Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/JqDolAPb4BzQPzoFi_jZyurMYXw.roa
File:                     JqDolAPb4BzQPzoFi_jZyurMYXw.roa (raw, json)
Hash identifier:          hqXLf9UDO4E0GYiRWftap8A61uOZxrMWGXGweBN4Y54=
Subject key identifier:   26:A0:E8:94:03:DB:E0:1C:D0:3F:3A:05:8B:F8:D9:CA:EA:CC:61:7C
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018F3DD235BB250434FDB7F2BA77344EC6F0
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/JqDolAPb4BzQPzoFi_jZyurMYXw.roa
Signing time:             Fri 03 May 2024 09:38:57 +0000
ROA not before:           Fri 03 May 2024 09:38:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215392
IP address blocks:        2a0e:97c0:f30::/44 maxlen: 48
                          2a0e:97c0:f30::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 13:21:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3d:d2:35:bb:25:04:34:fd:b7:f2:ba:77:34:4e:c6:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: May  3 09:38:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26a0e89403dbe01cd03f3a058bf8d9caeacc617c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:7b:94:bb:65:98:dd:77:c0:bb:1c:1f:d1:38:
                    2e:17:93:f8:05:1c:55:b2:43:06:92:48:15:8b:76:
                    b7:2d:b6:4e:d7:d4:09:e8:0b:e3:6d:eb:5f:01:c1:
                    12:95:ec:23:b9:5a:2b:29:84:1e:0f:12:7f:c6:cb:
                    61:c1:ad:ca:cc:2a:f4:4b:88:8e:b1:25:56:31:80:
                    c6:69:da:f2:35:c4:01:46:81:2a:e7:cf:42:18:43:
                    cf:6c:e1:93:01:da:04:a4:f6:ed:f9:24:a0:e5:51:
                    2c:18:f4:4b:1c:2f:86:25:07:7e:ad:9f:16:dd:4d:
                    4a:d8:2a:a6:2a:c0:4d:fc:7c:c6:97:8d:b5:57:6e:
                    d3:e5:f6:a5:3b:0e:7a:2c:16:94:53:5c:1f:9a:14:
                    b4:9a:c1:38:18:2c:4e:17:9e:7a:b4:84:c7:25:29:
                    5a:88:d1:f8:47:15:ae:5b:67:a7:c2:99:bd:40:71:
                    27:e9:c4:51:00:e6:dc:cf:7d:9c:34:b4:d1:ae:03:
                    b2:80:7a:5f:58:5b:c9:a5:e2:ca:c0:d8:dd:d6:8a:
                    e0:74:c7:f7:5b:f3:d0:63:6e:52:bd:5e:f6:c4:4f:
                    c0:6d:d0:f6:2f:35:77:97:21:e9:e8:cb:a9:c0:98:
                    09:50:46:9b:c3:9e:d0:bc:17:f6:8e:5a:f6:f6:89:
                    3d:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:A0:E8:94:03:DB:E0:1C:D0:3F:3A:05:8B:F8:D9:CA:EA:CC:61:7C
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/JqDolAPb4BzQPzoFi_jZyurMYXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:f30::/44

    Signature Algorithm: sha256WithRSAEncryption
         91:87:21:27:c5:5e:f8:9c:71:b3:92:4d:41:3e:d9:75:5d:ae:
         c4:78:0d:e3:7e:0c:0e:81:b6:55:c0:f0:90:56:c7:fb:df:95:
         af:89:5c:ac:f5:67:86:e5:07:a6:e8:3d:2a:37:f3:9d:a6:ee:
         6d:45:d9:15:0d:12:8c:fc:f2:6b:c2:30:97:35:3d:ae:f8:5a:
         e5:5d:26:12:23:9f:0b:6a:c2:4e:c8:ec:f3:08:16:89:7e:d2:
         ad:4d:9a:cb:08:07:8f:ab:dc:b1:66:b6:6b:23:91:2d:57:92:
         f9:47:b1:6a:b7:09:d4:2a:0d:bd:9f:c6:b0:10:bc:18:51:00:
         9a:e3:e6:8f:a3:37:dc:d9:51:d6:90:19:6b:e3:a7:d7:9e:1b:
         b6:b8:5c:36:71:f3:8d:2c:1b:e9:01:11:63:84:71:19:e6:b0:
         ad:a4:d6:31:86:b2:f6:17:2d:ea:5d:be:30:05:a3:53:b2:1a:
         f3:09:95:86:97:10:bd:bc:49:97:a9:7c:cc:71:3f:80:e2:13:
         6f:1b:1c:8f:09:2b:df:22:ab:63:3c:63:d5:02:36:95:7b:45:
         17:5e:9e:8c:51:8c:ea:d2:f7:18:c4:69:b3:8d:76:49:54:d6:
         a0:77:36:28:54:b8:bf:73:84:e7:99:de:7b:90:ba:55:44:8e:
         dc:fc:ad:e8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY890jW7JQQ0/bfyunc0TsbwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNTAzMDkzODU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmEwZTg5NDAzZGJlMDFjZDAzZjNhMDU4YmY4ZDljYWVhY2M2MTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3uUu2WY3XfAuxwf0TguF5P4BRxV
skMGkkgVi3a3LbZO19QJ6AvjbetfAcESlewjuVorKYQeDxJ/xsthwa3KzCr0S4iO
sSVWMYDGadryNcQBRoEq589CGEPPbOGTAdoEpPbt+SSg5VEsGPRLHC+GJQd+rZ8W
3U1K2CqmKsBN/HzGl421V27T5falOw56LBaUU1wfmhS0msE4GCxOF556tITHJSla
iNH4RxWuW2enwpm9QHEn6cRRAObcz32cNLTRrgOygHpfWFvJpeLKwNjd1orgdMf3
W/PQY25SvV72xE/AbdD2LzV3lyHp6MupwJgJUEabw57QvBf2jlr29ok9bwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCag6JQD2+Ac0D86BYv42crqzGF8MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSnFEb2xBUGI0QnpRUHpvRmlfalp5dXJNWVh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwA8w
MA0GCSqGSIb3DQEBCwUAA4IBAQCRhyEnxV74nHGzkk1BPtl1Xa7EeA3jfgwOgbZV
wPCQVsf735WviVys9WeG5Qem6D0qN/Odpu5tRdkVDRKM/PJrwjCXNT2u+FrlXSYS
I58LasJOyOzzCBaJftKtTZrLCAePq9yxZrZrI5EtV5L5R7FqtwnUKg29n8awELwY
UQCa4+aPozfc2VHWkBlr46fXnhu2uFw2cfONLBvpARFjhHEZ5rCtpNYxhrL2Fy3q
Xb4wBaNTshrzCZWGlxC9vEmXqXzMcT+A4hNvGxyPCSvfIqtjPGPVAjaVe0UXXp6M
UYzq0vcYxGmzjXZJVNagdzYoVLi/c4Tnmd57kLpVRI7c/K3o
-----END CERTIFICATE-----