Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1mnZWygqMii-7zu6muibDjATos4.roa
File:                     1mnZWygqMii-7zu6muibDjATos4.roa (raw, json)
Hash identifier:          ProitvUp1jQZgKqmRLI2rDwMgn+Jmwj2ulSn44P8XmQ=
Subject key identifier:   D6:69:D9:5B:28:2A:32:28:BE:EF:3B:BA:9A:E8:9B:0E:30:13:A2:CE
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD06C3BEB02DCE47BE31A4551EDF7D
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1mnZWygqMii-7zu6muibDjATos4.roa
Signing time:             Tue 02 Jan 2024 10:34:17 +0000
ROA not before:           Tue 02 Jan 2024 10:34:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203943
IP address blocks:        2a0e:b107:5a2::/48 maxlen: 48
                          2a0e:b107:5a1::/48 maxlen: 48
                          2a0e:b107:5a3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:06:c3:be:b0:2d:ce:47:be:31:a4:55:1e:df:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d669d95b282a3228beef3bba9ae89b0e3013a2ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:89:cd:1a:01:80:d7:99:cf:54:83:c9:ff:e6:
                    dd:95:15:3a:d3:46:41:5b:4d:da:e5:af:3e:0a:28:
                    55:c0:70:53:92:3d:ad:22:8e:fd:23:a6:4e:dd:61:
                    14:10:49:82:f3:44:14:71:49:ea:ea:d0:41:30:7b:
                    bd:c4:61:d9:ff:46:e8:c6:23:19:1d:00:36:83:ad:
                    41:df:83:e7:c0:8b:24:d2:04:34:31:f9:9d:80:9f:
                    19:8f:40:6e:95:b3:a1:bd:72:5d:6a:5d:a8:53:dc:
                    84:ce:d7:41:db:70:9f:de:04:97:81:9d:37:36:e8:
                    bb:2c:07:63:fa:3d:61:5f:d8:13:86:e2:53:3e:f6:
                    49:84:93:25:1a:47:d8:ba:17:a2:47:69:f0:b3:77:
                    31:3e:25:18:59:ba:ff:fb:e9:4f:d6:1a:9a:fc:8a:
                    2c:ca:df:a9:10:02:5b:68:10:71:af:4b:e6:9f:2a:
                    fe:31:4b:8a:bf:cc:88:a1:af:bb:b2:fc:b4:fa:34:
                    14:ad:4f:a0:21:b8:38:ad:02:f7:a1:65:05:94:6f:
                    81:9e:8e:97:d8:2c:2c:fa:ae:6f:44:14:a5:76:84:
                    8b:cc:ea:7d:15:f0:11:87:14:46:95:4b:0f:dd:a6:
                    b1:ff:07:00:f9:b6:d5:2f:b3:36:3a:cd:81:6a:11:
                    e1:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:69:D9:5B:28:2A:32:28:BE:EF:3B:BA:9A:E8:9B:0E:30:13:A2:CE
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1mnZWygqMii-7zu6muibDjATos4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:5a1::-2a0e:b107:5a3:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         63:85:33:26:33:a8:75:f0:ad:27:06:ff:58:82:0f:2f:6b:79:
         95:80:3f:ff:bb:da:18:62:dc:e3:08:89:b3:45:e8:60:47:97:
         ff:06:c4:21:a0:52:ea:68:79:d1:e5:d6:61:4f:c2:ac:0b:9b:
         64:b7:01:4e:bc:a2:92:29:89:eb:48:9b:a4:5f:4c:01:ef:90:
         f9:28:f3:cf:4d:b5:be:a9:1a:9e:66:b4:e3:d0:14:50:5c:f7:
         7e:8c:6a:19:8e:ca:ea:58:33:7c:90:b9:9f:23:49:35:49:a4:
         a5:0c:84:b3:33:7f:24:97:d5:79:b7:82:f1:dc:e4:6a:f2:11:
         0c:c4:7b:8a:75:ae:72:40:7c:7f:fe:3e:1f:53:12:d1:fd:29:
         1d:2e:e9:43:9a:50:65:9b:07:3d:ae:6a:e1:eb:59:9c:44:5d:
         91:e5:07:34:8a:15:76:b8:d4:b3:8b:22:44:9d:cb:38:5a:5e:
         36:dd:31:63:aa:dd:92:e6:b7:ab:14:fb:6b:a2:1f:30:07:a8:
         cd:4d:ec:44:4c:49:78:96:83:cc:43:0c:bc:36:20:ef:b9:cc:
         58:6b:d3:09:b9:3e:5b:cc:11:3c:c1:4f:ad:c9:0e:cc:cf:a5:
         76:11:24:72:b7:19:6e:3f:fb:45:a1:6e:6b:71:98:ea:38:5c:
         c6:72:89:fa
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzJvQbDvrAtzke+MaRVHt99MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjY5ZDk1YjI4MmEzMjI4YmVlZjNiYmE5YWU4OWIwZTMwMTNhMmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmInNGgGA15nPVIPJ/+bdlRU600ZB
W03a5a8+CihVwHBTkj2tIo79I6ZO3WEUEEmC80QUcUnq6tBBMHu9xGHZ/0boxiMZ
HQA2g61B34PnwIsk0gQ0MfmdgJ8Zj0BulbOhvXJdal2oU9yEztdB23Cf3gSXgZ03
Nui7LAdj+j1hX9gThuJTPvZJhJMlGkfYuheiR2nws3cxPiUYWbr/++lP1hqa/Ios
yt+pEAJbaBBxr0vmnyr+MUuKv8yIoa+7svy0+jQUrU+gIbg4rQL3oWUFlG+Bno6X
2Cws+q5vRBSldoSLzOp9FfARhxRGlUsP3aax/wcA+bbVL7M2Os2BahHhhwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFNZp2VsoKjIovu87upromw4wE6LOMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMW1uWld5Z3FNaWktN3p1Nm11aWJEakFUb3M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqDrEH
BaEDBwIqDrEHBaAwDQYJKoZIhvcNAQELBQADggEBAGOFMyYzqHXwrScG/1iCDy9r
eZWAP/+72hhi3OMIibNF6GBHl/8GxCGgUupoedHl1mFPwqwLm2S3AU68opIpietI
m6RfTAHvkPko889Ntb6pGp5mtOPQFFBc936MahmOyupYM3yQuZ8jSTVJpKUMhLMz
fySX1Xm3gvHc5GryEQzEe4p1rnJAfH/+Ph9TEtH9KR0u6UOaUGWbBz2uauHrWZxE
XZHlBzSKFXa41LOLIkSdyzhaXjbdMWOq3ZLmt6sU+2uiHzAHqM1N7ERMSXiWg8xD
DLw2IO+5zFhr0wm5PlvMETzBT63JDszPpXYRJHK3GW4/+0WhbmtxmOo4XMZyifo=
-----END CERTIFICATE-----