Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/0o9JdMaFQC8a6k91CIXhsgR3ouA.roa
File:                     0o9JdMaFQC8a6k91CIXhsgR3ouA.roa (raw, json)
Hash identifier:          MqNnsb5ljCQaIgY0HpdjMgQLve1C3sNldMlE3zi5eaA=
Subject key identifier:   D2:8F:49:74:C6:85:40:2F:1A:EA:4F:75:08:85:E1:B2:04:77:A2:E0
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCDEB2422D0F6A50D9F1C5E4A89005
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/0o9JdMaFQC8a6k91CIXhsgR3ouA.roa
Signing time:             Tue 02 Jan 2024 10:34:07 +0000
ROA not before:           Tue 02 Jan 2024 10:34:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     141237
IP address blocks:        2a0e:b107:df4::/48 maxlen: 48
                          2a0e:b107:df1::/48 maxlen: 48
                          2a0e:b107:df3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:de:b2:42:2d:0f:6a:50:d9:f1:c5:e4:a8:90:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d28f4974c685402f1aea4f750885e1b20477a2e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:86:20:47:f4:4b:46:90:40:9b:50:40:fd:f1:
                    22:ae:04:3c:7e:b4:a7:6b:8d:36:33:57:ca:ac:b4:
                    78:cb:e9:50:96:0a:a8:a0:0b:ad:3b:af:f1:06:76:
                    83:44:a5:62:49:e3:3a:02:5b:1a:9d:a7:69:d1:98:
                    ff:19:dd:b9:f7:e9:eb:8f:b6:40:02:cb:f9:b9:fc:
                    b1:c2:59:64:11:6d:11:08:bd:1c:e4:f0:5f:14:81:
                    8b:c5:59:d9:28:f4:a1:9c:3d:81:1b:66:7c:a0:92:
                    7c:f1:44:aa:a8:17:77:be:3f:b5:f7:b3:5c:10:f1:
                    1c:98:d1:43:88:02:c5:ad:bd:8c:25:c1:62:51:7b:
                    73:49:d6:77:8c:b4:53:1a:63:37:40:9e:5b:29:13:
                    e8:c6:bd:2a:b6:7a:7a:8a:9f:bc:9e:25:46:c4:e9:
                    cc:e7:78:a5:bb:6d:91:f1:6e:d2:d4:c3:d5:94:23:
                    32:58:6f:6f:e8:10:2f:c3:21:07:16:3e:6e:2e:a5:
                    f9:da:8e:0d:69:ce:58:29:a1:d4:59:45:0c:83:31:
                    59:72:a6:f8:c2:d7:2a:97:7d:4c:15:f3:9b:9e:24:
                    16:98:9e:55:f9:e4:29:36:20:6d:d9:1c:d2:96:75:
                    c8:58:1d:6e:0f:3c:2d:40:40:09:32:87:ee:cf:33:
                    aa:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:8F:49:74:C6:85:40:2F:1A:EA:4F:75:08:85:E1:B2:04:77:A2:E0
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/0o9JdMaFQC8a6k91CIXhsgR3ouA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:df1::/48
                  2a0e:b107:df3::-2a0e:b107:df4:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         27:72:1e:72:5f:0b:81:ea:51:9c:c4:bf:2d:c9:49:71:8e:c9:
         a3:30:b4:93:71:77:71:bf:aa:a4:75:5e:66:22:64:59:17:52:
         cd:39:03:bd:f8:4f:17:7a:33:98:f7:fc:92:33:7c:82:a1:5d:
         ba:35:a7:c2:52:ea:22:20:38:35:1f:b7:44:84:e4:1a:c3:f5:
         b9:2c:d9:4c:3c:df:5c:74:a3:e1:09:9c:de:11:80:22:80:f5:
         17:b9:0e:c7:67:55:0c:2b:07:44:8b:b3:92:80:81:1b:b8:99:
         bd:0f:dc:f3:af:4a:9e:13:30:ef:72:55:e4:e1:7f:8a:60:da:
         54:2e:8a:d6:79:6a:13:05:15:07:0c:9d:f2:60:93:08:03:2b:
         27:5e:bc:0f:85:ad:32:76:b0:a0:d0:d4:77:d7:ec:7c:ac:82:
         07:cb:c2:db:48:6a:1c:9f:49:b8:bd:d8:27:2e:1e:d2:de:6f:
         92:13:0b:cb:56:b7:14:27:f1:b2:6b:79:60:90:1e:2f:1d:d3:
         d0:6e:cc:04:24:b5:e0:07:c6:ab:d2:87:b5:c8:d3:ad:42:f4:
         d2:b6:ff:8a:af:3f:c4:3c:01:fd:c2:f0:8c:4f:19:bd:22:a9:
         35:49:72:41:29:d3:7c:1f:49:a1:0a:b0:fa:f2:61:76:93:9d:
         f3:f0:0b:bc
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzJvN6yQi0PalDZ8cXkqJAFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjhmNDk3NGM2ODU0MDJmMWFlYTRmNzUwODg1ZTFiMjA0NzdhMmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYYgR/RLRpBAm1BA/fEirgQ8frSn
a402M1fKrLR4y+lQlgqooAutO6/xBnaDRKViSeM6Alsanadp0Zj/Gd259+nrj7ZA
Asv5ufyxwllkEW0RCL0c5PBfFIGLxVnZKPShnD2BG2Z8oJJ88USqqBd3vj+197Nc
EPEcmNFDiALFrb2MJcFiUXtzSdZ3jLRTGmM3QJ5bKRPoxr0qtnp6ip+8niVGxOnM
53ilu22R8W7S1MPVlCMyWG9v6BAvwyEHFj5uLqX52o4Nac5YKaHUWUUMgzFZcqb4
wtcql31MFfObniQWmJ5V+eQpNiBt2RzSlnXIWB1uDzwtQEAJMofuzzOq0QIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFNKPSXTGhUAvGupPdQiF4bIEd6LgMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMG85SmRNYUZRQzhhNms5MUNJWGhzZ1Izb3VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAjBAIAAjAdAwcAKg6xBw3x
MBIDBwAqDrEHDfMDBwAqDrEHDfQwDQYJKoZIhvcNAQELBQADggEBACdyHnJfC4Hq
UZzEvy3JSXGOyaMwtJNxd3G/qqR1XmYiZFkXUs05A734Txd6M5j3/JIzfIKhXbo1
p8JS6iIgODUft0SE5BrD9bks2Uw831x0o+EJnN4RgCKA9Re5DsdnVQwrB0SLs5KA
gRu4mb0P3POvSp4TMO9yVeThf4pg2lQuitZ5ahMFFQcMnfJgkwgDKydevA+FrTJ2
sKDQ1HfX7HysggfLwttIahyfSbi92CcuHtLeb5ITC8tWtxQn8bJreWCQHi8d09Bu
zAQkteAHxqvSh7XI061C9NK2/4qvP8Q8Af3C8IxPGb0iqTVJckEp03wfSaEKsPry
YXaTnfPwC7w=
-----END CERTIFICATE-----