Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/blhoTUAVLSZX7BsmjJ4BtexG3wA.roa
File:                     blhoTUAVLSZX7BsmjJ4BtexG3wA.roa (raw, json)
Hash identifier:          KbbYNhWwBlJ59Ts9yD5l915HGEvodTA5NXVSZdP7ggk=
Subject key identifier:   6E:58:68:4D:40:15:2D:26:57:EC:1B:26:8C:9E:01:B5:EC:46:DF:00
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD4771B45E0268CB90608BC4497536
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/blhoTUAVLSZX7BsmjJ4BtexG3wA.roa
Signing time:             Tue 02 Jan 2024 10:34:34 +0000
ROA not before:           Tue 02 Jan 2024 10:34:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212580
IP address blocks:        2a0e:b107:e00::/44 maxlen: 48
                          2a0e:b107:de0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 08:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:47:71:b4:5e:02:68:cb:90:60:8b:c4:49:75:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e58684d40152d2657ec1b268c9e01b5ec46df00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ea:6d:d0:06:98:a8:c2:a4:c5:90:78:aa:90:
                    f9:c7:1d:ea:fb:ec:1f:bd:cc:2d:b7:fb:a6:f5:d3:
                    58:43:f6:a5:7c:a1:48:8f:11:35:39:2a:c3:af:13:
                    5a:30:2b:59:1e:31:a2:41:41:45:9f:a5:ba:c5:fb:
                    be:af:92:e6:4b:13:6d:03:50:8d:75:3c:e3:44:3e:
                    2d:a5:07:32:44:c5:d6:8d:17:f1:9d:99:ea:db:fc:
                    4d:29:9b:2d:ff:33:37:a0:3e:c8:a8:b8:6f:a2:4b:
                    a4:be:0d:b4:dc:9a:8a:be:c5:73:4f:ab:ad:b7:47:
                    94:57:2f:e5:b9:3e:82:a5:99:1a:41:95:4b:fb:20:
                    99:0b:c8:8a:f9:4e:7e:b6:70:d6:23:7c:3e:12:20:
                    5d:f3:66:cb:90:79:ae:91:94:67:30:82:6f:fb:58:
                    d0:4b:59:a1:a5:f7:6d:0f:df:60:c9:aa:8f:94:ec:
                    0e:29:f8:a9:87:df:2e:81:48:f4:d4:0b:be:82:5d:
                    84:81:72:7b:34:a0:cc:25:a4:86:a1:b3:ef:98:04:
                    d1:48:04:59:1b:68:e5:20:37:c0:0c:f3:8f:28:54:
                    89:b5:5c:15:6c:03:99:e9:ad:ba:d4:11:c7:cb:9a:
                    4e:de:23:2d:76:3a:fe:14:47:c8:ea:03:24:25:92:
                    9b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:58:68:4D:40:15:2D:26:57:EC:1B:26:8C:9E:01:B5:EC:46:DF:00
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/blhoTUAVLSZX7BsmjJ4BtexG3wA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:de0::/44
                  2a0e:b107:e00::/44

    Signature Algorithm: sha256WithRSAEncryption
         c8:30:d1:b1:50:28:52:95:4f:aa:1f:d8:28:76:67:c8:81:15:
         b6:79:b3:fc:f4:29:1f:95:ca:8b:40:e5:b3:7b:6b:b0:ea:a8:
         6f:54:1c:cc:b8:f3:66:54:84:eb:25:0b:02:3b:92:2c:f3:24:
         bb:57:ec:16:55:3a:18:58:cb:3d:ef:64:24:33:fa:1f:1e:2d:
         b1:64:39:1a:26:b2:37:5c:54:1a:29:10:97:09:03:51:95:da:
         cf:16:ee:db:9d:7c:21:c0:be:af:05:1f:89:75:df:fa:0e:3f:
         d8:99:f1:54:e4:d6:48:52:c1:5f:7d:14:fb:5e:22:59:50:bd:
         7d:04:b9:e1:2a:22:26:ee:4f:56:f1:61:b3:82:de:1c:1d:ee:
         b7:ff:25:99:ec:75:c9:8e:e8:54:f0:81:07:d2:44:03:27:c5:
         c1:03:c0:08:93:ae:87:f3:03:1a:83:85:fe:9c:bf:12:54:f6:
         fe:24:84:b4:b6:d2:4e:7a:da:69:e6:2f:fc:a1:88:70:3c:08:
         32:a8:6f:34:15:09:80:49:87:ae:a3:85:88:72:0f:6f:55:42:
         2a:98:d9:fd:06:ae:97:66:d9:d1:41:c4:b9:8d:46:1b:ba:74:
         ca:ee:99:4a:83:cb:5f:cd:02:64:ca:97:dd:1a:79:6d:4c:e5:
         1a:c6:64:25
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvUdxtF4CaMuQYIvESXU2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTU4Njg0ZDQwMTUyZDI2NTdlYzFiMjY4YzllMDFiNWVjNDZkZjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnept0AaYqMKkxZB4qpD5xx3q++wf
vcwtt/um9dNYQ/alfKFIjxE1OSrDrxNaMCtZHjGiQUFFn6W6xfu+r5LmSxNtA1CN
dTzjRD4tpQcyRMXWjRfxnZnq2/xNKZst/zM3oD7IqLhvokukvg203JqKvsVzT6ut
t0eUVy/luT6CpZkaQZVL+yCZC8iK+U5+tnDWI3w+EiBd82bLkHmukZRnMIJv+1jQ
S1mhpfdtD99gyaqPlOwOKfiph98ugUj01Au+gl2EgXJ7NKDMJaSGobPvmATRSARZ
G2jlIDfADPOPKFSJtVwVbAOZ6a261BHHy5pO3iMtdjr+FEfI6gMkJZKbzQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFG5YaE1AFS0mV+wbJoyeAbXsRt8AMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvYmxob1RVQVZMU1pYN0JzbWpKNEJ0ZXhHM3dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6xBw3g
AwcEKg6xBw4AMA0GCSqGSIb3DQEBCwUAA4IBAQDIMNGxUChSlU+qH9godmfIgRW2
ebP89CkflcqLQOWze2uw6qhvVBzMuPNmVITrJQsCO5Is8yS7V+wWVToYWMs972Qk
M/ofHi2xZDkaJrI3XFQaKRCXCQNRldrPFu7bnXwhwL6vBR+Jdd/6Dj/YmfFU5NZI
UsFffRT7XiJZUL19BLnhKiIm7k9W8WGzgt4cHe63/yWZ7HXJjuhU8IEH0kQDJ8XB
A8AIk66H8wMag4X+nL8SVPb+JIS0ttJOetpp5i/8oYhwPAgyqG80FQmASYeuo4WI
cg9vVUIqmNn9Bq6XZtnRQcS5jUYbunTK7plKg8tfzQJkypfdGnltTOUaxmQl
-----END CERTIFICATE-----