Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3_Xt-NeTV2_G-c7XDwjv-X9iSIg.roa
File:                     3_Xt-NeTV2_G-c7XDwjv-X9iSIg.roa (raw, json)
Hash identifier:          1Rt1h5G4CcAUForYINDkfIz6FIEIN39N17LP4AFLz5o=
Subject key identifier:   DF:F5:ED:F8:D7:93:57:6F:C6:F9:CE:D7:0F:08:EF:F9:7F:62:48:88
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCDAD4546656D2108AFC6310ECD4A8
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3_Xt-NeTV2_G-c7XDwjv-X9iSIg.roa
Signing time:             Tue 02 Jan 2024 10:34:06 +0000
ROA not before:           Tue 02 Jan 2024 10:34:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137256
IP address blocks:        2a0e:b107:c10::/48 maxlen: 48
                          2a0e:b107:c11::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:da:d4:54:66:56:d2:10:8a:fc:63:10:ec:d4:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dff5edf8d793576fc6f9ced70f08eff97f624888
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:5f:dd:63:96:ab:97:f6:9c:cd:88:68:2a:be:
                    10:f6:d6:d0:e0:82:a7:36:f4:70:5a:f3:b4:b1:b2:
                    0f:5a:7d:14:2c:33:53:22:bd:c3:b3:ca:75:16:91:
                    e2:76:c5:5f:06:72:13:38:f7:2a:1f:c3:9b:dd:8c:
                    0b:72:e9:4e:78:0c:ea:36:a7:79:6f:8b:cd:4b:00:
                    5e:2c:a1:fa:bc:9f:6d:e2:35:6a:98:ac:67:46:6a:
                    50:a3:54:d1:f7:be:82:a4:92:f6:fa:b8:00:df:00:
                    34:17:f0:47:9d:f3:cd:7e:26:19:39:23:de:5a:f9:
                    21:fd:85:f8:0e:85:de:49:fb:4d:22:77:f0:c2:be:
                    54:d9:06:f4:4e:6a:3d:54:6d:e8:eb:03:1a:ac:fe:
                    dc:f9:94:8a:1a:ad:ec:29:aa:72:23:df:8c:db:53:
                    98:ba:9a:41:05:bd:37:1c:11:25:88:0f:94:b9:35:
                    8f:8e:45:20:2a:fb:32:d8:c6:ac:e0:e0:70:b9:9e:
                    59:e3:ab:7e:8a:1b:3c:57:21:30:47:d8:58:f2:51:
                    d4:a5:25:4e:79:a9:26:e2:1d:db:51:43:a8:70:48:
                    52:c5:11:4d:0b:41:9e:bf:a9:40:db:8f:f3:f4:e7:
                    ce:19:03:c8:14:ee:19:39:a3:0d:9c:fd:c1:be:ea:
                    66:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:F5:ED:F8:D7:93:57:6F:C6:F9:CE:D7:0F:08:EF:F9:7F:62:48:88
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3_Xt-NeTV2_G-c7XDwjv-X9iSIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:c10::/47

    Signature Algorithm: sha256WithRSAEncryption
         09:d7:39:11:01:f0:c2:47:bf:33:9e:cc:51:11:d2:95:d3:f5:
         f1:0c:58:c9:62:30:c5:f9:6d:3a:2e:bd:57:ee:a7:9c:53:7b:
         9a:b3:c1:dc:1d:da:56:04:9d:b4:c9:1f:be:01:eb:99:b7:e9:
         8d:f1:34:9b:d6:6a:db:33:0f:a1:b1:0a:ad:18:57:3e:c0:43:
         c8:52:1b:f9:a8:cd:66:28:70:a0:bc:a5:3e:48:b1:d7:16:dc:
         3a:a5:6d:24:6c:30:14:76:1c:df:32:52:b1:1c:a6:65:b8:26:
         ef:6a:3f:2a:c7:87:f8:9e:7f:00:e2:73:3a:a5:fb:f6:28:37:
         b8:13:67:9f:db:14:21:cc:24:8c:08:d2:03:bc:20:46:43:b2:
         c7:3d:12:34:a5:42:50:f5:20:99:96:7d:82:9f:e1:41:85:26:
         00:85:e2:f1:86:33:34:9c:cd:7a:14:b2:8b:89:79:16:a7:00:
         97:79:d3:34:86:ae:ee:d6:d3:d8:c6:f2:f0:92:2a:65:80:1f:
         09:0d:0c:92:ea:65:95:de:f1:68:ca:7d:33:53:20:50:07:ec:
         2e:68:05:ba:46:20:78:ef:8b:16:93:a9:15:f4:7e:ea:78:3d:
         00:1e:89:c7:bf:37:5f:03:5b:6b:d1:38:ea:a6:9f:67:39:d6:
         5c:de:9e:a0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvNrUVGZW0hCK/GMQ7NSoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmY1ZWRmOGQ3OTM1NzZmYzZmOWNlZDcwZjA4ZWZmOTdmNjI0ODg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArF/dY5arl/aczYhoKr4Q9tbQ4IKn
NvRwWvO0sbIPWn0ULDNTIr3Ds8p1FpHidsVfBnITOPcqH8Ob3YwLculOeAzqNqd5
b4vNSwBeLKH6vJ9t4jVqmKxnRmpQo1TR976CpJL2+rgA3wA0F/BHnfPNfiYZOSPe
Wvkh/YX4DoXeSftNInfwwr5U2Qb0Tmo9VG3o6wMarP7c+ZSKGq3sKapyI9+M21OY
uppBBb03HBEliA+UuTWPjkUgKvsy2Mas4OBwuZ5Z46t+ihs8VyEwR9hY8lHUpSVO
eakm4h3bUUOocEhSxRFNC0Gev6lA24/z9OfOGQPIFO4ZOaMNnP3Bvupm3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN/17fjXk1dvxvnO1w8I7/l/YkiIMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvM19YdC1OZVRWMl9HLWM3WER3anYtWDlpU0lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKg6xBwwQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAJ1zkRAfDCR78znsxREdKV0/XxDFjJYjDF+W06
Lr1X7qecU3uas8HcHdpWBJ20yR++AeuZt+mN8TSb1mrbMw+hsQqtGFc+wEPIUhv5
qM1mKHCgvKU+SLHXFtw6pW0kbDAUdhzfMlKxHKZluCbvaj8qx4f4nn8A4nM6pfv2
KDe4E2ef2xQhzCSMCNIDvCBGQ7LHPRI0pUJQ9SCZln2Cn+FBhSYAheLxhjM0nM16
FLKLiXkWpwCXedM0hq7u1tPYxvLwkiplgB8JDQyS6mWV3vFoyn0zUyBQB+wuaAW6
RiB474sWk6kV9H7qeD0AHonHvzdfA1tr0Tjqpp9nOdZc3p6g
-----END CERTIFICATE-----