Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/m49gnyPcQ1nXS5dybVIAhHRlZik.roa
File:                     m49gnyPcQ1nXS5dybVIAhHRlZik.roa (raw, json)
Hash identifier:          ElW7pORLvBNyD1OrYMngWBMH4wa9WInlJUjKhSslLi4=
Subject key identifier:   9B:8F:60:9F:23:DC:43:59:D7:4B:97:72:6D:52:00:84:74:65:66:29
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018F3219971EACF6B604D8637176EBFFFDD1
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/m49gnyPcQ1nXS5dybVIAhHRlZik.roa
Signing time:             Wed 01 May 2024 03:01:28 +0000
ROA not before:           Wed 01 May 2024 03:01:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207445
IP address blocks:        2a0e:b107:440::/44 maxlen: 48
                          2a0e:b107:444::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:32:19:97:1e:ac:f6:b6:04:d8:63:71:76:eb:ff:fd:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: May  1 03:01:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b8f609f23dc4359d74b97726d52008474656629
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9a:98:05:e9:e8:f6:ec:1b:41:83:e5:76:6d:
                    c7:87:77:a2:e5:c1:03:03:bc:59:74:43:57:e5:27:
                    aa:02:74:ed:6b:7e:9d:9f:2a:42:64:95:2d:20:a5:
                    46:d1:43:2c:05:91:b3:b9:e0:f4:a5:19:a5:88:95:
                    bf:95:38:f4:53:b6:f7:09:d6:71:e3:ee:77:c0:e3:
                    65:f6:05:0e:69:8b:bd:df:6d:ae:a5:4c:a9:f3:57:
                    7c:29:77:35:1e:55:3e:81:96:c2:8c:cc:3a:cb:ca:
                    1e:a8:8b:5c:0f:ea:21:22:61:66:43:7f:d6:69:39:
                    01:bc:43:00:7c:ed:a0:cb:15:fb:f3:73:4a:c5:e0:
                    e1:1e:bc:ec:b7:44:ee:66:78:1e:ff:e3:58:14:eb:
                    d1:19:4c:d6:51:85:50:08:3d:57:4c:0c:ab:fd:fa:
                    2c:f2:8f:cc:2e:00:f3:11:a0:fe:ae:67:3a:83:5f:
                    fe:1f:39:ab:ba:79:e0:96:76:44:de:ab:4b:8a:cf:
                    a8:1d:3d:73:54:3d:ed:b7:4a:28:09:81:1c:2a:ff:
                    c6:2d:76:42:e8:48:84:eb:42:bb:9b:98:45:ec:a7:
                    01:59:62:1e:d4:65:75:b4:69:ed:d8:10:bf:9c:3b:
                    50:fc:9e:f5:18:13:27:a0:27:83:a2:68:05:44:2a:
                    ac:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:8F:60:9F:23:DC:43:59:D7:4B:97:72:6D:52:00:84:74:65:66:29
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/m49gnyPcQ1nXS5dybVIAhHRlZik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:440::/44

    Signature Algorithm: sha256WithRSAEncryption
         55:b8:97:34:ac:14:e6:e0:61:9c:bf:71:a3:c5:95:4e:ca:4e:
         26:87:a6:a8:6c:db:8f:1c:b9:0c:6e:ec:77:78:2d:9a:2d:3c:
         31:1c:f0:66:71:5e:86:bf:ff:76:9a:f2:09:af:6f:cc:dc:14:
         2b:26:97:b9:da:b7:c5:74:bd:c6:07:e8:93:f2:61:be:79:6d:
         af:a4:e2:98:a2:d8:fe:13:b3:47:1c:0f:07:2a:3c:27:11:13:
         8d:a1:9f:37:14:d1:d4:88:30:57:dc:fb:f0:66:e3:23:d4:cf:
         01:12:d9:84:37:d9:16:6f:97:05:2a:3f:c0:c0:aa:0b:7f:30:
         ff:76:1a:98:b7:f2:75:48:fa:b3:01:15:2f:01:1a:ad:34:53:
         bc:60:e5:d0:14:c9:4d:41:2c:9f:45:95:69:c4:8e:6b:58:74:
         d9:d1:c3:3e:1d:05:48:bd:9e:14:f5:e9:b5:72:6f:f2:7d:98:
         3d:c9:16:d6:a4:07:d1:f0:e5:ce:d0:1b:d3:7f:38:86:45:09:
         4b:cf:f4:bc:6a:b6:2e:77:82:94:08:f5:ad:df:e6:79:04:7e:
         ca:e7:c8:89:3c:68:62:02:a3:70:a4:00:e2:dd:31:f7:29:cf:
         36:3b:07:d9:bb:f1:e3:2a:31:33:74:61:fc:11:bb:17:3f:97:
         98:0c:b7:5a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8yGZcerPa2BNhjcXbr//3RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNTAxMDMwMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjhmNjA5ZjIzZGM0MzU5ZDc0Yjk3NzI2ZDUyMDA4NDc0NjU2NjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspqYBeno9uwbQYPldm3Hh3ei5cED
A7xZdENX5SeqAnTta36dnypCZJUtIKVG0UMsBZGzueD0pRmliJW/lTj0U7b3CdZx
4+53wONl9gUOaYu9322upUyp81d8KXc1HlU+gZbCjMw6y8oeqItcD+ohImFmQ3/W
aTkBvEMAfO2gyxX783NKxeDhHrzst0TuZnge/+NYFOvRGUzWUYVQCD1XTAyr/fos
8o/MLgDzEaD+rmc6g1/+HzmrunnglnZE3qtLis+oHT1zVD3tt0ooCYEcKv/GLXZC
6EiE60K7m5hF7KcBWWIe1GV1tGnt2BC/nDtQ/J71GBMnoCeDomgFRCqsJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJuPYJ8j3ENZ10uXcm1SAIR0ZWYpMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbTQ5Z255UGNRMW5YUzVkeWJWSUFoSFJsWmlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBwRA
MA0GCSqGSIb3DQEBCwUAA4IBAQBVuJc0rBTm4GGcv3GjxZVOyk4mh6aobNuPHLkM
bux3eC2aLTwxHPBmcV6Gv/92mvIJr2/M3BQrJpe52rfFdL3GB+iT8mG+eW2vpOKY
otj+E7NHHA8HKjwnERONoZ83FNHUiDBX3PvwZuMj1M8BEtmEN9kWb5cFKj/AwKoL
fzD/dhqYt/J1SPqzARUvARqtNFO8YOXQFMlNQSyfRZVpxI5rWHTZ0cM+HQVIvZ4U
9em1cm/yfZg9yRbWpAfR8OXO0BvTfziGRQlLz/S8arYud4KUCPWt3+Z5BH7K58iJ
PGhiAqNwpADi3TH3Kc82OwfZu/HjKjEzdGH8EbsXP5eYDLda
-----END CERTIFICATE-----