Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RcfG8LeFDXPpY7qswfvn65vd-Cc.roa
File:                     RcfG8LeFDXPpY7qswfvn65vd-Cc.roa (raw, json)
Hash identifier:          mG0MrXsp2NZyqZAFpwo8eKhXcuqTHKsrvFnRqnMy0ic=
Subject key identifier:   45:C7:C6:F0:B7:85:0D:73:E9:63:BA:AC:C1:FB:E7:EB:9B:DD:F8:27
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01999F9542932F409484A29BE4253E16D402
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RcfG8LeFDXPpY7qswfvn65vd-Cc.roa
Signing time:             Wed 01 Oct 2025 11:43:03 +0000
ROA not before:           Wed 01 Oct 2025 11:43:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203446
IP address blocks:        2a0e:97c0:3ea::/48 maxlen: 48
                          2a0e:97c0:470::/48 maxlen: 48
                          2a0e:97c0:473::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9f:95:42:93:2f:40:94:84:a2:9b:e4:25:3e:16:d4:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Oct  1 11:43:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45c7c6f0b7850d73e963baacc1fbe7eb9bddf827
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:51:73:23:73:2a:0d:e6:da:34:3e:54:3f:95:
                    3a:30:c0:40:4c:b3:a3:29:9f:7f:01:40:f9:04:82:
                    52:ba:fa:ce:01:94:a6:09:f4:45:41:53:8c:bb:f7:
                    f2:30:24:30:8c:6f:a9:98:e1:07:ea:c9:88:e6:33:
                    1f:a3:47:04:74:b1:71:54:d5:2a:2d:35:8c:3d:ff:
                    64:46:e4:e9:f8:b1:e7:8a:76:7e:b8:31:48:af:2a:
                    ba:f0:e4:6c:d9:93:82:f9:6d:a8:4a:a2:1f:57:0c:
                    87:b5:5d:fb:ee:3a:82:a4:96:4f:95:54:0e:6a:5d:
                    f4:7f:57:f5:f3:86:43:17:1e:f1:30:08:44:55:57:
                    8d:72:c3:8e:9f:e2:21:1a:45:d7:d7:df:2c:ad:bd:
                    67:fd:75:2c:60:31:b5:d4:cf:34:7c:20:9c:f0:8c:
                    5b:e8:d9:82:4f:12:27:1d:ad:95:37:99:52:17:57:
                    52:ea:3f:b8:d0:80:f7:10:8e:bb:b3:5f:fb:03:ce:
                    f6:73:c1:18:51:54:39:66:9a:f5:4a:08:0e:ac:65:
                    57:b4:2e:73:f3:22:a7:30:73:c0:2b:9e:da:92:1c:
                    cd:59:9d:d4:a7:05:8a:03:09:ed:6f:83:48:3c:33:
                    04:c1:03:3d:59:27:06:ca:97:7e:8d:cf:24:38:ca:
                    07:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:C7:C6:F0:B7:85:0D:73:E9:63:BA:AC:C1:FB:E7:EB:9B:DD:F8:27
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RcfG8LeFDXPpY7qswfvn65vd-Cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:3ea::/48
                  2a0e:97c0:470::/48
                  2a0e:97c0:473::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:61:e2:50:e1:35:98:c2:91:69:c7:a5:c0:36:6f:0c:b4:52:
         86:fa:1d:93:5b:d9:ff:51:2f:6a:22:64:f0:9d:35:24:bc:30:
         37:c2:f0:7f:02:17:10:07:94:a4:da:29:18:3b:25:c5:2e:78:
         e3:87:ea:2a:a1:23:2f:b7:11:a9:43:d5:78:cd:af:6b:a6:09:
         7f:56:04:f3:74:1f:27:0f:d0:58:d9:b8:33:51:4c:e0:9f:fe:
         cc:e4:02:30:fb:d3:1e:b1:c4:71:2d:e4:08:6f:61:ef:6c:67:
         a0:58:38:87:d6:02:d6:62:c0:a9:4f:e0:ae:69:49:40:fe:ef:
         40:dd:a2:96:86:ee:d1:7e:29:04:35:0f:74:a8:d7:1d:cc:14:
         7f:92:14:b4:0a:c1:b7:31:a5:35:8d:f1:a5:2c:7b:75:d0:c7:
         5a:db:02:4a:54:f4:82:74:bf:f5:65:e5:56:4d:9c:63:58:27:
         21:c1:4a:23:00:98:da:a7:43:ca:72:9a:eb:0c:50:8b:cf:ea:
         82:7c:22:ec:b2:bb:36:1f:bf:36:a0:69:bd:05:ac:56:cb:3f:
         92:0a:4d:03:36:88:94:a1:95:dc:50:b4:d5:de:c8:55:8b:18:
         e9:a5:1c:2a:69:93:2f:ab:7b:e0:fc:95:1c:dc:c3:d8:e7:1d:
         e9:70:19:34
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZmflUKTL0CUhKKb5CU+FtQCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUxMDAxMTE0MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWM3YzZmMGI3ODUwZDczZTk2M2JhYWNjMWZiZTdlYjliZGRmODI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1FzI3MqDebaND5UP5U6MMBATLOj
KZ9/AUD5BIJSuvrOAZSmCfRFQVOMu/fyMCQwjG+pmOEH6smI5jMfo0cEdLFxVNUq
LTWMPf9kRuTp+LHninZ+uDFIryq68ORs2ZOC+W2oSqIfVwyHtV377jqCpJZPlVQO
al30f1f184ZDFx7xMAhEVVeNcsOOn+IhGkXX198srb1n/XUsYDG11M80fCCc8Ixb
6NmCTxInHa2VN5lSF1dS6j+40ID3EI67s1/7A872c8EYUVQ5Zpr1SggOrGVXtC5z
8yKnMHPAK57akhzNWZ3UpwWKAwntb4NIPDMEwQM9WScGypd+jc8kOMoHBQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEXHxvC3hQ1z6WO6rMH75+ub3fgnMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUmNmRzhMZUZEWFBwWTdxc3dmdm42NXZkLUNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKg6XwAPq
AwcAKg6XwARwAwcAKg6XwARzMA0GCSqGSIb3DQEBCwUAA4IBAQAwYeJQ4TWYwpFp
x6XANm8MtFKG+h2TW9n/US9qImTwnTUkvDA3wvB/AhcQB5Sk2ikYOyXFLnjjh+oq
oSMvtxGpQ9V4za9rpgl/VgTzdB8nD9BY2bgzUUzgn/7M5AIw+9MescRxLeQIb2Hv
bGegWDiH1gLWYsCpT+CuaUlA/u9A3aKWhu7RfikENQ90qNcdzBR/khS0CsG3MaU1
jfGlLHt10Mda2wJKVPSCdL/1ZeVWTZxjWCchwUojAJjap0PKcprrDFCLz+qCfCLs
srs2H782oGm9BaxWyz+SCk0DNoiUoZXcULTV3shVixjppRwqaZMvq3vg/JUc3MPY
5x3pcBk0
-----END CERTIFICATE-----