Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/i7msn7egzJuw1Uj1VYhhzYgzfsI.roa
File:                     i7msn7egzJuw1Uj1VYhhzYgzfsI.roa (raw, json)
Hash identifier:          JlsVAGPZYR6KucjDQC1NF/PU7VbfREP1rd19haB2RfI=
Subject key identifier:   8B:B9:AC:9F:B7:A0:CC:9B:B0:D5:48:F5:55:88:61:CD:88:33:7E:C2
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0198B84328D39FC64F35C81EFC216C7D62A4
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/i7msn7egzJuw1Uj1VYhhzYgzfsI.roa
Signing time:             Sun 17 Aug 2025 13:41:05 +0000
ROA not before:           Sun 17 Aug 2025 13:41:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211575
IP address blocks:        2a10:ccc6:66ce::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b8:43:28:d3:9f:c6:4f:35:c8:1e:fc:21:6c:7d:62:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Aug 17 13:41:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8bb9ac9fb7a0cc9bb0d548f5558861cd88337ec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:99:92:e9:8c:c4:c0:76:5d:8c:2d:18:f7:ae:
                    c7:99:73:e3:b1:8c:64:0f:40:35:d2:a7:95:25:ed:
                    01:f1:fc:97:b7:b9:7b:da:ab:78:4e:e6:3f:b8:c0:
                    cc:c4:98:3e:1f:73:f2:fe:38:96:b0:28:08:38:3d:
                    13:e8:49:ba:4d:ea:b0:a9:eb:69:72:ab:dc:0c:c7:
                    d4:4a:a3:5d:d9:21:3e:82:b6:46:5a:12:72:3a:c6:
                    a8:47:7d:12:5b:03:62:d5:e0:ad:92:9c:57:60:3f:
                    1b:ac:a5:2a:e4:8d:0c:b0:09:4f:4a:2a:03:3b:4e:
                    94:47:00:1f:0b:a9:0d:b8:39:ab:83:63:dc:2d:4c:
                    e3:25:45:69:d9:42:2b:45:e3:46:9a:ff:34:45:2b:
                    03:c9:e4:e4:ec:fb:c6:28:40:91:3e:c5:f1:75:68:
                    6d:d3:72:81:5a:a1:57:f7:a5:90:8c:48:0c:6e:34:
                    4d:72:51:83:3f:9c:41:ed:3f:3f:cb:ba:a6:51:5a:
                    08:6e:0e:eb:64:73:c4:ed:b2:b4:85:c6:24:de:e9:
                    13:21:e1:e3:75:bb:be:d7:96:9b:c6:3d:e7:21:f8:
                    b5:5e:9e:7d:c2:b7:34:ce:83:56:ba:ce:1c:f0:8f:
                    08:21:52:07:f6:b4:6d:d2:7b:95:8d:41:37:5e:31:
                    d0:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:B9:AC:9F:B7:A0:CC:9B:B0:D5:48:F5:55:88:61:CD:88:33:7E:C2
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/i7msn7egzJuw1Uj1VYhhzYgzfsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc6:66ce::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:c7:c1:71:96:bc:d0:a4:1f:22:94:32:6c:53:da:17:25:11:
         36:0c:b9:25:d8:b3:9c:17:75:38:dc:42:21:d5:67:51:88:e7:
         62:ed:ae:d7:90:e1:dd:cb:86:da:21:ac:05:3e:18:64:05:95:
         84:64:61:a7:ef:f6:e1:dd:13:2d:13:67:97:7b:93:e9:be:9d:
         bd:24:8c:66:ba:e5:10:a6:80:a1:74:1b:94:f7:41:34:b9:0f:
         1e:6f:cc:e2:0a:d3:77:d3:f6:26:23:5f:bc:2c:e1:ba:ab:94:
         97:0b:91:7b:de:d2:11:45:93:a1:9a:f0:10:fe:dc:d4:3b:a3:
         1d:ef:10:89:02:c0:6b:84:fc:0c:af:cf:f1:e0:a6:4d:c0:27:
         21:c7:d2:4b:6c:60:0a:5a:39:c0:20:fe:b4:c8:75:fd:27:2f:
         fb:f6:d5:07:61:f1:b9:9a:56:13:76:08:a9:4f:1e:4b:28:4a:
         b2:f6:a1:00:4e:52:0e:0f:8f:bb:b6:38:16:a1:ba:31:10:20:
         65:5c:13:e3:3f:cd:0b:3e:04:69:02:8d:12:30:dd:17:38:af:
         05:f7:37:4f:fb:2f:3c:f2:a5:0a:63:71:72:98:c4:85:8d:b7:
         87:39:a3:86:79:ab:be:7a:98:e5:c8:72:bd:d0:c4:c6:29:0f:
         f3:42:ce:44
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZi4QyjTn8ZPNcge/CFsfWKkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwODE3MTM0MTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmI5YWM5ZmI3YTBjYzliYjBkNTQ4ZjU1NTg4NjFjZDg4MzM3ZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJmS6YzEwHZdjC0Y967HmXPjsYxk
D0A10qeVJe0B8fyXt7l72qt4TuY/uMDMxJg+H3Py/jiWsCgIOD0T6Em6Teqwqetp
cqvcDMfUSqNd2SE+grZGWhJyOsaoR30SWwNi1eCtkpxXYD8brKUq5I0MsAlPSioD
O06URwAfC6kNuDmrg2PcLUzjJUVp2UIrReNGmv80RSsDyeTk7PvGKECRPsXxdWht
03KBWqFX96WQjEgMbjRNclGDP5xB7T8/y7qmUVoIbg7rZHPE7bK0hcYk3ukTIeHj
dbu+15abxj3nIfi1Xp59wrc0zoNWus4c8I8IIVIH9rRt0nuVjUE3XjHQgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIu5rJ+3oMybsNVI9VWIYc2IM37CMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvaTdtc243ZWd6SnV3MVVqMVZZaGh6WWd6ZnNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhDMxmbO
MA0GCSqGSIb3DQEBCwUAA4IBAQAyx8FxlrzQpB8ilDJsU9oXJRE2DLkl2LOcF3U4
3EIh1WdRiOdi7a7XkOHdy4baIawFPhhkBZWEZGGn7/bh3RMtE2eXe5Ppvp29JIxm
uuUQpoChdBuU90E0uQ8eb8ziCtN30/YmI1+8LOG6q5SXC5F73tIRRZOhmvAQ/tzU
O6Md7xCJAsBrhPwMr8/x4KZNwCchx9JLbGAKWjnAIP60yHX9Jy/79tUHYfG5mlYT
dgipTx5LKEqy9qEATlIOD4+7tjgWoboxECBlXBPjP80LPgRpAo0SMN0XOK8F9zdP
+y888qUKY3FymMSFjbeHOaOGeau+epjlyHK90MTGKQ/zQs5E
-----END CERTIFICATE-----