Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3hm72yKbvR3GtLse7ouwXzEs-8s.roa
File:                     3hm72yKbvR3GtLse7ouwXzEs-8s.roa (raw, json)
Hash identifier:          3PLQ3Mc1gudODB43fPbkqABHKsFWGudXm3UoF6nrBDs=
Subject key identifier:   DE:19:BB:DB:22:9B:BD:1D:C6:B4:BB:1E:EE:8B:B0:5F:31:2C:FB:CB
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCC47E007FDD055AE3F8645FA836E4
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3hm72yKbvR3GtLse7ouwXzEs-8s.roa
Signing time:             Tue 02 Jan 2024 10:34:00 +0000
ROA not before:           Tue 02 Jan 2024 10:34:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26042
IP address blocks:        2a0e:97c0:d50::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c4:7e:00:7f:dd:05:5a:e3:f8:64:5f:a8:36:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de19bbdb229bbd1dc6b4bb1eee8bb05f312cfbcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:69:d0:fd:3e:fc:75:a6:7c:90:32:04:a1:94:
                    df:8a:98:3c:6d:01:f6:2a:35:5c:61:52:2b:8d:7a:
                    8a:e8:e6:62:7b:69:eb:e9:96:06:28:a3:28:dd:0b:
                    a9:f6:34:a8:2d:71:a2:dd:a5:55:d2:97:ef:2a:81:
                    7b:c5:98:13:4a:eb:c8:f7:d3:25:c6:8f:4c:6b:09:
                    b4:9f:6b:8f:17:97:92:b6:c1:d0:0d:0d:80:8d:57:
                    a7:e0:79:28:ae:e1:4c:a5:67:7d:79:ee:fc:9e:b1:
                    f9:45:16:41:62:3d:f0:7d:3f:46:9e:f8:e5:28:25:
                    f3:f1:19:d0:ea:72:2f:30:31:fa:ef:49:d2:2b:72:
                    74:17:82:38:1d:a0:7b:11:c8:da:0c:42:82:c5:58:
                    4e:5f:63:b9:9b:11:50:d4:86:b4:00:87:f4:e8:42:
                    c9:4a:e6:7f:96:24:d0:22:78:bb:5b:c3:89:51:08:
                    2a:ef:64:64:b5:6c:0a:8e:5b:ec:3f:8b:7b:c5:d3:
                    fd:0e:dd:8f:26:29:cb:1d:9b:a6:4f:53:04:1c:81:
                    bf:91:76:e5:29:ec:ef:cc:ae:38:fb:7d:66:9f:98:
                    9e:b8:53:8c:35:07:b0:36:45:2e:0c:49:52:5e:3e:
                    e4:41:b8:10:5f:83:08:30:81:7e:7e:3f:ca:3e:3a:
                    7b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:19:BB:DB:22:9B:BD:1D:C6:B4:BB:1E:EE:8B:B0:5F:31:2C:FB:CB
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3hm72yKbvR3GtLse7ouwXzEs-8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:d50::/44

    Signature Algorithm: sha256WithRSAEncryption
         1d:e5:b8:72:4d:3a:49:95:12:26:c8:47:a1:43:56:72:70:3d:
         b2:0b:b6:bb:e1:90:a8:0c:ee:2d:1a:48:71:86:0d:af:75:96:
         03:cd:38:d3:d1:80:cd:e3:6b:41:ee:6b:94:61:e2:e6:f4:82:
         41:36:7d:dc:65:e4:9b:52:09:58:63:76:d1:72:55:3c:3d:55:
         c9:06:3a:78:27:c7:b3:05:29:eb:a6:34:53:44:63:54:a3:dd:
         81:c0:e5:e7:f7:08:89:24:15:c8:45:97:58:d6:e2:d7:53:73:
         de:18:d7:a9:f9:14:b4:d4:6d:c9:6e:d4:1d:be:86:84:5a:d3:
         1e:53:ca:53:52:ac:9b:d9:79:9c:45:cf:e3:37:ee:5a:e7:6c:
         02:ed:30:13:e0:71:75:58:88:6c:75:1a:66:74:e2:68:55:2d:
         0b:64:05:44:41:72:e1:1c:61:59:ab:b1:06:64:8d:6d:93:77:
         5f:b4:53:8c:67:4d:f0:2d:c7:73:6a:31:3e:f8:50:4f:af:32:
         1f:60:72:7c:48:72:86:f2:58:b9:7a:4e:93:36:dc:d3:a0:6f:
         42:f3:bc:7e:cb:cc:5c:bb:8c:09:d3:f3:50:c6:96:5a:29:f7:
         9c:f0:43:70:69:87:b5:04:d3:0b:7e:f3:1d:ab:39:25:1a:4a:
         4e:58:0a:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvMR+AH/dBVrj+GRfqDbkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTE5YmJkYjIyOWJiZDFkYzZiNGJiMWVlZThiYjA1ZjMxMmNmYmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0mnQ/T78daZ8kDIEoZTfipg8bQH2
KjVcYVIrjXqK6OZie2nr6ZYGKKMo3Qup9jSoLXGi3aVV0pfvKoF7xZgTSuvI99Ml
xo9Mawm0n2uPF5eStsHQDQ2AjVen4HkoruFMpWd9ee78nrH5RRZBYj3wfT9Gnvjl
KCXz8RnQ6nIvMDH670nSK3J0F4I4HaB7EcjaDEKCxVhOX2O5mxFQ1Ia0AIf06ELJ
SuZ/liTQIni7W8OJUQgq72RktWwKjlvsP4t7xdP9Dt2PJinLHZumT1MEHIG/kXbl
KezvzK44+31mn5ieuFOMNQewNkUuDElSXj7kQbgQX4MIMIF+fj/KPjp7xQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN4Zu9sim70dxrS7Hu6LsF8xLPvLMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvM2htNzJ5S2J2UjNHdExzZTdvdXdYekVzLThzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwA1Q
MA0GCSqGSIb3DQEBCwUAA4IBAQAd5bhyTTpJlRImyEehQ1ZycD2yC7a74ZCoDO4t
Gkhxhg2vdZYDzTjT0YDN42tB7muUYeLm9IJBNn3cZeSbUglYY3bRclU8PVXJBjp4
J8ezBSnrpjRTRGNUo92BwOXn9wiJJBXIRZdY1uLXU3PeGNep+RS01G3JbtQdvoaE
WtMeU8pTUqyb2XmcRc/jN+5a52wC7TAT4HF1WIhsdRpmdOJoVS0LZAVEQXLhHGFZ
q7EGZI1tk3dftFOMZ03wLcdzajE++FBPrzIfYHJ8SHKG8li5ek6TNtzToG9C87x+
y8xcu4wJ0/NQxpZaKfec8ENwaYe1BNMLfvMdqzklGkpOWAqv
-----END CERTIFICATE-----