Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XkY4_XFWvfIeWlpF-Kgc6-H13wU.roa
File:                     XkY4_XFWvfIeWlpF-Kgc6-H13wU.roa (raw, json)
Hash identifier:          e3FeWgv+tLUVbw2P21PBBjZ0BzZaKA0idInHXU0Znlg=
Subject key identifier:   5E:46:38:FD:71:56:BD:F2:1E:5A:5A:45:F8:A8:1C:EB:E1:F5:DF:05
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01968F852A52D206698154B80C2E2B6A86D2
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XkY4_XFWvfIeWlpF-Kgc6-H13wU.roa
Signing time:             Fri 02 May 2025 05:43:10 +0000
ROA not before:           Fri 02 May 2025 05:43:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213990
IP address blocks:        194.50.94.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 May 2025 10:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:8f:85:2a:52:d2:06:69:81:54:b8:0c:2e:2b:6a:86:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: May  2 05:43:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e4638fd7156bdf21e5a5a45f8a81cebe1f5df05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:20:5c:fa:3f:0e:6a:08:6b:25:f1:c2:cc:7b:
                    00:28:b8:b8:c6:fd:7e:d1:9e:c6:a5:99:95:10:c4:
                    12:ed:29:1e:a4:93:03:c9:56:36:5f:2b:72:2a:cf:
                    04:ac:b3:d0:7b:57:96:5d:ec:c5:d3:47:fe:5f:70:
                    54:d0:97:d0:45:58:99:b9:28:d5:49:7b:74:95:f2:
                    8e:62:4d:02:27:4f:02:c8:43:07:7f:cb:0b:13:3e:
                    e9:89:96:db:13:b8:fc:4c:e9:9e:be:8b:92:12:bf:
                    d7:b7:2c:d7:a1:ec:ed:ec:e0:a9:78:69:5b:5c:5a:
                    a4:81:9c:6e:90:b6:13:95:2a:aa:74:a9:32:25:00:
                    be:54:59:79:08:85:29:19:a7:a0:2d:ff:77:ea:a6:
                    a0:aa:56:41:04:42:f6:68:94:63:0f:02:34:bf:31:
                    97:16:7f:cc:a9:26:fd:ea:02:8b:7e:6f:7d:06:8b:
                    2f:9d:54:4d:29:a9:d0:f1:64:76:8f:3d:3d:c4:4a:
                    af:1b:7f:1f:0f:e2:73:90:de:19:d3:31:f2:6a:b1:
                    82:3f:17:a3:25:65:f3:37:0c:4a:34:bb:97:fc:67:
                    2b:f6:82:5d:f9:df:48:30:2b:ff:15:c7:49:b4:48:
                    4c:66:95:a1:6d:df:6e:7f:ea:17:c1:b3:45:cb:2b:
                    d4:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:46:38:FD:71:56:BD:F2:1E:5A:5A:45:F8:A8:1C:EB:E1:F5:DF:05
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XkY4_XFWvfIeWlpF-Kgc6-H13wU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:47:f9:8c:d8:e6:95:b4:56:57:a2:39:0c:d8:91:04:05:6b:
         70:30:18:38:96:31:50:f4:f2:22:e4:28:78:ee:80:b8:79:36:
         0c:48:db:b8:a0:d2:1a:43:18:c8:45:5c:98:85:07:92:7c:15:
         b2:de:17:96:5b:23:3c:74:ad:51:67:d8:81:01:51:df:6c:dd:
         a8:4d:50:0e:a5:7a:9c:9b:67:33:73:85:90:9e:19:f8:19:16:
         a3:4e:ee:81:8c:9c:c8:d2:55:be:ec:b0:62:1b:00:61:f6:b1:
         fd:fa:01:b2:d9:e8:00:37:68:f7:eb:2e:f7:0c:88:aa:f5:db:
         d0:3c:f5:f8:c6:bb:d9:c3:33:7b:d7:e2:cd:4c:8e:f4:71:87:
         24:b2:c3:ce:c2:34:05:34:0d:bd:63:80:7d:b9:89:a2:8f:f8:
         03:a4:9c:10:54:1c:6e:c1:82:fc:cb:83:24:b1:f6:98:ea:28:
         78:73:14:30:ea:9d:76:c0:40:80:b3:c8:30:68:a6:3c:22:f0:
         e8:c3:73:e9:d4:1d:b2:7c:0d:f6:ae:86:ee:98:67:4b:b8:0b:
         57:72:9e:f7:a6:7c:4e:59:61:f8:d7:28:89:1d:09:d1:9b:c6:
         eb:95:86:4f:c3:7c:7f:e7:b6:3c:e1:8d:ce:17:fc:c6:3d:c7:
         6b:1f:6b:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaPhSpS0gZpgVS4DC4raobSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNTAyMDU0MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTQ2MzhmZDcxNTZiZGYyMWU1YTVhNDVmOGE4MWNlYmUxZjVkZjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CBc+j8OaghrJfHCzHsAKLi4xv1+
0Z7GpZmVEMQS7SkepJMDyVY2XytyKs8ErLPQe1eWXezF00f+X3BU0JfQRViZuSjV
SXt0lfKOYk0CJ08CyEMHf8sLEz7piZbbE7j8TOmevouSEr/XtyzXoezt7OCpeGlb
XFqkgZxukLYTlSqqdKkyJQC+VFl5CIUpGaegLf936qagqlZBBEL2aJRjDwI0vzGX
Fn/MqSb96gKLfm99BosvnVRNKanQ8WR2jz09xEqvG38fD+JzkN4Z0zHyarGCPxej
JWXzNwxKNLuX/Gcr9oJd+d9IMCv/FcdJtEhMZpWhbd9uf+oXwbNFyyvUHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5GOP1xVr3yHlpaRfioHOvh9d8FMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWGtZNF9YRld2ZkllV2xwRi1LZ2M2LUgxM3dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjJeMA0G
CSqGSIb3DQEBCwUAA4IBAQBuR/mM2OaVtFZXojkM2JEEBWtwMBg4ljFQ9PIi5Ch4
7oC4eTYMSNu4oNIaQxjIRVyYhQeSfBWy3heWWyM8dK1RZ9iBAVHfbN2oTVAOpXqc
m2czc4WQnhn4GRajTu6BjJzI0lW+7LBiGwBh9rH9+gGy2egAN2j36y73DIiq9dvQ
PPX4xrvZwzN71+LNTI70cYckssPOwjQFNA29Y4B9uYmij/gDpJwQVBxuwYL8y4Mk
sfaY6ih4cxQw6p12wECAs8gwaKY8IvDow3Pp1B2yfA32robumGdLuAtXcp73pnxO
WWH41yiJHQnRm8brlYZPw3x/57Y84Y3OF/zGPcdrH2uM
-----END CERTIFICATE-----