Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/0UKJZPwCusxa4fAVncma09M8caE.roa
File:                     0UKJZPwCusxa4fAVncma09M8caE.roa (raw, json)
Hash identifier:          g7IhpOtRDnI++nPd5Rxxk+oxtGHwlj34xOm6EXepSD8=
Subject key identifier:   D1:42:89:64:FC:02:BA:CC:5A:E1:F0:15:9D:C9:9A:D3:D3:3C:71:A1
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD411932798432F76921D6EB24FED2
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/0UKJZPwCusxa4fAVncma09M8caE.roa
Signing time:             Tue 02 Jan 2024 10:34:32 +0000
ROA not before:           Tue 02 Jan 2024 10:34:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212173
IP address blocks:        2a0e:b107:1d40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:38:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:41:19:32:79:84:32:f7:69:21:d6:eb:24:fe:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1428964fc02bacc5ae1f0159dc99ad3d33c71a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:55:60:cb:40:54:dd:a6:73:6f:88:2d:ca:ec:
                    9e:6d:70:50:4b:ce:b0:0f:b7:4e:96:55:38:d9:29:
                    ee:35:c6:a1:a2:23:dd:02:c7:a2:80:34:93:d9:bc:
                    ab:e3:89:38:2b:d2:98:c6:f2:87:c2:b3:63:91:eb:
                    a0:1b:eb:21:2c:58:89:6c:fe:7a:10:4a:f0:50:e9:
                    d2:e3:b3:cd:f9:85:2b:56:e2:a6:3d:5d:ee:71:c2:
                    e2:c6:d7:4a:ef:02:bc:94:21:18:4c:36:b0:d1:a6:
                    97:8e:34:fd:f2:eb:2f:bd:0b:d8:f2:44:83:7f:9c:
                    06:17:80:2d:a6:f8:a0:62:4b:3e:26:4e:ce:6d:3d:
                    8b:c3:7d:4f:7c:a6:40:ee:07:5e:02:0b:cc:ca:32:
                    b6:96:bc:a1:22:1f:34:59:9f:7f:3d:90:c7:fb:69:
                    38:49:5a:3c:ae:5c:bb:aa:46:4a:a4:e5:df:43:00:
                    3d:66:d2:a3:eb:40:8a:b5:7f:49:4d:f6:5e:64:fb:
                    99:f3:2c:9d:e1:46:77:e3:f3:84:29:37:3b:34:92:
                    af:77:f3:d2:f1:fb:c6:87:88:e5:b0:b8:69:a0:1a:
                    8a:32:fb:33:c1:9a:a0:86:77:02:9d:20:b8:2f:e2:
                    71:c2:ab:d5:71:02:27:91:8f:b2:e0:cb:04:91:02:
                    98:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:42:89:64:FC:02:BA:CC:5A:E1:F0:15:9D:C9:9A:D3:D3:3C:71:A1
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/0UKJZPwCusxa4fAVncma09M8caE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1d40::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:aa:41:40:1c:cc:08:3f:28:12:8e:88:f5:ba:26:92:8e:48:
         8d:42:1e:3b:75:74:dd:bc:36:0e:98:63:72:f2:ae:16:68:93:
         89:02:99:b4:c2:04:00:86:c7:f4:2d:5f:7e:05:97:3b:69:ce:
         ea:a9:8c:a8:c7:83:20:76:d5:8a:97:cd:3c:f1:77:cd:13:86:
         bd:38:50:77:74:89:4b:1e:9f:5e:6b:ad:a3:9f:91:10:0c:60:
         af:3a:d7:08:a1:58:39:79:b9:52:bc:60:dd:19:dd:72:ca:bd:
         f2:df:dc:6f:05:fe:22:74:9a:27:ea:cb:d2:b7:d1:97:c4:67:
         7c:03:6b:ea:c8:1c:8b:c8:d2:ba:7d:a0:a0:6d:1f:ec:67:20:
         ea:d5:0e:4d:3b:14:ab:eb:f6:18:28:11:68:03:bb:85:91:fe:
         21:a9:e9:35:ab:20:e5:8a:55:ed:eb:17:48:3c:49:60:9a:7e:
         95:8b:15:c5:37:38:4f:4f:6a:e6:70:23:62:03:62:1e:fb:dd:
         84:07:5d:f4:e4:6c:2b:f0:4e:ad:78:d5:60:0e:8a:6a:90:19:
         5a:ec:d1:dd:4f:97:83:e4:11:7e:47:97:64:1d:38:20:5b:ce:
         74:bf:e2:0a:de:bd:f7:71:99:2d:ff:3c:d6:82:13:73:5a:69:
         f8:e8:61:f9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvUEZMnmEMvdpIdbrJP7SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTQyODk2NGZjMDJiYWNjNWFlMWYwMTU5ZGM5OWFkM2QzM2M3MWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVVgy0BU3aZzb4gtyuyebXBQS86w
D7dOllU42SnuNcahoiPdAseigDST2byr44k4K9KYxvKHwrNjkeugG+shLFiJbP56
EErwUOnS47PN+YUrVuKmPV3uccLixtdK7wK8lCEYTDaw0aaXjjT98usvvQvY8kSD
f5wGF4AtpvigYks+Jk7ObT2Lw31PfKZA7gdeAgvMyjK2lryhIh80WZ9/PZDH+2k4
SVo8rly7qkZKpOXfQwA9ZtKj60CKtX9JTfZeZPuZ8yyd4UZ34/OEKTc7NJKvd/PS
8fvGh4jlsLhpoBqKMvszwZqghncCnSC4L+JxwqvVcQInkY+y4MsEkQKYhwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNFCiWT8ArrMWuHwFZ3JmtPTPHGhMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMFVLSlpQd0N1c3hhNGZBVm5jbWEwOU04Y2FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBx1A
MA0GCSqGSIb3DQEBCwUAA4IBAQB1qkFAHMwIPygSjoj1uiaSjkiNQh47dXTdvDYO
mGNy8q4WaJOJApm0wgQAhsf0LV9+BZc7ac7qqYyox4MgdtWKl8088XfNE4a9OFB3
dIlLHp9ea62jn5EQDGCvOtcIoVg5eblSvGDdGd1yyr3y39xvBf4idJon6svSt9GX
xGd8A2vqyByLyNK6faCgbR/sZyDq1Q5NOxSr6/YYKBFoA7uFkf4hqek1qyDlilXt
6xdIPElgmn6VixXFNzhPT2rmcCNiA2Ie+92EB1305Gwr8E6teNVgDopqkBla7NHd
T5eD5BF+R5dkHTggW850v+IK3r33cZkt/zzWghNzWmn46GH5
-----END CERTIFICATE-----