Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3bXH41hEC4lY7vgd7uTCQCPVOZI.roa
File:                     3bXH41hEC4lY7vgd7uTCQCPVOZI.roa (raw, json)
Hash identifier:          LNAdZ2Y6qVteJkK+jesj/WsXu9VZLz1l6bIYjkTrt0Y=
Subject key identifier:   DD:B5:C7:E3:58:44:0B:89:58:EE:F8:1D:EE:E4:C2:40:23:D5:39:92
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCFF6D181BD90FE3A7BE7F9ADC971B
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3bXH41hEC4lY7vgd7uTCQCPVOZI.roa
Signing time:             Tue 02 Jan 2024 10:34:15 +0000
ROA not before:           Tue 02 Jan 2024 10:34:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202458
IP address blocks:        2a0e:97c0:c00::/44 maxlen: 48
                          2a0e:97c0:c01::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ff:6d:18:1b:d9:0f:e3:a7:be:7f:9a:dc:97:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ddb5c7e358440b8958eef81deee4c24023d53992
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d8:32:5e:00:ec:f0:f5:83:15:9f:92:ca:f7:
                    0d:5e:a7:0e:fa:89:23:31:79:09:aa:41:7e:47:52:
                    d8:9b:05:06:ed:c6:49:4e:d1:74:de:a1:e4:f9:bb:
                    bb:61:71:34:4d:33:d9:6c:f0:40:cc:b6:8a:19:b0:
                    32:5b:c1:ef:8d:89:4a:a7:4f:68:60:a2:cf:09:09:
                    8e:a2:ac:3c:f2:d2:4f:50:52:b0:12:dd:da:7f:df:
                    92:fb:8f:e9:6b:2e:27:ee:9f:36:29:a8:9e:2c:a1:
                    77:f7:5a:20:95:94:4e:aa:54:e1:f8:15:1f:c4:2f:
                    fe:2c:c8:16:29:ca:98:32:ad:d1:98:97:2b:40:6f:
                    c8:7b:34:c4:73:57:79:0a:c8:89:7e:f3:6a:98:18:
                    d6:46:c1:e2:0c:1f:de:19:bf:52:f9:26:3b:7d:e0:
                    64:dd:04:0b:d9:56:2a:e2:0d:8a:b0:5f:13:ea:9b:
                    a6:58:ef:2d:2c:96:fb:50:db:56:f0:69:f3:70:e3:
                    78:8b:5d:d2:d0:f0:3d:8e:29:0f:db:22:13:ea:40:
                    49:e1:6b:82:e0:50:61:35:76:2e:e7:12:20:92:a7:
                    ee:90:c6:f1:18:26:05:b6:87:ec:3b:37:b0:ba:d7:
                    7f:0c:66:72:f6:34:bb:0e:92:c1:93:31:d3:f8:93:
                    8f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:B5:C7:E3:58:44:0B:89:58:EE:F8:1D:EE:E4:C2:40:23:D5:39:92
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3bXH41hEC4lY7vgd7uTCQCPVOZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:c00::/44

    Signature Algorithm: sha256WithRSAEncryption
         67:2f:f4:31:05:fd:59:6e:34:ab:11:a6:3e:36:8b:3c:28:d5:
         48:ba:aa:15:92:e6:df:41:91:53:f3:e0:73:70:f5:08:ee:da:
         a0:da:f8:84:39:c0:59:d9:45:48:f6:d5:7d:5d:33:a8:9f:75:
         f5:8a:fb:25:d4:ad:08:a9:d5:2a:6c:4e:65:2b:ae:66:f0:11:
         ed:f7:49:ee:12:bc:88:09:96:f5:df:3c:bc:ab:3a:08:f6:4e:
         e3:88:86:60:0c:38:c1:19:88:e2:40:63:03:98:a0:45:e5:b0:
         3c:5e:be:75:90:be:69:ce:cc:69:aa:c6:1e:6d:fc:14:6b:cf:
         02:d2:3b:84:88:fd:4f:b2:c4:da:3d:2b:2c:5a:46:98:30:e6:
         88:bb:eb:1b:e6:74:ab:c1:6d:42:52:04:03:57:3d:21:2f:c5:
         61:3f:11:d3:39:72:b0:5b:ad:3f:22:79:ec:0e:3e:54:98:6a:
         75:a4:8b:76:77:5d:d7:0b:47:05:a7:c1:8e:3b:42:4e:ad:e3:
         0f:3f:0c:d1:90:81:a2:ca:f6:ae:a6:0e:a3:27:59:80:c5:b6:
         52:6f:26:39:aa:66:5d:56:cd:32:f9:f5:7b:fa:78:bf:b7:38:
         ed:8c:e3:ff:fa:28:0e:8a:cc:ed:e9:a6:d0:58:e4:1e:b6:4b:
         b0:00:76:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvP9tGBvZD+Onvn+a3JcbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGI1YzdlMzU4NDQwYjg5NThlZWY4MWRlZWU0YzI0MDIzZDUzOTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9gyXgDs8PWDFZ+SyvcNXqcO+okj
MXkJqkF+R1LYmwUG7cZJTtF03qHk+bu7YXE0TTPZbPBAzLaKGbAyW8HvjYlKp09o
YKLPCQmOoqw88tJPUFKwEt3af9+S+4/pay4n7p82KaieLKF391oglZROqlTh+BUf
xC/+LMgWKcqYMq3RmJcrQG/IezTEc1d5CsiJfvNqmBjWRsHiDB/eGb9S+SY7feBk
3QQL2VYq4g2KsF8T6pumWO8tLJb7UNtW8GnzcON4i13S0PA9jikP2yIT6kBJ4WuC
4FBhNXYu5xIgkqfukMbxGCYFtofsOzewutd/DGZy9jS7DpLBkzHT+JOPUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN21x+NYRAuJWO74He7kwkAj1TmSMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvM2JYSDQxaEVDNGxZN3ZnZDd1VENRQ1BWT1pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAwA
MA0GCSqGSIb3DQEBCwUAA4IBAQBnL/QxBf1ZbjSrEaY+Nos8KNVIuqoVkubfQZFT
8+BzcPUI7tqg2viEOcBZ2UVI9tV9XTOon3X1ivsl1K0IqdUqbE5lK65m8BHt90nu
EryICZb13zy8qzoI9k7jiIZgDDjBGYjiQGMDmKBF5bA8Xr51kL5pzsxpqsYebfwU
a88C0juEiP1PssTaPSssWkaYMOaIu+sb5nSrwW1CUgQDVz0hL8VhPxHTOXKwW60/
InnsDj5UmGp1pIt2d13XC0cFp8GOO0JOreMPPwzRkIGiyvaupg6jJ1mAxbZSbyY5
qmZdVs0y+fV7+ni/tzjtjOP/+igOiszt6abQWOQetkuwAHbt
-----END CERTIFICATE-----