Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/18JpiMO2zBMD4xK3tspqS6Ys2cs.roa
File:                     18JpiMO2zBMD4xK3tspqS6Ys2cs.roa (raw, json)
Hash identifier:          EbOCCrY/kPFdvCbaRZxQTg0hdnpTSRzwldxzb3dogEg=
Subject key identifier:   D7:C2:69:88:C3:B6:CC:13:03:E3:12:B7:B6:CA:6A:4B:A6:2C:D9:CB
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD09DB3B1271263E9353C48F021795
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/18JpiMO2zBMD4xK3tspqS6Ys2cs.roa
Signing time:             Tue 02 Jan 2024 10:34:18 +0000
ROA not before:           Tue 02 Jan 2024 10:34:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204617
IP address blocks:        2a0e:97c0:b40::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:38:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:09:db:3b:12:71:26:3e:93:53:c4:8f:02:17:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7c26988c3b6cc1303e312b7b6ca6a4ba62cd9cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ee:42:e0:5b:ab:8b:42:4a:cb:c5:bc:96:c2:
                    ef:7c:de:73:d0:04:58:20:dc:c4:91:fb:ee:49:fb:
                    69:8a:d9:0a:85:32:63:00:3f:8a:b5:f8:fa:98:69:
                    fa:d1:2d:cd:8d:fb:8f:83:1a:5a:f3:f7:0b:8f:b6:
                    f3:b1:a4:40:21:7a:d0:12:20:e4:80:95:77:3c:8b:
                    dc:a8:99:ec:54:a9:ae:e8:e6:ce:f3:96:41:43:7a:
                    8d:3f:e8:c5:ba:87:dc:ba:57:88:11:29:44:31:c3:
                    e1:88:89:ee:a6:d9:a3:0d:4d:5d:24:ae:3e:a7:76:
                    85:28:aa:cb:e9:df:df:03:fc:5b:fa:6b:4d:57:b1:
                    22:98:4c:c1:a3:61:57:e7:9f:6e:34:43:7c:61:c9:
                    02:07:2c:89:1f:53:10:ce:3b:bd:86:fc:47:a6:b1:
                    f7:c0:b3:ae:d2:c3:fa:52:42:04:10:dd:00:7b:f4:
                    79:bc:62:b9:33:57:6f:f4:d5:ba:b4:33:ce:82:ed:
                    9d:cb:04:c4:80:56:69:97:03:0f:dc:64:fd:ec:a8:
                    f3:d6:e7:2f:f0:cb:50:58:35:c2:6f:1f:97:1e:76:
                    b4:9c:b7:f3:43:79:aa:6f:1f:18:76:58:89:61:d5:
                    29:cc:ca:47:d2:c6:33:fb:14:83:d4:bd:db:2b:33:
                    d0:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:C2:69:88:C3:B6:CC:13:03:E3:12:B7:B6:CA:6A:4B:A6:2C:D9:CB
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/18JpiMO2zBMD4xK3tspqS6Ys2cs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:b40::/44

    Signature Algorithm: sha256WithRSAEncryption
         21:7c:ac:c2:a8:65:9b:3e:3e:5c:51:9d:93:d3:28:4b:a3:22:
         50:e1:54:6a:d8:82:4a:2d:87:51:d9:22:30:21:a9:57:83:97:
         ca:95:4e:fd:92:b4:48:7c:80:6a:8a:e1:5c:6a:f0:fb:be:b6:
         0f:a1:f6:17:32:df:b7:34:71:7a:71:b3:6f:1d:ee:e9:3a:6a:
         35:f3:47:91:ed:0a:e5:c0:6f:eb:9a:f1:04:72:0d:33:53:8b:
         e2:27:36:0c:78:f7:59:41:22:de:f7:78:60:94:1a:00:96:03:
         fe:26:50:de:78:4a:1e:c4:f2:f1:84:89:3f:3e:e2:d3:96:f4:
         c3:b5:8e:2b:c3:32:d8:f2:eb:75:5e:62:7f:9b:29:3d:a2:c1:
         38:28:0c:77:a0:67:0b:ed:c7:e1:ca:f8:72:c4:18:8c:79:82:
         f6:d0:be:ee:71:9a:e3:ef:af:68:b3:38:0c:be:b1:a9:41:e8:
         c1:bd:98:93:86:15:ff:bb:c5:d9:ee:85:9c:8f:56:8f:05:60:
         35:01:c8:15:fd:e1:7c:1d:f7:62:16:77:f4:1d:3c:96:b4:90:
         80:8f:ab:8f:22:da:82:a2:4f:b2:89:f9:5e:c3:5e:52:38:92:
         ae:7a:62:7d:2f:55:f3:d7:ea:01:3c:41:f2:1f:24:61:9c:a6:
         50:36:01:57
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvQnbOxJxJj6TU8SPAheVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2MyNjk4OGMzYjZjYzEzMDNlMzEyYjdiNmNhNmE0YmE2MmNkOWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlO5C4Furi0JKy8W8lsLvfN5z0ARY
INzEkfvuSftpitkKhTJjAD+Ktfj6mGn60S3NjfuPgxpa8/cLj7bzsaRAIXrQEiDk
gJV3PIvcqJnsVKmu6ObO85ZBQ3qNP+jFuofculeIESlEMcPhiInuptmjDU1dJK4+
p3aFKKrL6d/fA/xb+mtNV7EimEzBo2FX559uNEN8YckCByyJH1MQzju9hvxHprH3
wLOu0sP6UkIEEN0Ae/R5vGK5M1dv9NW6tDPOgu2dywTEgFZplwMP3GT97Kjz1ucv
8MtQWDXCbx+XHna0nLfzQ3mqbx8YdliJYdUpzMpH0sYz+xSD1L3bKzPQxQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNfCaYjDtswTA+MSt7bKakumLNnLMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMThKcGlNTzJ6Qk1ENHhLM3RzcHFTNllzMmNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAtA
MA0GCSqGSIb3DQEBCwUAA4IBAQAhfKzCqGWbPj5cUZ2T0yhLoyJQ4VRq2IJKLYdR
2SIwIalXg5fKlU79krRIfIBqiuFcavD7vrYPofYXMt+3NHF6cbNvHe7pOmo180eR
7QrlwG/rmvEEcg0zU4viJzYMePdZQSLe93hglBoAlgP+JlDeeEoexPLxhIk/PuLT
lvTDtY4rwzLY8ut1XmJ/myk9osE4KAx3oGcL7cfhyvhyxBiMeYL20L7ucZrj769o
szgMvrGpQejBvZiThhX/u8XZ7oWcj1aPBWA1AcgV/eF8HfdiFnf0HTyWtJCAj6uP
ItqCok+yiflew15SOJKuemJ9L1Xz1+oBPEHyHyRhnKZQNgFX
-----END CERTIFICATE-----