Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/YQv9secLRBfEL9qEvAqyPAcWsMQ.roa
File:                     YQv9secLRBfEL9qEvAqyPAcWsMQ.roa (raw, json)
Hash identifier:          sdJXVneJ8y+6mQTTBwwGcWR+2/EAUEtkOe5Z1wHdi7U=
Subject key identifier:   61:0B:FD:B1:E7:0B:44:17:C4:2F:DA:84:BC:0A:B2:3C:07:16:B0:C4
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019644B4549465C65AB0AE41899EEDC71EC2
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/YQv9secLRBfEL9qEvAqyPAcWsMQ.roa
Signing time:             Thu 17 Apr 2025 17:03:10 +0000
ROA not before:           Thu 17 Apr 2025 17:03:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213220
IP address blocks:        45.131.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:44:b4:54:94:65:c6:5a:b0:ae:41:89:9e:ed:c7:1e:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr 17 17:03:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=610bfdb1e70b4417c42fda84bc0ab23c0716b0c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c3:0c:8b:5f:92:20:84:e1:25:57:99:4b:36:
                    37:15:9d:80:6b:34:6d:7c:f8:e3:21:61:22:dc:aa:
                    f5:0b:dd:df:ee:7d:bc:6a:60:6c:b2:8e:a9:15:57:
                    76:04:04:95:e6:95:f6:22:12:9e:7a:d3:3b:de:d9:
                    ea:3e:86:e9:b8:88:4f:33:d6:3f:14:5d:85:15:0d:
                    31:06:bd:7f:ad:42:71:ae:13:97:09:71:6c:9e:a6:
                    50:99:5f:68:ee:16:c6:39:b4:51:26:72:75:5c:4d:
                    f3:ce:f7:64:92:cc:24:8f:a3:ca:78:bb:0c:5f:16:
                    77:a7:4b:d0:24:f9:f9:f9:41:ec:aa:57:9d:ad:b5:
                    c0:77:ed:9b:90:b3:8b:cb:cf:f4:d0:7d:2e:5b:9b:
                    30:ae:14:94:47:31:38:9a:38:22:53:4e:b2:51:ef:
                    01:ae:33:41:6d:25:be:fa:3d:20:74:65:c3:ae:27:
                    8b:ce:e7:60:38:82:24:6b:e6:bc:0c:e3:59:bb:58:
                    59:83:42:d7:1b:37:d0:85:32:fe:7e:99:32:fa:e8:
                    38:a3:b9:bd:9f:f5:a1:8a:34:6b:1e:b5:a8:4d:e1:
                    17:37:d1:21:c2:1e:08:84:0b:b9:73:19:4e:98:89:
                    a4:d3:a8:27:c4:0d:a8:6d:02:ee:d4:51:14:d5:3f:
                    0d:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:0B:FD:B1:E7:0B:44:17:C4:2F:DA:84:BC:0A:B2:3C:07:16:B0:C4
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/YQv9secLRBfEL9qEvAqyPAcWsMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:a5:2a:af:d4:cb:94:a1:45:c4:c6:59:c1:dd:28:03:cc:60:
         3f:86:df:bb:82:e5:96:e4:70:9f:ae:9b:a1:10:a6:7f:05:3c:
         cd:3a:d2:b5:fa:94:b2:52:d4:8f:5c:9c:ad:c5:0a:49:00:f8:
         9b:f2:ea:ac:03:b7:09:ee:19:1c:40:a0:61:ad:39:da:6c:d3:
         74:67:4d:2f:0a:3a:03:73:f0:d6:3d:d6:ac:f7:a4:44:d9:00:
         26:79:5c:ad:bc:4f:40:04:b1:cb:96:ab:6b:60:d5:db:9f:7d:
         55:37:97:ac:e1:1b:8c:98:90:ae:b4:08:89:df:b9:cf:da:f1:
         f2:89:3b:e2:aa:3b:49:b3:ce:ad:cd:79:62:30:eb:d5:67:19:
         2f:0c:ee:e0:54:cd:e6:55:ef:5c:39:f7:00:4b:35:1f:7c:77:
         3c:08:05:f8:f5:9e:bb:b1:46:4f:f1:43:11:e0:71:55:04:dd:
         ca:7e:91:54:b0:71:44:d6:13:2a:5c:d8:61:94:21:af:ff:ec:
         23:de:da:54:ca:44:07:06:86:e9:16:f9:d2:b3:17:ea:3e:0f:
         e9:67:a3:cf:15:2f:f6:a5:74:f7:c8:79:fb:a8:da:70:9a:dd:
         7b:b9:9a:8d:dd:57:eb:0c:be:33:27:7a:67:52:13:21:b5:16:
         22:5f:a6:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZEtFSUZcZasK5BiZ7txx7CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNDE3MTcwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTBiZmRiMWU3MGI0NDE3YzQyZmRhODRiYzBhYjIzYzA3MTZiMGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMMMi1+SIIThJVeZSzY3FZ2AazRt
fPjjIWEi3Kr1C93f7n28amBsso6pFVd2BASV5pX2IhKeetM73tnqPobpuIhPM9Y/
FF2FFQ0xBr1/rUJxrhOXCXFsnqZQmV9o7hbGObRRJnJ1XE3zzvdkkswkj6PKeLsM
XxZ3p0vQJPn5+UHsqledrbXAd+2bkLOLy8/00H0uW5swrhSURzE4mjgiU06yUe8B
rjNBbSW++j0gdGXDrieLzudgOIIka+a8DONZu1hZg0LXGzfQhTL+fpky+ug4o7m9
n/WhijRrHrWoTeEXN9Ehwh4IhAu5cxlOmImk06gnxA2obQLu1FEU1T8NAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGEL/bHnC0QXxC/ahLwKsjwHFrDEMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWVF2OXNlY0xSQmZFTDlxRXZBcXlQQWNXc01RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYO6MA0G
CSqGSIb3DQEBCwUAA4IBAQBJpSqv1MuUoUXExlnB3SgDzGA/ht+7guWW5HCfrpuh
EKZ/BTzNOtK1+pSyUtSPXJytxQpJAPib8uqsA7cJ7hkcQKBhrTnabNN0Z00vCjoD
c/DWPdas96RE2QAmeVytvE9ABLHLlqtrYNXbn31VN5es4RuMmJCutAiJ37nP2vHy
iTviqjtJs86tzXliMOvVZxkvDO7gVM3mVe9cOfcASzUffHc8CAX49Z67sUZP8UMR
4HFVBN3KfpFUsHFE1hMqXNhhlCGv/+wj3tpUykQHBobpFvnSsxfqPg/pZ6PPFS/2
pXT3yHn7qNpwmt17uZqN3VfrDL4zJ3pnUhMhtRYiX6bs
-----END CERTIFICATE-----