Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/56KtB6jpWzTuZQ6FtWwXhcEcF6A.roa
File:                     56KtB6jpWzTuZQ6FtWwXhcEcF6A.roa (raw, json)
Hash identifier:          v7W0/wZoHbkG6DJLIxmdsRxV9AYbPpqE5Gp6Z+28AGs=
Subject key identifier:   E7:A2:AD:07:A8:E9:5B:34:EE:65:0E:85:B5:6C:17:85:C1:1C:17:A0
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD04849B4EDC7440E05CFB75074F16
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/56KtB6jpWzTuZQ6FtWwXhcEcF6A.roa
Signing time:             Tue 02 Jan 2024 10:34:17 +0000
ROA not before:           Tue 02 Jan 2024 10:34:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203521
IP address blocks:        2a0e:b107:1b80::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:04:84:9b:4e:dc:74:40:e0:5c:fb:75:07:4f:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e7a2ad07a8e95b34ee650e85b56c1785c11c17a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:fd:bd:4a:5d:bb:be:fc:c9:4a:e2:2e:bf:36:
                    7b:f6:f5:d8:b2:20:01:3d:f3:47:09:6c:6e:e9:00:
                    61:14:a5:71:36:64:61:23:65:5e:ee:d4:f7:f6:f0:
                    df:2f:ee:92:7a:38:64:84:06:49:0d:1c:53:0a:e4:
                    43:d8:e6:d3:31:a2:b1:7a:90:e3:c8:9d:68:a5:e1:
                    2c:9c:cf:95:26:b8:19:28:9c:3f:a4:21:99:f2:72:
                    68:ac:91:79:0d:05:21:ae:e8:55:8c:d9:04:4a:dc:
                    a2:bb:8d:8b:61:a4:5b:55:6c:a8:64:73:ff:38:60:
                    65:5d:7e:ad:f5:4c:8d:26:9d:ee:dd:2b:e6:e0:b5:
                    15:25:c5:cd:c8:d9:76:79:be:3c:76:2d:c4:c3:db:
                    a4:19:1f:21:eb:a2:77:6a:f8:e2:09:ce:13:fb:af:
                    99:0a:df:bd:2a:3b:a0:84:e9:52:58:43:be:cd:00:
                    a2:ea:7e:4a:81:e0:8c:18:26:64:6b:4f:e8:6c:a0:
                    e5:f0:d1:de:8d:3a:93:f3:c2:72:da:a4:48:ed:20:
                    08:e4:f1:f6:d5:1b:0f:ad:09:56:0d:27:38:10:84:
                    fe:e2:f0:2a:35:21:62:02:0f:11:40:a4:91:d6:d1:
                    43:0a:f4:77:6a:4c:ed:7b:ce:ce:5a:da:95:f1:13:
                    96:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:A2:AD:07:A8:E9:5B:34:EE:65:0E:85:B5:6C:17:85:C1:1C:17:A0
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/56KtB6jpWzTuZQ6FtWwXhcEcF6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1b80::/44

    Signature Algorithm: sha256WithRSAEncryption
         9f:2a:30:5c:9e:15:23:8d:68:68:06:cb:f2:94:3b:e3:8c:6b:
         e2:8e:c3:22:5b:40:04:ee:04:af:f9:20:ef:5f:28:80:98:ce:
         a0:ce:5d:e8:27:38:99:89:af:94:1f:d3:e4:35:fc:be:da:59:
         2c:0f:51:f6:e0:a5:52:77:1e:b5:ba:f7:ca:ec:3e:f0:ce:e2:
         96:61:b6:87:ea:0b:cd:4b:cc:27:a4:01:b4:0b:8d:af:1c:7f:
         c1:ef:27:63:61:de:9a:26:0b:8c:38:02:97:a1:03:a1:91:51:
         9b:0b:37:71:31:bb:06:8e:29:a4:bc:57:78:13:d9:50:ae:5c:
         8d:16:a0:f7:b7:58:26:00:10:b4:d8:f9:03:67:35:9b:32:1d:
         f3:e4:9a:7c:1b:e8:03:65:6e:44:ad:c6:cc:5c:a4:78:67:0c:
         ad:bd:61:a6:bc:72:c2:43:f7:e8:f8:96:c6:b1:41:14:a2:4c:
         e1:55:99:6a:d8:4e:99:ab:b9:92:f8:5f:c0:7a:70:c3:4a:f7:
         d1:6d:68:4b:98:98:4a:fb:16:96:33:83:26:72:e5:c8:e8:d8:
         d9:18:49:2a:a8:6f:20:8a:4f:53:52:5a:6b:2c:ee:3b:ef:d4:
         bd:8c:f0:7d:47:6d:5b:4e:3c:5c:aa:47:47:01:db:bc:36:dc:
         9d:63:99:c1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvQSEm07cdEDgXPt1B08WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2EyYWQwN2E4ZTk1YjM0ZWU2NTBlODViNTZjMTc4NWMxMWMxN2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxv29Sl27vvzJSuIuvzZ79vXYsiAB
PfNHCWxu6QBhFKVxNmRhI2Ve7tT39vDfL+6SejhkhAZJDRxTCuRD2ObTMaKxepDj
yJ1opeEsnM+VJrgZKJw/pCGZ8nJorJF5DQUhruhVjNkEStyiu42LYaRbVWyoZHP/
OGBlXX6t9UyNJp3u3Svm4LUVJcXNyNl2eb48di3Ew9ukGR8h66J3avjiCc4T+6+Z
Ct+9KjughOlSWEO+zQCi6n5KgeCMGCZka0/obKDl8NHejTqT88Jy2qRI7SAI5PH2
1RsPrQlWDSc4EIT+4vAqNSFiAg8RQKSR1tFDCvR3akzte87OWtqV8ROWaQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOeirQeo6Vs07mUOhbVsF4XBHBegMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNTZLdEI2anBXelR1WlE2RnRXd1hoY0VjRjZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxuA
MA0GCSqGSIb3DQEBCwUAA4IBAQCfKjBcnhUjjWhoBsvylDvjjGvijsMiW0AE7gSv
+SDvXyiAmM6gzl3oJziZia+UH9PkNfy+2lksD1H24KVSdx61uvfK7D7wzuKWYbaH
6gvNS8wnpAG0C42vHH/B7ydjYd6aJguMOAKXoQOhkVGbCzdxMbsGjimkvFd4E9lQ
rlyNFqD3t1gmABC02PkDZzWbMh3z5Jp8G+gDZW5ErcbMXKR4ZwytvWGmvHLCQ/fo
+JbGsUEUokzhVZlq2E6Zq7mS+F/AenDDSvfRbWhLmJhK+xaWM4MmcuXI6NjZGEkq
qG8gik9TUlprLO4779S9jPB9R21bTjxcqkdHAdu8NtydY5nB
-----END CERTIFICATE-----