Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/mBC4q3dYj6EoUbAapE3TNLGbm1M.roa
File:                     mBC4q3dYj6EoUbAapE3TNLGbm1M.roa (raw, json)
Hash identifier:          YTxhIzA5bcQsTueXyHWE4eserICMmzqSTCOR/bjy/V8=
Subject key identifier:   98:10:B8:AB:77:58:8F:A1:28:51:B0:1A:A4:4D:D3:34:B1:9B:9B:53
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018F4E4A362C5C769D9FD9FD17CAEE8189FA
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/mBC4q3dYj6EoUbAapE3TNLGbm1M.roa
Signing time:             Mon 06 May 2024 14:23:57 +0000
ROA not before:           Mon 06 May 2024 14:23:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214971
IP address blocks:        2a0e:97c0:870::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4e:4a:36:2c:5c:76:9d:9f:d9:fd:17:ca:ee:81:89:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: May  6 14:23:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9810b8ab77588fa12851b01aa44dd334b19b9b53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:59:34:ff:d6:19:48:e1:ca:0b:2c:cc:54:ff:
                    19:d5:a4:d0:dd:19:ea:79:94:43:f8:39:aa:59:c5:
                    e0:39:3a:e9:f0:d5:68:c1:ae:d8:93:bb:33:89:76:
                    7f:d4:d1:95:39:c7:17:3e:fc:04:05:15:37:ef:ce:
                    f5:e3:82:ce:23:3d:d0:5f:40:8a:dc:f7:71:86:8e:
                    47:2e:c5:33:9a:39:a1:b2:bc:9f:00:84:89:bd:fa:
                    99:0e:4e:84:45:2a:5c:d3:f9:4e:34:45:f9:58:87:
                    ab:4b:9c:7b:cd:54:5c:33:4a:e5:08:d9:38:a0:4b:
                    00:e5:34:86:41:ed:00:9a:a0:4d:9d:11:82:6b:e9:
                    7c:78:e3:39:02:c3:0d:b2:9f:07:c6:61:42:9a:3b:
                    96:06:f1:78:1a:e3:22:af:d5:24:50:ef:51:52:41:
                    3d:89:2c:e4:53:15:23:eb:3f:0d:b0:1e:d8:a3:64:
                    6d:a3:16:a9:4e:b6:3a:e1:b9:dd:a1:2d:39:5f:e5:
                    8f:53:b1:99:5c:84:03:a4:89:70:60:bf:78:15:ec:
                    bc:ac:28:a7:f5:cb:61:b2:fc:7d:89:14:ff:4a:d8:
                    8c:95:e6:b3:0f:f5:79:5a:80:ea:cd:22:f5:bf:19:
                    34:73:82:5d:ae:0f:82:a3:0d:a5:1b:bf:85:47:41:
                    8c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:10:B8:AB:77:58:8F:A1:28:51:B0:1A:A4:4D:D3:34:B1:9B:9B:53
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/mBC4q3dYj6EoUbAapE3TNLGbm1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:870::/44

    Signature Algorithm: sha256WithRSAEncryption
         c1:77:c5:ce:c4:06:52:fb:e7:0e:83:ba:41:23:7e:12:19:2c:
         45:97:85:ea:54:1a:bc:0c:54:03:53:92:46:a8:42:1d:3a:30:
         31:70:2a:8e:12:43:09:21:47:b9:3b:7c:ad:75:1e:ce:ee:4c:
         e1:37:ba:07:33:63:b3:cd:a5:ed:af:55:c8:ce:03:cd:d7:7f:
         c1:32:ee:c6:56:d8:64:85:4e:28:19:1b:01:44:4e:ac:a4:4a:
         90:39:7c:6d:68:6e:59:ef:63:ca:fc:dd:50:2b:78:4b:00:57:
         c0:35:a8:c3:60:da:06:85:d3:c6:f6:3f:24:ed:60:03:96:8c:
         0c:51:21:ef:f6:d6:05:d2:2b:bf:ad:77:ca:07:86:08:0e:b2:
         f5:c2:2e:b0:8b:95:b4:5c:36:a3:e7:49:f1:88:55:ae:83:de:
         05:4f:85:47:77:92:94:b3:07:c7:78:55:3b:b3:84:dd:01:3e:
         5b:0f:e7:4b:08:d8:1f:cb:1f:76:4c:f6:f6:50:34:38:a3:e2:
         75:96:9e:02:ba:a3:bc:d4:56:8e:75:9d:84:fb:59:a9:a1:74:
         2e:c0:b1:35:10:7e:16:18:c1:67:4b:0f:b7:00:9e:98:09:34:
         9c:1c:94:cf:0f:37:b7:f3:3f:17:e5:d1:a6:63:7d:aa:7a:bb:
         2e:7d:1f:ec
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY9OSjYsXHadn9n9F8rugYn6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNTA2MTQyMzU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODEwYjhhYjc3NTg4ZmExMjg1MWIwMWFhNDRkZDMzNGIxOWI5YjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA41k0/9YZSOHKCyzMVP8Z1aTQ3Rnq
eZRD+DmqWcXgOTrp8NVowa7Yk7sziXZ/1NGVOccXPvwEBRU3787144LOIz3QX0CK
3Pdxho5HLsUzmjmhsryfAISJvfqZDk6ERSpc0/lONEX5WIerS5x7zVRcM0rlCNk4
oEsA5TSGQe0AmqBNnRGCa+l8eOM5AsMNsp8HxmFCmjuWBvF4GuMir9UkUO9RUkE9
iSzkUxUj6z8NsB7Yo2RtoxapTrY64bndoS05X+WPU7GZXIQDpIlwYL94Fey8rCin
9cthsvx9iRT/StiMleazD/V5WoDqzSL1vxk0c4Jdrg+Cow2lG7+FR0GMIwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJgQuKt3WI+hKFGwGqRN0zSxm5tTMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbUJDNHEzZFlqNkVvVWJBYXBFM1ROTEdibTFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAhw
MA0GCSqGSIb3DQEBCwUAA4IBAQDBd8XOxAZS++cOg7pBI34SGSxFl4XqVBq8DFQD
U5JGqEIdOjAxcCqOEkMJIUe5O3ytdR7O7kzhN7oHM2OzzaXtr1XIzgPN13/BMu7G
VthkhU4oGRsBRE6spEqQOXxtaG5Z72PK/N1QK3hLAFfANajDYNoGhdPG9j8k7WAD
lowMUSHv9tYF0iu/rXfKB4YIDrL1wi6wi5W0XDaj50nxiFWug94FT4VHd5KUswfH
eFU7s4TdAT5bD+dLCNgfyx92TPb2UDQ4o+J1lp4CuqO81FaOdZ2E+1mpoXQuwLE1
EH4WGMFnSw+3AJ6YCTScHJTPDze38z8X5dGmY32qersufR/s
-----END CERTIFICATE-----