Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-aGKACYfwfk_liIqai3zRC46YQw.roa
File:                     1-aGKACYfwfk_liIqai3zRC46YQw.roa (raw, json)
Hash identifier:          vjPk8YO7dQGqajJajrh/vR7G6XbSq9/2AEzUPCnm5cU=
Subject key identifier:   F9:A1:8A:00:26:1F:C1:F9:3F:96:22:2A:6A:2D:F3:44:2E:3A:61:0C
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCEBD08AD9DA0D024057DAA1FB7250
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-aGKACYfwfk_liIqai3zRC46YQw.roa
Signing time:             Tue 02 Jan 2024 10:34:10 +0000
ROA not before:           Tue 02 Jan 2024 10:34:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199052
IP address blocks:        2a0e:b107:2070::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:eb:d0:8a:d9:da:0d:02:40:57:da:a1:fb:72:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9a18a00261fc1f93f96222a6a2df3442e3a610c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:4c:0b:66:9e:4f:da:55:29:86:82:f8:d8:fb:
                    a9:e7:69:a8:50:1e:18:38:59:43:4d:38:b1:6b:63:
                    4a:59:a7:50:34:0c:c1:fb:65:fa:e2:44:86:a6:dd:
                    c3:73:b7:81:3d:7b:a4:fc:d3:ad:f2:e4:ec:99:f8:
                    90:6e:4d:70:db:86:63:23:63:86:cd:16:50:21:ec:
                    fe:2c:52:77:29:81:fe:3b:ae:25:77:26:8d:34:b2:
                    be:12:40:12:96:40:61:38:ce:b9:24:17:bc:5c:c7:
                    25:3e:3e:14:ec:18:fd:68:3b:bc:70:1b:ca:52:12:
                    ad:00:dc:93:dc:42:14:0e:67:43:31:e6:b3:3e:33:
                    43:a4:5e:2f:01:22:1e:eb:b9:a5:06:e0:db:52:0e:
                    94:42:e1:d6:b7:be:e4:8d:7f:24:b9:8c:a9:73:97:
                    98:f9:ba:7a:31:24:a8:c2:3d:3f:92:c5:05:89:54:
                    dc:ba:ad:ea:fd:0d:2b:68:55:61:61:4e:68:16:98:
                    ae:2f:f6:16:c9:cf:e8:c6:7c:c9:7c:ab:1c:dd:5e:
                    60:07:44:dd:38:02:d0:24:9b:1d:2b:63:7c:31:98:
                    4d:54:a8:e8:a8:82:c4:4f:1b:72:21:4a:69:e0:63:
                    21:5d:50:82:26:11:b9:9e:d3:28:3d:6c:92:0a:30:
                    66:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:A1:8A:00:26:1F:C1:F9:3F:96:22:2A:6A:2D:F3:44:2E:3A:61:0C
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-aGKACYfwfk_liIqai3zRC46YQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:2070::/44

    Signature Algorithm: sha256WithRSAEncryption
         36:4d:ad:51:b7:df:4a:64:24:44:8c:ae:72:03:f9:19:e5:20:
         e6:02:eb:8d:02:58:c8:04:b4:41:d9:24:c9:3a:dd:22:30:4d:
         f7:50:3d:d8:91:bb:0f:44:c4:a6:31:9a:ae:fa:fe:b0:ef:96:
         e8:1d:1f:4a:f9:89:c9:a6:8a:6c:a5:64:b4:fb:73:0b:5a:5d:
         c7:52:71:3f:3b:73:d7:b1:6b:94:19:f9:94:73:3d:6f:d8:54:
         ce:18:65:fd:3c:0d:1f:d6:90:df:40:d3:40:58:49:eb:66:57:
         2f:7b:e1:ba:44:9c:c0:4c:c6:ff:d2:49:87:bd:97:17:39:e9:
         45:32:a0:59:2c:ba:08:70:c9:a1:32:03:62:cd:44:c9:8a:7d:
         5b:c6:f9:19:57:a9:25:53:f8:20:55:0c:2e:77:4b:1e:e9:6c:
         5e:12:5a:bd:06:9b:c9:48:3a:e1:6f:9a:2d:32:16:18:6e:bf:
         70:42:8c:30:7b:10:7f:c8:e6:c8:36:8f:28:ed:e5:9b:e4:45:
         c2:71:6d:f9:a4:54:bb:aa:33:4e:a0:ed:bf:7a:63:ce:ac:d3:
         3a:c0:89:32:7f:86:9c:1c:09:5a:1b:af:a1:fe:49:89:74:4f:
         32:06:dc:05:2c:34:57:e4:4a:4c:76:6d:74:a9:dc:9a:4c:f0:
         df:37:b1:8b
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzJvOvQitnaDQJAV9qh+3JQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWExOGEwMDI2MWZjMWY5M2Y5NjIyMmE2YTJkZjM0NDJlM2E2MTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0wLZp5P2lUphoL42Pup52moUB4Y
OFlDTTixa2NKWadQNAzB+2X64kSGpt3Dc7eBPXuk/NOt8uTsmfiQbk1w24ZjI2OG
zRZQIez+LFJ3KYH+O64ldyaNNLK+EkASlkBhOM65JBe8XMclPj4U7Bj9aDu8cBvK
UhKtANyT3EIUDmdDMeazPjNDpF4vASIe67mlBuDbUg6UQuHWt77kjX8kuYypc5eY
+bp6MSSowj0/ksUFiVTcuq3q/Q0raFVhYU5oFpiuL/YWyc/oxnzJfKsc3V5gB0Td
OALQJJsdK2N8MZhNVKjoqILETxtyIUpp4GMhXVCCJhG5ntMoPWySCjBmLwIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPmhigAmH8H5P5YiKmot80QuOmEMMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMS1hR0tBQ1lmd2ZrX2xpSXFhaTN6UkM0NllRdy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTEvNDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZh
NS8xL1kta1djWHF4SE16eEh2SDdYQkx1UVpVUHJacy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoOsQcg
cDANBgkqhkiG9w0BAQsFAAOCAQEANk2tUbffSmQkRIyucgP5GeUg5gLrjQJYyAS0
QdkkyTrdIjBN91A92JG7D0TEpjGarvr+sO+W6B0fSvmJyaaKbKVktPtzC1pdx1Jx
Pztz17FrlBn5lHM9b9hUzhhl/TwNH9aQ30DTQFhJ62ZXL3vhukScwEzG/9JJh72X
FznpRTKgWSy6CHDJoTIDYs1EyYp9W8b5GVepJVP4IFUMLndLHulsXhJavQabyUg6
4W+aLTIWGG6/cEKMMHsQf8jmyDaPKO3lm+RFwnFt+aRUu6ozTqDtv3pjzqzTOsCJ
Mn+GnBwJWhuvof5JiXRPMgbcBSw0V+RKTHZtdKncmkzw3zexiw==
-----END CERTIFICATE-----