Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tR0uHFs6QbHElTPBDDew_n15McE.roa
File:                     tR0uHFs6QbHElTPBDDew_n15McE.roa (raw, json)
Hash identifier:          7L8cPzcK5tv5woFzj2BWGdFFROqdkWg05m+ZD+lQ2gs=
Subject key identifier:   B5:1D:2E:1C:5B:3A:41:B1:C4:95:33:C1:0C:37:B0:FE:7D:79:31:C1
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01966D568E6A2A6DE602A63C8DDFFF0D5DA2
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tR0uHFs6QbHElTPBDDew_n15McE.roa
Signing time:             Fri 25 Apr 2025 14:25:11 +0000
ROA not before:           Fri 25 Apr 2025 14:25:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51765
IP address blocks:        93.88.205.0/24 maxlen: 24
                          194.50.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 20:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6d:56:8e:6a:2a:6d:e6:02:a6:3c:8d:df:ff:0d:5d:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr 25 14:25:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b51d2e1c5b3a41b1c49533c10c37b0fe7d7931c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:39:71:85:cd:1a:8b:b6:41:ea:6c:b5:27:40:
                    dc:3c:b4:65:3f:8f:62:bb:25:9e:c9:24:3d:6e:3e:
                    ee:e0:d3:c7:43:74:db:e8:5b:7e:1b:85:2c:b9:6c:
                    4f:2f:12:24:44:53:2d:64:5e:7f:3b:c5:03:b4:d0:
                    9a:2c:75:af:71:1f:e0:68:de:2a:51:56:f4:ab:94:
                    9d:a0:6a:47:ca:63:56:e3:ed:d7:a2:36:43:23:9a:
                    bd:32:0f:a0:77:9d:fc:27:41:a2:ae:fa:fa:37:a7:
                    0f:13:37:3d:ff:ad:b7:ef:b8:46:2d:0e:fd:1f:ab:
                    c2:82:46:92:37:6d:24:12:34:a3:0a:9a:b1:ed:5d:
                    11:07:28:dd:ef:28:ed:23:9f:61:fb:39:55:1c:39:
                    12:19:8d:0e:9b:21:be:5c:26:57:3f:ae:dd:71:8a:
                    43:9d:4d:ba:27:34:b3:ae:0f:12:44:94:0e:10:50:
                    f3:ef:a3:7c:67:3d:0e:54:60:4c:42:fe:45:90:e4:
                    65:8a:f7:f4:43:29:42:eb:c5:54:1e:4f:5a:7b:e6:
                    10:96:6d:40:48:95:19:2a:2e:3e:fa:c4:85:3e:e8:
                    84:f3:fe:4c:2d:db:5a:11:6b:4d:23:79:4f:ba:c5:
                    22:54:02:87:6e:8c:22:a1:27:0d:ed:dc:7a:13:25:
                    a1:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:1D:2E:1C:5B:3A:41:B1:C4:95:33:C1:0C:37:B0:FE:7D:79:31:C1
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tR0uHFs6QbHElTPBDDew_n15McE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.88.205.0/24
                  194.50.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:14:bc:03:a7:a0:9d:1a:a4:88:5f:3e:66:c6:2a:9b:a2:2f:
         04:ce:3e:df:a4:23:6a:94:11:08:e0:db:93:33:7b:48:7c:29:
         ce:9e:ff:d7:6b:64:de:a9:a4:69:67:1e:cc:ae:19:aa:1c:f9:
         24:a5:dc:e8:cb:f6:db:7e:8e:76:d2:79:7c:ec:dc:04:4e:9b:
         4b:df:3d:e4:ed:60:52:c1:c4:42:45:0b:35:5d:4a:1e:23:03:
         75:f9:9f:58:f0:53:be:03:a6:53:af:f4:64:20:0a:6d:6e:03:
         1c:db:d0:22:2e:00:59:cf:19:fd:59:31:a2:2b:73:99:ea:ac:
         df:8e:f6:ad:5c:4a:f7:21:82:85:92:2f:1e:77:82:3f:d0:ad:
         a2:e8:71:ae:5b:db:e9:a5:bd:fb:93:87:5c:8a:69:f7:d3:fc:
         a7:22:bd:ec:e1:81:22:ab:32:ee:24:02:21:15:80:fd:80:4a:
         f7:a7:39:8a:dd:c2:df:73:58:7d:ef:99:a0:77:91:a8:b7:02:
         e9:a4:c1:f8:75:80:10:fe:ef:86:74:78:a3:ed:e6:d6:88:57:
         7f:22:24:cb:da:45:09:9d:ea:6e:0f:d9:93:d1:4c:e6:89:df:
         82:3e:8e:20:d4:39:fe:f7:de:77:15:a1:aa:7e:b7:66:97:70:
         f5:9b:2c:aa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZtVo5qKm3mAqY8jd//DV2iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNDI1MTQyNTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTFkMmUxYzViM2E0MWIxYzQ5NTMzYzEwYzM3YjBmZTdkNzkzMWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzlxhc0ai7ZB6my1J0DcPLRlP49i
uyWeySQ9bj7u4NPHQ3Tb6Ft+G4UsuWxPLxIkRFMtZF5/O8UDtNCaLHWvcR/gaN4q
UVb0q5SdoGpHymNW4+3XojZDI5q9Mg+gd538J0Girvr6N6cPEzc9/62377hGLQ79
H6vCgkaSN20kEjSjCpqx7V0RByjd7yjtI59h+zlVHDkSGY0OmyG+XCZXP67dcYpD
nU26JzSzrg8SRJQOEFDz76N8Zz0OVGBMQv5FkORlivf0QylC68VUHk9ae+YQlm1A
SJUZKi4++sSFPuiE8/5MLdtaEWtNI3lPusUiVAKHbowioScN7dx6EyWhAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLUdLhxbOkGxxJUzwQw3sP59eTHBMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdFIwdUhGczZRYkhFbFRQQkREZXdfbjE1TWNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXVjNAwQA
wjJvMA0GCSqGSIb3DQEBCwUAA4IBAQCYFLwDp6CdGqSIXz5mxiqboi8Ezj7fpCNq
lBEI4NuTM3tIfCnOnv/Xa2TeqaRpZx7MrhmqHPkkpdzoy/bbfo520nl87NwETptL
3z3k7WBSwcRCRQs1XUoeIwN1+Z9Y8FO+A6ZTr/RkIAptbgMc29AiLgBZzxn9WTGi
K3OZ6qzfjvatXEr3IYKFki8ed4I/0K2i6HGuW9vppb37k4dcimn30/ynIr3s4YEi
qzLuJAIhFYD9gEr3pzmK3cLfc1h975mgd5GotwLppMH4dYAQ/u+GdHij7ebWiFd/
IiTL2kUJnepuD9mT0Uzmid+CPo4g1Dn+9953FaGqfrdml3D1myyq
-----END CERTIFICATE-----