Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-iH52b5mF5YpYQiuZs86ip_f4oc.roa
File:                     1-iH52b5mF5YpYQiuZs86ip_f4oc.roa (raw, json)
Hash identifier:          RDsWa2liSudMh5upI9PLJIVsEBnn7bYvkrBsS2TItGs=
Subject key identifier:   FA:21:F9:D9:BE:66:17:96:29:61:08:AE:66:CF:3A:8A:9F:DF:E2:87
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018F18DF39A0129A06A386BA42D311A0204E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-iH52b5mF5YpYQiuZs86ip_f4oc.roa
Signing time:             Fri 26 Apr 2024 05:27:13 +0000
ROA not before:           Fri 26 Apr 2024 05:27:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202002
IP address blocks:        2a0e:b107:1d11::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:18:df:39:a0:12:9a:06:a3:86:ba:42:d3:11:a0:20:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr 26 05:27:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa21f9d9be661796296108ae66cf3a8a9fdfe287
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:0b:35:92:72:a5:e6:d5:d3:ec:f1:8e:05:e9:
                    31:17:07:53:57:08:ef:d4:f1:10:8a:c7:a8:35:d9:
                    a7:23:e2:de:79:1d:07:d2:a1:dc:c5:81:f8:e7:36:
                    2e:53:dd:aa:62:08:b4:f1:79:3c:93:98:3d:d5:2b:
                    79:24:86:60:ec:46:88:82:e3:66:37:b0:09:7a:f9:
                    b0:b4:32:a1:49:e2:31:d5:63:87:70:17:41:94:30:
                    9d:01:74:ab:6d:31:41:a0:e2:62:23:26:71:34:1f:
                    10:45:f0:aa:c6:e8:9b:66:d9:f3:e0:44:86:5e:9a:
                    ac:00:6f:6a:80:3e:42:eb:16:0f:f5:23:71:3f:4f:
                    25:b9:3c:f5:93:2d:00:a2:6e:d9:dd:64:ef:9d:2c:
                    f0:96:8c:f6:26:69:77:63:3c:84:d8:80:5c:93:db:
                    5a:9a:5b:a0:95:d1:d7:94:53:4e:3a:51:0f:02:92:
                    47:7c:47:e9:68:fa:71:d2:1f:db:96:a5:f8:36:0f:
                    38:fa:ec:1f:72:ba:a0:b3:1f:90:ef:e9:de:79:f1:
                    53:1f:f4:ce:5e:e0:03:1b:bb:50:3a:1d:e0:05:fb:
                    31:40:a7:d1:8a:05:2e:75:15:7d:7f:2b:52:43:c4:
                    79:48:86:1d:60:92:6e:48:43:df:ee:db:69:bb:fd:
                    e7:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:21:F9:D9:BE:66:17:96:29:61:08:AE:66:CF:3A:8A:9F:DF:E2:87
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-iH52b5mF5YpYQiuZs86ip_f4oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1d11::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:de:29:d1:b2:2d:64:c0:e9:9d:0e:05:87:a5:20:b9:c9:67:
         a7:cf:fa:eb:2b:23:e3:bc:54:eb:9f:6f:9e:00:ea:68:a4:6e:
         fd:fc:aa:02:fe:65:07:d1:39:b6:99:f4:b0:bb:47:51:c2:8e:
         29:f4:23:9e:dc:f4:1e:2c:ef:4e:cd:07:e5:8e:5b:b7:60:d0:
         13:a8:ea:13:2b:56:92:a2:70:e1:11:5f:1c:4e:fa:d0:1d:c9:
         7d:7b:fb:28:4a:24:85:6c:45:57:b1:f9:2d:d8:ac:08:4d:f9:
         5f:a1:12:b6:08:48:22:96:32:d4:97:1f:c9:86:15:a9:bb:92:
         0e:97:12:5c:3f:10:ce:29:dc:d4:57:ec:38:68:09:f2:e2:f6:
         77:38:45:c0:a4:86:4c:77:00:78:fb:ed:83:27:7c:a1:91:0f:
         8e:2f:89:77:c7:68:40:ea:35:ea:c0:52:b7:10:c6:bb:fc:cc:
         40:c4:f7:35:77:e0:6c:92:a9:82:2e:03:18:f3:55:0f:7e:98:
         77:7a:a7:6b:90:80:ed:08:b7:5f:44:0e:34:02:c1:7e:f0:71:
         ef:a4:cf:35:fb:50:9f:3a:6d:ed:75:99:a1:30:0e:cb:a3:84:
         e7:d2:f1:c7:28:f6:c9:18:03:eb:b7:31:cd:8a:d9:8d:45:71:
         4a:10:b9:c0
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAY8Y3zmgEpoGo4a6QtMRoCBOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNDI2MDUyNzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTIxZjlkOWJlNjYxNzk2Mjk2MTA4YWU2NmNmM2E4YTlmZGZlMjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgs1knKl5tXT7PGOBekxFwdTVwjv
1PEQiseoNdmnI+LeeR0H0qHcxYH45zYuU92qYgi08Xk8k5g91St5JIZg7EaIguNm
N7AJevmwtDKhSeIx1WOHcBdBlDCdAXSrbTFBoOJiIyZxNB8QRfCqxuibZtnz4ESG
XpqsAG9qgD5C6xYP9SNxP08luTz1ky0Aom7Z3WTvnSzwloz2Jml3YzyE2IBck9ta
mlugldHXlFNOOlEPApJHfEfpaPpx0h/blqX4Ng84+uwfcrqgsx+Q7+neefFTH/TO
XuADG7tQOh3gBfsxQKfRigUudRV9fytSQ8R5SIYdYJJuSEPf7ttpu/3nLQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPoh+dm+ZheWKWEIrmbPOoqf3+KHMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMS1pSDUyYjVtRjVZcFlRaXVaczg2aXBfZjRvYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTEvNDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZh
NS8xL1kta1djWHF4SE16eEh2SDdYQkx1UVpVUHJacy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoOsQcd
ETANBgkqhkiG9w0BAQsFAAOCAQEAA94p0bItZMDpnQ4Fh6Uguclnp8/66ysj47xU
659vngDqaKRu/fyqAv5lB9E5tpn0sLtHUcKOKfQjntz0HizvTs0H5Y5bt2DQE6jq
EytWkqJw4RFfHE760B3JfXv7KEokhWxFV7H5LdisCE35X6EStghIIpYy1JcfyYYV
qbuSDpcSXD8Qzinc1FfsOGgJ8uL2dzhFwKSGTHcAePvtgyd8oZEPji+Jd8doQOo1
6sBStxDGu/zMQMT3NXfgbJKpgi4DGPNVD36Yd3qna5CA7Qi3X0QONALBfvBx76TP
NftQnzpt7XWZoTAOy6OE59Lxxyj2yRgD67cxzYrZjUVxShC5wA==
-----END CERTIFICATE-----