvT0rzkyJ2UgMd1sD
-----END CERTIFICATE-----