Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/52MqxRV4deq6pZvt8Hu_bQ5jVLc.roa
File:                     52MqxRV4deq6pZvt8Hu_bQ5jVLc.roa (raw, json)
Hash identifier:          Yc4eNCEemP4ls+l/GUg2593ZIF18OBrOr3uTSKR/tbM=
Subject key identifier:   E7:63:2A:C5:15:78:75:EA:BA:A5:9B:ED:F0:7B:BF:6D:0E:63:54:B7
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD22EE9193D3EBB97BD99B416B0FE3
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/52MqxRV4deq6pZvt8Hu_bQ5jVLc.roa
Signing time:             Tue 02 Jan 2024 10:34:24 +0000
ROA not before:           Tue 02 Jan 2024 10:34:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210337
IP address blocks:        2a0e:b107:9f7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:22:ee:91:93:d3:eb:b9:7b:d9:9b:41:6b:0f:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7632ac5157875eabaa59bedf07bbf6d0e6354b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e8:08:65:57:5d:b4:e7:8c:4f:ba:ef:61:50:
                    8a:f2:12:e6:5d:3b:7e:7b:58:1e:91:81:69:3b:51:
                    72:bd:f9:be:d3:8f:3e:81:f5:89:06:9b:1b:aa:cc:
                    37:ff:00:df:8a:9e:d3:fd:aa:2b:f4:e7:7c:f8:8e:
                    9b:ce:c3:f5:a9:86:e2:5b:e3:8a:07:a6:2d:0c:3a:
                    e1:8a:cd:fe:f4:c4:cb:0f:df:11:6a:e4:f0:f4:88:
                    be:5c:ca:38:c3:f0:a0:7d:0a:db:e9:c4:2e:9f:37:
                    29:79:c1:2d:10:62:ec:54:04:c6:d2:48:c9:1d:51:
                    91:f6:bd:89:a9:9c:13:4a:58:e6:a9:73:57:df:e8:
                    bf:e3:e4:e0:6d:1c:bc:04:96:29:3d:be:b6:da:83:
                    dc:95:64:52:a9:4f:64:75:06:68:d8:df:aa:ad:3a:
                    6a:c0:4e:db:98:d2:5f:65:1c:81:90:50:1b:50:8a:
                    f5:78:bf:3e:42:c8:cc:e3:7f:0e:eb:a5:bf:09:a8:
                    af:cd:64:24:ab:bf:b9:b5:1f:09:7b:42:7d:44:4a:
                    4a:ae:6a:ca:21:49:74:76:90:c8:49:44:39:2d:38:
                    30:dd:ce:ed:51:ee:92:b0:3c:42:ed:8e:4a:03:cd:
                    42:17:f6:b7:6e:d0:a4:bb:12:3b:df:c5:8c:09:eb:
                    73:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:63:2A:C5:15:78:75:EA:BA:A5:9B:ED:F0:7B:BF:6D:0E:63:54:B7
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/52MqxRV4deq6pZvt8Hu_bQ5jVLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:9f7::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:aa:06:12:1b:64:90:72:37:88:73:d7:27:2e:9a:5c:ee:a5:
         df:25:a9:ad:8b:bd:ae:6c:f1:3b:13:88:88:e9:1f:24:eb:d2:
         dd:f4:2f:ef:36:c6:fb:a7:1d:01:48:1b:c7:fb:0a:b0:09:65:
         43:c3:36:81:3e:df:59:85:4b:4f:47:d1:ab:f0:a7:73:64:22:
         75:a7:8c:74:fd:21:fd:c2:20:7a:74:2b:e6:3c:67:10:0e:ea:
         80:9c:22:be:20:49:34:42:99:a1:6e:fd:cd:e6:c5:5e:ce:be:
         39:66:ef:0e:b6:1d:c7:ac:de:92:a3:e3:f9:30:e1:01:a3:d8:
         76:0d:62:55:51:e8:46:44:47:8e:c0:f3:b2:80:b8:1d:57:b2:
         b9:5e:f1:d0:0f:37:49:5d:ed:a7:30:20:4e:af:a1:80:63:7f:
         e8:ee:c0:ce:76:8b:67:8f:9e:09:4e:27:c5:07:a6:6b:74:9b:
         24:2f:d1:55:a4:47:6a:ca:be:00:5a:7d:b3:df:c3:50:e1:a0:
         8a:1e:e2:e2:4d:78:c9:93:53:74:8c:70:32:1d:3a:3b:c2:b6:
         0f:15:24:26:fe:46:41:fd:ec:31:a8:1a:60:67:c3:d6:c0:00:
         8b:90:23:4b:e0:7b:5c:d7:3f:a8:1f:ea:8a:ef:fe:ca:93:7a:
         6f:fd:e8:36
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvSLukZPT67l72ZtBaw/jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzYzMmFjNTE1Nzg3NWVhYmFhNTliZWRmMDdiYmY2ZDBlNjM1NGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvegIZVddtOeMT7rvYVCK8hLmXTt+
e1gekYFpO1Fyvfm+048+gfWJBpsbqsw3/wDfip7T/aor9Od8+I6bzsP1qYbiW+OK
B6YtDDrhis3+9MTLD98RauTw9Ii+XMo4w/CgfQrb6cQunzcpecEtEGLsVATG0kjJ
HVGR9r2JqZwTSljmqXNX3+i/4+TgbRy8BJYpPb622oPclWRSqU9kdQZo2N+qrTpq
wE7bmNJfZRyBkFAbUIr1eL8+QsjM438O66W/CaivzWQkq7+5tR8Je0J9REpKrmrK
IUl0dpDISUQ5LTgw3c7tUe6SsDxC7Y5KA81CF/a3btCkuxI738WMCetzfwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOdjKsUVeHXquqWb7fB7v20OY1S3MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNTJNcXhSVjRkZXE2cFp2dDhIdV9iUTVqVkxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBwn3
MA0GCSqGSIb3DQEBCwUAA4IBAQAOqgYSG2SQcjeIc9cnLppc7qXfJamti72ubPE7
E4iI6R8k69Ld9C/vNsb7px0BSBvH+wqwCWVDwzaBPt9ZhUtPR9Gr8KdzZCJ1p4x0
/SH9wiB6dCvmPGcQDuqAnCK+IEk0Qpmhbv3N5sVezr45Zu8Oth3HrN6So+P5MOEB
o9h2DWJVUehGREeOwPOygLgdV7K5XvHQDzdJXe2nMCBOr6GAY3/o7sDOdotnj54J
TifFB6ZrdJskL9FVpEdqyr4AWn2z38NQ4aCKHuLiTXjJk1N0jHAyHTo7wrYPFSQm
/kZB/ewxqBpgZ8PWwACLkCNL4Htc1z+oH+qK7/7Kk3pv/eg2
-----END CERTIFICATE-----