Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3T-HGqcweCHSgDNYhYN-yxw0ciQ.roa
File:                     3T-HGqcweCHSgDNYhYN-yxw0ciQ.roa (raw, json)
Hash identifier:          gzYNnHYn8TJhI4B2dzFICRNq9SBFKm/QK0F9WNGRn3c=
Subject key identifier:   DD:3F:87:1A:A7:30:78:21:D2:80:33:58:85:83:7E:CB:1C:34:72:24
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018DD16C40682C542482DE32E9C191B19CEB
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3T-HGqcweCHSgDNYhYN-yxw0ciQ.roa
Signing time:             Thu 22 Feb 2024 15:25:48 +0000
ROA not before:           Thu 22 Feb 2024 15:25:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215437
IP address blocks:        2a0e:97c0:670::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:38:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d1:6c:40:68:2c:54:24:82:de:32:e9:c1:91:b1:9c:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb 22 15:25:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dd3f871aa7307821d280335885837ecb1c347224
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:a7:0e:4f:a4:75:f9:13:f7:ba:31:92:b1:ba:
                    be:1c:b2:2f:c7:c3:39:45:ee:c1:60:3d:c5:c4:db:
                    34:bb:10:4b:78:01:f2:24:53:49:1d:f1:bc:1f:de:
                    fd:bc:37:72:7a:4d:cd:f8:68:f6:de:8e:b7:7f:b5:
                    ca:62:9a:cc:79:dc:61:76:cb:92:37:a5:39:c7:5b:
                    1e:81:4c:a5:33:70:ed:a4:af:de:82:56:87:21:b9:
                    82:ca:d9:7a:69:4b:9d:eb:1f:68:c1:b7:69:72:68:
                    d6:8b:1f:ce:43:b1:db:bb:89:fe:ec:de:7c:f4:4a:
                    83:e6:7e:a9:b0:c5:55:46:0c:e0:48:b2:f9:59:8b:
                    23:5b:bf:11:c9:bd:74:79:7f:b4:2a:f3:74:a4:42:
                    8a:06:24:bb:0e:df:8c:f7:09:88:df:4b:8f:8e:f5:
                    45:3d:44:44:55:d8:25:b1:f1:a4:d7:0d:99:24:c2:
                    d8:24:05:c4:9e:27:14:c4:e7:b6:d1:c3:0f:c9:75:
                    99:f3:f0:b5:e1:74:45:e0:b4:5e:74:ea:d7:cc:2a:
                    41:6e:c4:a0:02:b7:b3:86:e8:82:98:19:c4:7f:55:
                    7c:8d:53:7a:0b:c9:3a:40:be:dc:76:c1:0e:64:22:
                    ca:74:6f:b3:80:22:d8:89:ef:97:c3:be:2f:c6:8f:
                    2a:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:3F:87:1A:A7:30:78:21:D2:80:33:58:85:83:7E:CB:1C:34:72:24
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3T-HGqcweCHSgDNYhYN-yxw0ciQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:670::/44

    Signature Algorithm: sha256WithRSAEncryption
         6f:97:70:22:de:ef:72:23:ae:f7:5f:61:cd:7e:b4:98:4c:78:
         54:e7:bb:72:3f:c3:3f:31:5c:93:0c:8a:61:d0:7e:9a:eb:a7:
         a6:07:a2:5c:31:ef:89:12:97:c0:e1:5c:7e:5a:73:86:26:72:
         d6:e3:da:35:f7:0d:3d:be:10:4a:10:d2:d6:d2:10:1f:31:36:
         8a:42:27:52:d5:22:dc:17:d4:ea:b4:7a:8f:ab:a7:82:18:1c:
         87:00:80:83:1c:fc:21:eb:c6:ad:38:aa:78:5e:97:81:78:d1:
         b5:43:c9:df:d4:e8:94:92:ca:ba:46:19:db:67:c8:2e:5e:62:
         2a:47:5f:0d:fa:f8:2c:02:c7:2a:e2:e7:a7:2e:3c:89:85:e8:
         f5:10:a2:dc:fb:d0:74:5e:a9:36:c3:be:16:01:54:6f:8b:43:
         82:39:d5:e2:c4:3b:fa:60:18:c9:dc:b4:84:39:7f:ed:91:3c:
         e0:0d:68:8d:58:dc:c9:6f:e1:c3:90:1a:de:ad:3a:49:59:29:
         a8:e2:7c:44:f7:8a:9e:e2:df:72:9f:ed:51:eb:c5:c6:27:ea:
         b9:04:2b:60:06:7a:87:fd:a8:98:fd:c4:e7:81:0e:50:41:35:
         02:a0:1f:ca:23:c5:65:ea:17:ea:22:fc:de:d5:c2:97:51:56:
         4f:c4:7e:48
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY3RbEBoLFQkgt4y6cGRsZzrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMjIyMTUyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDNmODcxYWE3MzA3ODIxZDI4MDMzNTg4NTgzN2VjYjFjMzQ3MjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1acOT6R1+RP3ujGSsbq+HLIvx8M5
Re7BYD3FxNs0uxBLeAHyJFNJHfG8H979vDdyek3N+Gj23o63f7XKYprMedxhdsuS
N6U5x1segUylM3DtpK/eglaHIbmCytl6aUud6x9owbdpcmjWix/OQ7Hbu4n+7N58
9EqD5n6psMVVRgzgSLL5WYsjW78Ryb10eX+0KvN0pEKKBiS7Dt+M9wmI30uPjvVF
PUREVdglsfGk1w2ZJMLYJAXEnicUxOe20cMPyXWZ8/C14XRF4LRedOrXzCpBbsSg
ArezhuiCmBnEf1V8jVN6C8k6QL7cdsEOZCLKdG+zgCLYie+Xw74vxo8qdwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN0/hxqnMHgh0oAzWIWDfsscNHIkMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvM1QtSEdxY3dlQ0hTZ0ROWWhZTi15eHcwY2lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAZw
MA0GCSqGSIb3DQEBCwUAA4IBAQBvl3Ai3u9yI673X2HNfrSYTHhU57tyP8M/MVyT
DIph0H6a66emB6JcMe+JEpfA4Vx+WnOGJnLW49o19w09vhBKENLW0hAfMTaKQidS
1SLcF9TqtHqPq6eCGByHAICDHPwh68atOKp4XpeBeNG1Q8nf1OiUksq6RhnbZ8gu
XmIqR18N+vgsAscq4uenLjyJhej1EKLc+9B0Xqk2w74WAVRvi0OCOdXixDv6YBjJ
3LSEOX/tkTzgDWiNWNzJb+HDkBrerTpJWSmo4nxE94qe4t9yn+1R68XGJ+q5BCtg
BnqH/aiY/cTngQ5QQTUCoB/KI8Vl6hfqIvze1cKXUVZPxH5I
-----END CERTIFICATE-----