Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/34rEyxfVAdOEBWnhq2CHz84UDYY.roa
File:                     34rEyxfVAdOEBWnhq2CHz84UDYY.roa (raw, json)
Hash identifier:          NQ8/jVxjz/261eo0kZH3RzWmKdpuFdDQp+HfTa1VKKc=
Subject key identifier:   DF:8A:C4:CB:17:D5:01:D3:84:05:69:E1:AB:60:87:CF:CE:14:0D:86
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018EC2D7998EA6DE7B08ED71B5EB3DD90CE5
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/34rEyxfVAdOEBWnhq2CHz84UDYY.roa
Signing time:             Tue 09 Apr 2024 12:31:33 +0000
ROA not before:           Tue 09 Apr 2024 12:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216110
IP address blocks:        2a0e:97c1:8a27::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c2:d7:99:8e:a6:de:7b:08:ed:71:b5:eb:3d:d9:0c:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr  9 12:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df8ac4cb17d501d3840569e1ab6087cfce140d86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:57:59:cc:1b:f1:7c:17:14:f9:50:71:19:f1:
                    a0:9f:1e:15:82:79:34:48:24:45:5f:b6:f8:b9:95:
                    3a:40:18:63:ae:e1:d7:b7:34:c8:1b:0a:72:d2:cf:
                    57:31:6b:d5:5d:12:da:c0:7c:1d:f2:98:ca:be:45:
                    8f:87:7f:fc:f7:b5:47:45:d4:32:a4:d6:51:31:a0:
                    48:ad:f0:ca:60:73:82:7b:e7:ef:a1:64:ef:fc:47:
                    f9:54:e9:45:dc:29:30:a0:8f:85:ef:5a:a3:f2:98:
                    2c:b2:29:0a:29:46:76:f0:20:b2:ad:ad:4f:1d:84:
                    f4:05:f9:8f:28:76:74:68:83:3d:24:5f:94:ee:f8:
                    06:68:10:91:a3:4f:8b:a9:82:d5:5c:8c:e7:36:4c:
                    ec:a6:32:fa:08:df:7c:76:80:5a:06:e0:35:12:d5:
                    68:57:f7:58:0e:45:ea:68:26:9a:a0:5e:17:39:d0:
                    d7:2e:7e:d3:9d:0c:f1:78:cc:05:98:90:0c:ae:f5:
                    ce:2e:51:67:c3:81:2f:e6:0c:d1:f6:37:57:f3:b1:
                    10:96:fd:c8:16:40:55:48:45:81:a4:40:7e:e7:fd:
                    52:4e:5e:b5:8f:1b:f9:d8:de:a1:1b:96:d9:e0:9c:
                    9c:29:19:0f:70:75:84:a1:40:1e:dc:6d:5c:b7:49:
                    94:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:8A:C4:CB:17:D5:01:D3:84:05:69:E1:AB:60:87:CF:CE:14:0D:86
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/34rEyxfVAdOEBWnhq2CHz84UDYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c1:8a27::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:dd:1e:c1:e0:5e:01:43:1b:b9:c5:0a:20:9f:c1:43:a6:c4:
         ea:f6:ad:f4:a1:db:7b:24:0c:27:65:ea:2f:c8:bf:14:a2:41:
         b3:7a:cb:3b:ee:f7:08:f7:19:21:f0:01:62:88:18:27:c0:a1:
         12:11:22:46:dd:e3:4d:d5:2a:6f:7d:b6:ff:7e:0a:a2:1d:aa:
         0e:c2:33:40:62:58:db:86:86:92:10:91:28:c9:a9:38:34:7e:
         38:97:1e:2c:e9:7f:e7:0b:f7:6e:f9:16:53:f1:f6:00:b7:89:
         11:79:fa:e3:ae:99:cd:c5:3d:95:c9:fa:80:77:32:57:94:8d:
         47:21:35:39:94:61:1a:40:ae:5a:1e:df:c7:25:b3:74:4c:d7:
         db:11:f0:38:01:f8:5d:a6:32:84:58:2e:f1:39:1d:19:bd:82:
         f1:3d:9c:41:e9:d7:07:96:09:90:3a:56:1a:64:97:ca:20:61:
         0e:69:5d:1f:bf:30:3c:ac:10:c8:15:4b:cf:6c:9a:c2:17:70:
         a7:33:a8:3b:77:9d:1a:76:ac:79:a9:52:75:63:32:fc:ab:5d:
         8f:94:15:33:61:32:b3:50:2e:00:4e:79:36:1d:b9:50:4f:99:
         42:31:5f:6a:6b:6d:9b:30:0c:bc:a5:a1:57:db:69:db:c4:f1:
         94:03:99:35
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY7C15mOpt57CO1xtes92QzlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNDA5MTIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjhhYzRjYjE3ZDUwMWQzODQwNTY5ZTFhYjYwODdjZmNlMTQwZDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhldZzBvxfBcU+VBxGfGgnx4Vgnk0
SCRFX7b4uZU6QBhjruHXtzTIGwpy0s9XMWvVXRLawHwd8pjKvkWPh3/897VHRdQy
pNZRMaBIrfDKYHOCe+fvoWTv/Ef5VOlF3CkwoI+F71qj8pgssikKKUZ28CCyra1P
HYT0BfmPKHZ0aIM9JF+U7vgGaBCRo0+LqYLVXIznNkzspjL6CN98doBaBuA1EtVo
V/dYDkXqaCaaoF4XOdDXLn7TnQzxeMwFmJAMrvXOLlFnw4Ev5gzR9jdX87EQlv3I
FkBVSEWBpEB+5/1STl61jxv52N6hG5bZ4JycKRkPcHWEoUAe3G1ct0mUxQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN+KxMsX1QHThAVp4atgh8/OFA2GMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMzRyRXl4ZlZBZE9FQlduaHEyQ0h6ODRVRFlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6XwYon
MA0GCSqGSIb3DQEBCwUAA4IBAQBA3R7B4F4BQxu5xQogn8FDpsTq9q30odt7JAwn
ZeovyL8UokGzess77vcI9xkh8AFiiBgnwKESESJG3eNN1Spvfbb/fgqiHaoOwjNA
YljbhoaSEJEoyak4NH44lx4s6X/nC/du+RZT8fYAt4kRefrjrpnNxT2VyfqAdzJX
lI1HITU5lGEaQK5aHt/HJbN0TNfbEfA4AfhdpjKEWC7xOR0ZvYLxPZxB6dcHlgmQ
OlYaZJfKIGEOaV0fvzA8rBDIFUvPbJrCF3CnM6g7d50adqx5qVJ1YzL8q12PlBUz
YTKzUC4ATnk2HblQT5lCMV9qa22bMAy8paFX22nbxPGUA5k1
-----END CERTIFICATE-----