Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/4Hh5v31SciFZSI7sKyLaCD2knbc.roa
File:                     4Hh5v31SciFZSI7sKyLaCD2knbc.roa (raw, json)
Hash identifier:          XT3RDfr0YsqhxYz/TzzazfFz//g7LFZDz+nrz5ZrfCY=
Subject key identifier:   E0:78:79:BF:7D:52:72:21:59:48:8E:EC:2B:22:DA:08:3D:A4:9D:B7
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD0873EA938662DDD6A20338740B7F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/4Hh5v31SciFZSI7sKyLaCD2knbc.roa
Signing time:             Tue 02 Jan 2024 10:34:18 +0000
ROA not before:           Tue 02 Jan 2024 10:34:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204406
IP address blocks:        2a0e:b107:1b94::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:08:73:ea:93:86:62:dd:d6:a2:03:38:74:0b:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e07879bf7d52722159488eec2b22da083da49db7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:b4:db:a6:dd:89:ad:86:fb:f0:1f:95:e7:07:
                    a2:6f:d9:16:64:7f:b6:49:44:0b:8c:eb:b0:79:ad:
                    81:8b:cf:d8:45:39:11:bf:3e:a4:8b:e7:69:6b:aa:
                    0a:c3:03:b8:7f:d4:90:fc:26:9b:63:22:32:be:f8:
                    31:b4:52:6f:79:60:64:6c:26:e6:c0:f3:39:19:5e:
                    39:44:37:c9:1d:67:e0:9a:02:8e:56:c7:7f:df:2c:
                    8d:e8:dd:c7:fe:ee:af:04:e0:8d:83:76:a0:63:a4:
                    fd:41:58:98:1e:4f:5f:f3:94:09:12:6d:1d:cf:5c:
                    f6:97:58:08:7e:ec:52:42:e1:aa:b6:39:0d:5a:6c:
                    1e:28:2e:ff:08:f7:77:1a:11:04:06:80:ee:d5:43:
                    85:3b:12:5b:15:96:b2:d5:cc:8c:d0:a7:2d:33:d3:
                    bf:e5:9f:b3:50:16:55:31:cd:d7:c0:8f:14:7b:42:
                    70:6f:a5:4a:88:69:68:d9:8c:2d:5f:c9:9f:94:68:
                    1c:bd:ee:26:9a:fb:65:dc:2b:69:62:fe:81:e3:c2:
                    50:61:a6:33:2c:96:21:37:da:76:9c:8c:71:ff:6c:
                    50:5d:1c:f7:ec:88:c5:5c:e6:60:79:97:3f:bd:fe:
                    ca:3a:07:f5:29:ed:f4:f2:9b:32:1e:e1:6c:a3:68:
                    ab:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:78:79:BF:7D:52:72:21:59:48:8E:EC:2B:22:DA:08:3D:A4:9D:B7
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/4Hh5v31SciFZSI7sKyLaCD2knbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1b94::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:99:b1:8e:98:d7:35:69:0c:af:68:83:62:a1:ae:fd:63:3a:
         40:9e:84:3d:d3:8f:cb:2e:8f:eb:b6:b7:59:94:21:ca:af:f6:
         cd:bf:c9:be:a7:ca:2b:28:0a:e9:e6:80:4e:4f:21:c0:70:6e:
         57:d4:fc:d9:41:8d:c8:91:93:c7:fc:77:9a:4e:f3:76:b7:a1:
         b7:43:32:15:81:32:59:f2:7b:94:1d:91:44:39:10:0e:a4:15:
         65:6e:08:de:3c:63:0f:d4:49:bc:87:5c:74:0f:42:e3:62:01:
         74:8d:b7:b4:24:d8:1f:73:9a:e1:24:c4:91:e3:7e:d7:d7:ed:
         aa:17:6f:b9:d7:6d:74:d5:86:44:96:37:fc:3a:68:a4:d4:cd:
         dd:84:68:53:ce:70:d9:73:c6:09:c9:f9:15:b0:27:69:4f:d4:
         2f:be:e1:5e:fc:67:30:79:eb:79:65:6c:d7:be:e5:05:4c:e2:
         39:7b:44:2c:db:5a:ec:80:fe:12:18:fb:c4:ed:88:eb:27:c7:
         4c:3d:cd:d7:49:f3:3c:04:11:b2:b5:3d:4f:fc:57:7a:68:8b:
         37:e0:a0:9c:5c:24:9c:f9:b4:7b:7f:7c:fa:79:1e:28:be:f6:
         80:ca:05:77:cb:87:56:46:55:9c:ac:2c:1e:29:47:f3:2a:9f:
         17:ae:48:fd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvQhz6pOGYt3WogM4dAt/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDc4NzliZjdkNTI3MjIxNTk0ODhlZWMyYjIyZGEwODNkYTQ5ZGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbTbpt2JrYb78B+V5weib9kWZH+2
SUQLjOuwea2Bi8/YRTkRvz6ki+dpa6oKwwO4f9SQ/CabYyIyvvgxtFJveWBkbCbm
wPM5GV45RDfJHWfgmgKOVsd/3yyN6N3H/u6vBOCNg3agY6T9QViYHk9f85QJEm0d
z1z2l1gIfuxSQuGqtjkNWmweKC7/CPd3GhEEBoDu1UOFOxJbFZay1cyM0KctM9O/
5Z+zUBZVMc3XwI8Ue0Jwb6VKiGlo2YwtX8mflGgcve4mmvtl3CtpYv6B48JQYaYz
LJYhN9p2nIxx/2xQXRz37IjFXOZgeZc/vf7KOgf1Ke308psyHuFso2irAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOB4eb99UnIhWUiO7Csi2gg9pJ23MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNEhoNXYzMVNjaUZaU0k3c0t5TGFDRDJrbmJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBxuU
MA0GCSqGSIb3DQEBCwUAA4IBAQBrmbGOmNc1aQyvaINioa79YzpAnoQ904/LLo/r
trdZlCHKr/bNv8m+p8orKArp5oBOTyHAcG5X1PzZQY3IkZPH/HeaTvN2t6G3QzIV
gTJZ8nuUHZFEORAOpBVlbgjePGMP1Em8h1x0D0LjYgF0jbe0JNgfc5rhJMSR437X
1+2qF2+512101YZEljf8Omik1M3dhGhTznDZc8YJyfkVsCdpT9QvvuFe/Gcweet5
ZWzXvuUFTOI5e0Qs21rsgP4SGPvE7YjrJ8dMPc3XSfM8BBGytT1P/Fd6aIs34KCc
XCSc+bR7f3z6eR4ovvaAygV3y4dWRlWcrCweKUfzKp8Xrkj9
-----END CERTIFICATE-----