Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/0DYGUw5fcvKiu9PVVZN04VX4fQ4.roa
File:                     0DYGUw5fcvKiu9PVVZN04VX4fQ4.roa (raw, json)
Hash identifier:          MAszpaVz8pVWwRJvhdcTWZx54yCeIq6YeRh0lA/JRUI=
Subject key identifier:   D0:36:06:53:0E:5F:72:F2:A2:BB:D3:D5:55:93:74:E1:55:F8:7D:0E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018E4974F698F13455C24C8386BC24D77ACC
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/0DYGUw5fcvKiu9PVVZN04VX4fQ4.roa
Signing time:             Sat 16 Mar 2024 22:49:45 +0000
ROA not before:           Sat 16 Mar 2024 22:49:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209735
IP address blocks:        2a06:de01:f4::/48 maxlen: 48
                          2a06:de01:f6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:49:74:f6:98:f1:34:55:c2:4c:83:86:bc:24:d7:7a:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Mar 16 22:49:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d03606530e5f72f2a2bbd3d5559374e155f87d0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:eb:74:e9:12:76:19:55:e5:76:b1:64:c1:fc:
                    6c:13:f9:e1:de:63:d2:ed:f4:0a:18:af:71:c7:62:
                    6e:3d:5e:2c:c3:a0:40:b8:1c:39:cf:01:54:41:0f:
                    ab:d1:f7:cc:48:db:34:37:fe:8f:b3:0a:fc:59:31:
                    e7:58:1f:37:65:96:11:8c:7b:ba:df:24:29:20:04:
                    7f:75:1d:f7:4b:f9:e7:c4:10:c4:f4:8e:88:2e:2b:
                    1d:98:5c:a1:69:f5:a0:8f:b8:96:90:ce:31:97:ff:
                    a3:6f:56:dc:5a:2a:6a:d0:9e:ce:23:bd:31:47:d8:
                    d7:7f:4d:32:8d:89:1d:52:00:bf:9a:75:5c:39:86:
                    e1:e7:24:ed:7a:00:d5:a0:b5:78:0a:f9:48:fb:ae:
                    fb:35:f7:d6:0f:18:5d:ad:ca:07:b8:73:cf:b6:23:
                    15:f9:0c:4e:61:7a:98:65:60:56:d9:af:3f:83:f9:
                    4f:5d:55:58:93:a6:7d:02:94:4a:6a:25:85:4b:37:
                    fd:4f:7e:53:de:ca:b0:e8:8c:ba:fc:32:37:0f:c3:
                    7f:c1:79:8f:cd:d2:2c:4a:6d:cf:f6:3f:05:22:a8:
                    77:9f:88:17:a2:30:ad:26:72:f0:47:5d:9e:a5:54:
                    69:ed:87:9a:f1:55:4b:6c:62:1e:11:9a:56:52:fe:
                    53:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:36:06:53:0E:5F:72:F2:A2:BB:D3:D5:55:93:74:E1:55:F8:7D:0E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/0DYGUw5fcvKiu9PVVZN04VX4fQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de01:f4::/48
                  2a06:de01:f6::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:23:66:b1:73:2b:eb:c9:c1:59:d7:74:f0:cd:b4:46:62:ce:
         23:dd:94:89:2b:c5:33:25:5d:ba:3d:ba:f4:e5:17:bb:d1:03:
         df:c2:98:ed:a4:df:ae:f6:f9:f2:00:a3:35:69:1c:ba:91:4e:
         18:76:49:88:50:05:58:c9:84:b7:27:17:84:6c:af:9d:d1:97:
         39:11:3b:98:b1:0c:83:51:76:78:c9:d0:af:7b:dc:37:80:8b:
         5b:d2:78:80:f2:4e:21:77:5a:61:42:86:90:02:29:a6:74:a1:
         47:46:c2:9b:f0:2b:ff:7e:67:ed:2c:be:e9:76:73:78:63:67:
         1f:45:3a:75:61:af:12:b9:3e:f6:04:fd:dd:cf:9c:9c:23:40:
         9b:e4:c5:99:d4:cb:9d:01:25:56:03:3d:8f:63:28:5f:0e:a8:
         94:ec:ed:e2:eb:8a:9c:24:b9:9c:f9:e8:1d:5f:bf:76:6a:6e:
         1c:94:ab:0a:e4:87:32:37:3e:94:91:8c:bf:c6:20:22:f4:88:
         c4:d4:88:74:e2:57:79:5e:21:56:c2:63:a4:88:5f:c1:64:49:
         57:e2:a7:71:db:ae:20:78:49:b1:66:63:c5:3f:33:99:f9:25:
         fb:61:6a:41:85:20:44:4d:1c:e9:ce:22:62:84:a2:ef:7f:3a:
         5f:17:af:dc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY5JdPaY8TRVwkyDhrwk13rMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMzE2MjI0OTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDM2MDY1MzBlNWY3MmYyYTJiYmQzZDU1NTkzNzRlMTU1Zjg3ZDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlet06RJ2GVXldrFkwfxsE/nh3mPS
7fQKGK9xx2JuPV4sw6BAuBw5zwFUQQ+r0ffMSNs0N/6Pswr8WTHnWB83ZZYRjHu6
3yQpIAR/dR33S/nnxBDE9I6ILisdmFyhafWgj7iWkM4xl/+jb1bcWipq0J7OI70x
R9jXf00yjYkdUgC/mnVcOYbh5yTtegDVoLV4CvlI+677NffWDxhdrcoHuHPPtiMV
+QxOYXqYZWBW2a8/g/lPXVVYk6Z9ApRKaiWFSzf9T35T3sqw6Iy6/DI3D8N/wXmP
zdIsSm3P9j8FIqh3n4gXojCtJnLwR12epVRp7Yea8VVLbGIeEZpWUv5TYwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNA2BlMOX3LyorvT1VWTdOFV+H0OMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMERZR1V3NWZjdktpdTlQVlZaTjA0Vlg0ZlE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgbeAQD0
AwcAKgbeAQD2MA0GCSqGSIb3DQEBCwUAA4IBAQChI2axcyvrycFZ13TwzbRGYs4j
3ZSJK8UzJV26Pbr05Re70QPfwpjtpN+u9vnyAKM1aRy6kU4YdkmIUAVYyYS3JxeE
bK+d0Zc5ETuYsQyDUXZ4ydCve9w3gItb0niA8k4hd1phQoaQAimmdKFHRsKb8Cv/
fmftLL7pdnN4Y2cfRTp1Ya8SuT72BP3dz5ycI0Cb5MWZ1MudASVWAz2PYyhfDqiU
7O3i64qcJLmc+egdX792am4clKsK5IcyNz6UkYy/xiAi9IjE1Ih04ld5XiFWwmOk
iF/BZElX4qdx264geEmxZmPFPzOZ+SX7YWpBhSBETRzpziJihKLvfzpfF6/c
-----END CERTIFICATE-----