Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-qZ6FaR5wCJ8oDVrMX_hMlp6auU.roa
File:                     1-qZ6FaR5wCJ8oDVrMX_hMlp6auU.roa (raw, json)
Hash identifier:          1FfT73C87HW73oUTgY5A+l4E6MH5dfB4vLVRaRRSUtI=
Subject key identifier:   FA:A6:7A:15:A4:79:C0:22:7C:A0:35:6B:31:7F:E1:32:5A:7A:6A:E5
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CF3FB989D17E5B1222F2320EB9AD2A7D6
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-qZ6FaR5wCJ8oDVrMX_hMlp6auU.roa
Signing time:             Wed 10 Jan 2024 15:26:41 +0000
ROA not before:           Wed 10 Jan 2024 15:26:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198739
IP address blocks:        2a0e:b107:2200::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f3:fb:98:9d:17:e5:b1:22:2f:23:20:eb:9a:d2:a7:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan 10 15:26:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=faa67a15a479c0227ca0356b317fe1325a7a6ae5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:d6:74:ae:f2:81:ee:5c:ca:11:0d:fb:d4:78:
                    c4:d5:96:06:da:bd:67:c7:6f:2e:a1:0f:76:78:ee:
                    04:57:8e:16:a9:7c:d1:65:dd:cf:62:aa:e8:31:5e:
                    eb:d1:84:7a:bb:59:fa:9d:e7:4f:79:d6:1f:b5:48:
                    e7:b3:04:dd:b8:ae:36:d4:53:7a:53:6e:17:eb:0f:
                    36:db:55:5c:e6:a4:88:75:e4:77:44:44:68:27:eb:
                    58:04:7c:a9:67:6c:e2:11:68:64:18:80:ee:aa:9f:
                    f5:98:53:24:03:40:74:ae:94:cf:b8:ff:0c:47:8e:
                    7b:ce:63:64:fc:cc:2d:01:18:f8:39:19:32:dd:ba:
                    22:57:88:fe:e2:e8:f7:9b:e8:fc:6c:0a:4f:ee:0f:
                    a2:63:71:65:f4:33:6f:f7:9a:b6:d7:7c:5a:6f:e9:
                    8c:85:3b:42:be:e9:1b:11:6f:a1:60:22:4b:1d:ee:
                    82:f0:85:7b:c6:cc:73:6a:ff:57:94:a8:37:4f:25:
                    65:8e:f4:fb:47:a9:f4:c1:f6:2b:f0:80:d5:c5:2f:
                    81:90:70:45:29:03:a8:4b:52:27:20:72:e1:f2:5a:
                    10:1f:44:c8:77:2b:b6:59:92:91:45:ef:e7:e7:52:
                    98:51:f5:12:e5:b3:74:f7:3f:6b:e8:b0:6b:00:8c:
                    25:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:A6:7A:15:A4:79:C0:22:7C:A0:35:6B:31:7F:E1:32:5A:7A:6A:E5
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1-qZ6FaR5wCJ8oDVrMX_hMlp6auU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:2200::/44

    Signature Algorithm: sha256WithRSAEncryption
         09:93:e8:0b:2f:35:00:46:f8:df:78:f4:76:7d:78:33:b2:bd:
         c7:7e:cf:64:8e:9a:03:e1:10:f5:86:e1:fb:36:d8:32:81:81:
         2a:de:1f:8e:13:64:29:5d:dc:45:dc:a9:34:9d:3b:f2:a3:97:
         42:05:3a:8d:7c:b8:4a:19:14:3d:6d:98:71:f5:d4:56:75:e3:
         49:9c:d5:2e:18:76:80:7a:82:28:0a:34:e3:23:2c:f0:2a:56:
         84:6a:d4:9c:08:4e:90:93:db:14:87:1f:c1:c9:7e:a5:78:ee:
         4f:96:ca:8b:d6:a2:43:bb:4d:34:b7:00:f7:bc:a1:3d:18:aa:
         cf:5c:7f:31:0e:66:1f:d2:09:bd:f1:39:62:18:66:82:48:b4:
         bf:58:26:af:4b:54:41:db:7f:f2:d2:c9:56:09:b2:07:da:fc:
         84:60:df:88:dd:57:5a:32:b6:0c:84:b3:c2:9d:3d:d9:d7:6f:
         2c:61:1b:d6:c6:7a:ba:b6:d2:4d:99:e2:7b:a1:ee:3c:42:49:
         94:55:07:d1:7e:d3:c5:b6:d0:7c:26:52:01:02:ec:e0:48:ab:
         5b:69:ae:fb:5a:65:7a:90:ec:b4:fa:a6:ab:5a:2d:6c:12:db:
         fb:43:ea:75:6a:a9:a4:05:d9:4d:73:f9:3c:48:78:26:48:ac:
         38:7a:e3:3d
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzz+5idF+WxIi8jIOua0qfWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTEwMTUyNjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWE2N2ExNWE0NzljMDIyN2NhMDM1NmIzMTdmZTEzMjVhN2E2YWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndZ0rvKB7lzKEQ371HjE1ZYG2r1n
x28uoQ92eO4EV44WqXzRZd3PYqroMV7r0YR6u1n6nedPedYftUjnswTduK421FN6
U24X6w8221Vc5qSIdeR3RERoJ+tYBHypZ2ziEWhkGIDuqp/1mFMkA0B0rpTPuP8M
R457zmNk/MwtARj4ORky3boiV4j+4uj3m+j8bApP7g+iY3Fl9DNv95q213xab+mM
hTtCvukbEW+hYCJLHe6C8IV7xsxzav9XlKg3TyVljvT7R6n0wfYr8IDVxS+BkHBF
KQOoS1InIHLh8loQH0TIdyu2WZKRRe/n51KYUfUS5bN09z9r6LBrAIwlYwIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPqmehWkecAifKA1azF/4TJaemrlMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMS1xWjZGYVI1d0NKOG9EVnJNWF9oTWxwNmF1VS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTEvNDk1N2E0LWNlNTktNDMxNS05OTc2LWRjNWVjNzQ4ZjZh
NS8xL1kta1djWHF4SE16eEh2SDdYQkx1UVpVUHJacy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoOsQci
ADANBgkqhkiG9w0BAQsFAAOCAQEACZPoCy81AEb433j0dn14M7K9x37PZI6aA+EQ
9Ybh+zbYMoGBKt4fjhNkKV3cRdypNJ078qOXQgU6jXy4ShkUPW2YcfXUVnXjSZzV
Lhh2gHqCKAo04yMs8CpWhGrUnAhOkJPbFIcfwcl+pXjuT5bKi9aiQ7tNNLcA97yh
PRiqz1x/MQ5mH9IJvfE5Yhhmgki0v1gmr0tUQdt/8tLJVgmyB9r8hGDfiN1XWjK2
DISzwp092ddvLGEb1sZ6urbSTZnie6HuPEJJlFUH0X7TxbbQfCZSAQLs4EirW2mu
+1plepDstPqmq1otbBLb+0PqdWqppAXZTXP5PEh4JkisOHrjPQ==
-----END CERTIFICATE-----