Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/47paZfHpf8o4Y1ECYIZ5cpvzZ7g.roa
File:                     47paZfHpf8o4Y1ECYIZ5cpvzZ7g.roa (raw, json)
Hash identifier:          BlsvnM8FbuEUIC0LXN6R+VhmMnRJLgb7Kb7oMsygpAM=
Subject key identifier:   E3:BA:5A:65:F1:E9:7F:CA:38:63:51:02:60:86:79:72:9B:F3:67:B8
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD27AD08D23869CE7B9CC2F63EE4F6
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/47paZfHpf8o4Y1ECYIZ5cpvzZ7g.roa
Signing time:             Tue 02 Jan 2024 10:34:25 +0000
ROA not before:           Tue 02 Jan 2024 10:34:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210661
IP address blocks:        2a0e:97c0:570::/44 maxlen: 48
                          2a10:cc47:2000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:27:ad:08:d2:38:69:ce:7b:9c:c2:f6:3e:e4:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3ba5a65f1e97fca38635102608679729bf367b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:6f:63:bc:fd:9f:5d:d2:44:2b:b4:09:f1:8a:
                    11:ec:19:c9:d2:9c:33:59:69:e1:41:09:43:9f:8e:
                    d9:4d:a8:1a:8d:af:93:33:61:66:d3:cb:4e:8d:fa:
                    89:65:1a:6d:07:07:a1:ab:e8:59:1d:34:12:13:c0:
                    9f:25:3b:cd:63:83:3d:b0:e0:f9:d2:73:d3:88:38:
                    cc:15:4c:9b:73:e8:63:a6:5b:7a:53:ab:9e:68:72:
                    20:2f:ed:ab:05:4f:ad:a3:df:31:84:69:d9:1d:e5:
                    e7:e6:e4:39:18:6b:50:2d:c0:4d:6f:14:1a:f6:b4:
                    d1:84:9e:0f:56:f6:0a:b8:df:21:23:94:e6:4f:ca:
                    0a:b9:30:94:e6:ca:21:7a:e0:93:51:13:8c:b7:c9:
                    a4:84:df:01:b3:fd:b1:ca:b3:42:7a:7a:e5:fe:38:
                    74:2d:32:b8:48:3e:55:47:0b:55:18:42:d6:95:b3:
                    f6:9f:75:41:7f:d3:1f:f8:04:3e:88:1a:9e:0e:87:
                    e5:b9:9e:79:63:36:c8:74:d0:f0:a0:3c:5b:13:e1:
                    29:5e:08:73:a7:cd:0d:7f:5c:76:2e:cb:7a:9a:b2:
                    0c:9e:fe:37:71:67:0c:b7:98:53:84:5f:b6:30:36:
                    eb:ee:3b:86:7a:37:35:de:b4:d0:dc:ea:c9:10:22:
                    1b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:BA:5A:65:F1:E9:7F:CA:38:63:51:02:60:86:79:72:9B:F3:67:B8
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/47paZfHpf8o4Y1ECYIZ5cpvzZ7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:570::/44
                  2a10:cc47:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         af:30:a2:a2:08:a1:31:aa:69:bd:ea:4b:44:ca:c8:02:b6:bf:
         65:71:a1:e5:e9:41:28:f7:1c:1f:17:bf:11:b7:71:de:f4:ba:
         92:dd:fc:a2:19:c1:ea:e9:00:fe:11:42:71:12:33:98:36:2f:
         6c:30:fc:58:7e:ac:01:8f:fa:66:f9:95:be:f8:e3:3e:23:9d:
         f0:d1:18:a4:3c:d7:23:36:60:c5:8e:01:58:6b:56:37:d1:b5:
         7a:53:01:ff:df:d1:27:68:66:c6:5b:e1:41:23:59:05:b8:59:
         f1:3f:4b:c6:78:b5:50:7e:be:33:8e:df:e7:80:2a:9a:b1:e1:
         3e:6e:53:d1:06:a4:29:ee:14:af:30:29:2b:d6:eb:13:c1:e5:
         89:d8:cb:79:6f:76:5d:13:16:4b:e1:a1:5b:c6:d0:b3:5c:ab:
         28:8f:55:ca:57:21:94:a2:3c:a0:1e:0f:9d:05:8f:37:f5:65:
         74:6f:d6:13:ab:88:bf:8a:7c:3b:d5:98:36:e5:99:5e:34:d8:
         e1:0d:7c:eb:6b:68:29:b7:92:e1:da:8d:3f:09:91:aa:53:06:
         10:26:7b:cf:df:36:06:a1:26:a4:08:b6:68:ce:14:7b:73:39:
         ba:ca:99:3d:fe:60:5b:92:54:a5:bb:2d:7e:fd:1c:f1:01:e4:
         d7:b0:3d:c2
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYzJvSetCNI4ac57nML2PuT2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2JhNWE2NWYxZTk3ZmNhMzg2MzUxMDI2MDg2Nzk3MjliZjM2N2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAim9jvP2fXdJEK7QJ8YoR7BnJ0pwz
WWnhQQlDn47ZTagaja+TM2Fm08tOjfqJZRptBwehq+hZHTQSE8CfJTvNY4M9sOD5
0nPTiDjMFUybc+hjplt6U6ueaHIgL+2rBU+to98xhGnZHeXn5uQ5GGtQLcBNbxQa
9rTRhJ4PVvYKuN8hI5TmT8oKuTCU5soheuCTUROMt8mkhN8Bs/2xyrNCenrl/jh0
LTK4SD5VRwtVGELWlbP2n3VBf9Mf+AQ+iBqeDofluZ55YzbIdNDwoDxbE+EpXghz
p80Nf1x2Lst6mrIMnv43cWcMt5hThF+2MDbr7juGejc13rTQ3OrJECIbDQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFOO6WmXx6X/KOGNRAmCGeXKb82e4MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNDdwYVpmSHBmOG80WTFFQ1lJWjVjcHZ6WjdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcEKg6XwAVw
AwYEKhDMRyAwDQYJKoZIhvcNAQELBQADggEBAK8woqIIoTGqab3qS0TKyAK2v2Vx
oeXpQSj3HB8XvxG3cd70upLd/KIZwerpAP4RQnESM5g2L2ww/Fh+rAGP+mb5lb74
4z4jnfDRGKQ81yM2YMWOAVhrVjfRtXpTAf/f0SdoZsZb4UEjWQW4WfE/S8Z4tVB+
vjOO3+eAKpqx4T5uU9EGpCnuFK8wKSvW6xPB5YnYy3lvdl0TFkvhoVvG0LNcqyiP
VcpXIZSiPKAeD50Fjzf1ZXRv1hOriL+KfDvVmDblmV402OENfOtraCm3kuHajT8J
kapTBhAme8/fNgahJqQItmjOFHtzObrKmT3+YFuSVKW7LX79HPEB5NewPcI=
-----END CERTIFICATE-----