Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5YDG-5lhQS1C0FXbzMgk6mjAvcM.roa
File:                     5YDG-5lhQS1C0FXbzMgk6mjAvcM.roa (raw, json)
Hash identifier:          IooXq2WAkzmSXvRjtp0uzcdQ9Ydr9oPNVJ4DSkeTZD0=
Subject key identifier:   E5:80:C6:FB:99:61:41:2D:42:D0:55:DB:CC:C8:24:EA:68:C0:BD:C3
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018D9A950E942A3660AB5979F7220B460F0C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5YDG-5lhQS1C0FXbzMgk6mjAvcM.roa
Signing time:             Sun 11 Feb 2024 23:51:16 +0000
ROA not before:           Sun 11 Feb 2024 23:51:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210562
IP address blocks:        2a0e:97c0:620::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:38:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9a:95:0e:94:2a:36:60:ab:59:79:f7:22:0b:46:0f:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb 11 23:51:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e580c6fb9961412d42d055dbccc824ea68c0bdc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:99:7f:37:97:2a:a1:6c:33:ed:ac:e1:0b:5f:
                    07:09:0a:87:74:d0:b1:ec:ff:06:3f:12:c6:54:c9:
                    40:2c:06:2f:8e:ea:48:01:cf:37:ee:bb:23:f9:6d:
                    e9:6c:2f:b8:06:da:eb:79:0b:b6:f4:28:1d:69:71:
                    f7:32:ea:65:47:f1:d8:86:f2:02:ed:fc:3b:17:9d:
                    72:e1:04:06:1d:06:68:78:f5:f5:ed:0b:0a:56:a8:
                    24:f5:cc:08:d7:26:bf:9c:ae:49:b4:0d:30:b3:dc:
                    73:f0:5b:ad:7f:94:0d:ee:9e:48:88:a3:e4:c2:26:
                    d9:67:ff:a2:81:78:a7:61:95:e9:17:86:c1:24:ef:
                    17:2b:9c:03:1d:ae:d4:a3:86:c0:6f:e0:8b:d3:da:
                    8d:0b:c9:00:e1:2f:9d:62:a4:28:92:68:80:ad:82:
                    b9:94:62:ce:75:40:0d:4c:7d:43:5b:ac:98:ba:de:
                    be:ae:dc:c1:a4:8d:a3:68:8b:cb:ce:b3:72:35:ff:
                    81:65:9c:bd:85:dc:4c:c0:44:bb:5e:b9:a1:b7:74:
                    dc:ee:21:ad:89:d4:ea:62:5c:10:3b:32:7a:d6:36:
                    02:71:89:27:31:8b:96:cf:58:8d:78:87:a8:9f:dc:
                    76:07:21:0c:49:62:ec:04:05:35:b7:42:46:39:6e:
                    d3:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:80:C6:FB:99:61:41:2D:42:D0:55:DB:CC:C8:24:EA:68:C0:BD:C3
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5YDG-5lhQS1C0FXbzMgk6mjAvcM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:620::/44

    Signature Algorithm: sha256WithRSAEncryption
         a6:de:3e:c4:63:3f:ab:90:38:32:bc:ea:f3:c2:59:63:03:49:
         80:65:95:fb:ce:34:42:58:dd:fb:6d:d0:c9:87:94:97:c2:22:
         b6:6c:15:c7:6c:7f:44:30:09:0a:17:59:31:88:bb:46:49:38:
         f9:38:1c:6d:53:93:b8:b3:80:ff:11:3d:68:ce:68:84:19:9e:
         16:5d:9b:15:34:b7:a7:1e:d7:5e:ae:38:cc:24:24:e6:97:ec:
         9c:2f:b0:99:7b:b4:32:99:b8:41:cd:4d:6f:21:d5:d9:0a:1a:
         7f:85:56:b7:50:df:8b:0b:6f:02:f6:0a:0a:8e:b9:da:3b:73:
         85:49:24:5b:0f:b2:86:cd:eb:ca:47:b3:18:dd:67:e8:d9:94:
         27:30:c8:ae:b7:a9:82:1e:e3:55:4e:06:f9:b8:84:bc:af:c3:
         7d:b1:d1:66:42:ba:c9:dd:e2:bb:76:fe:b3:d6:d6:95:fd:7c:
         94:c0:f8:e0:78:24:bf:02:05:83:17:ee:67:50:63:aa:eb:5c:
         97:f7:d2:0a:1c:10:ff:14:8c:a0:d0:b8:fd:6d:9d:d5:16:9f:
         82:2a:a9:14:db:fb:f6:ba:a3:77:b5:20:b9:60:95:e4:11:41:
         1d:2d:11:ed:f1:72:e4:a5:a4:b1:d9:bb:09:59:64:43:0c:1d:
         3f:ae:60:ea
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2alQ6UKjZgq1l59yILRg8MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMjExMjM1MTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTgwYzZmYjk5NjE0MTJkNDJkMDU1ZGJjY2M4MjRlYTY4YzBiZGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupl/N5cqoWwz7azhC18HCQqHdNCx
7P8GPxLGVMlALAYvjupIAc837rsj+W3pbC+4BtrreQu29CgdaXH3MuplR/HYhvIC
7fw7F51y4QQGHQZoePX17QsKVqgk9cwI1ya/nK5JtA0ws9xz8Futf5QN7p5IiKPk
wibZZ/+igXinYZXpF4bBJO8XK5wDHa7Uo4bAb+CL09qNC8kA4S+dYqQokmiArYK5
lGLOdUANTH1DW6yYut6+rtzBpI2jaIvLzrNyNf+BZZy9hdxMwES7Xrmht3Tc7iGt
idTqYlwQOzJ61jYCcYknMYuWz1iNeIeon9x2ByEMSWLsBAU1t0JGOW7TzwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOWAxvuZYUEtQtBV28zIJOpowL3DMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNVlERy01bGhRUzFDMEZYYnpNZ2s2bWpBdmNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAYg
MA0GCSqGSIb3DQEBCwUAA4IBAQCm3j7EYz+rkDgyvOrzwlljA0mAZZX7zjRCWN37
bdDJh5SXwiK2bBXHbH9EMAkKF1kxiLtGSTj5OBxtU5O4s4D/ET1ozmiEGZ4WXZsV
NLenHtderjjMJCTml+ycL7CZe7QymbhBzU1vIdXZChp/hVa3UN+LC28C9goKjrna
O3OFSSRbD7KGzevKR7MY3Wfo2ZQnMMiut6mCHuNVTgb5uIS8r8N9sdFmQrrJ3eK7
dv6z1taV/XyUwPjgeCS/AgWDF+5nUGOq61yX99IKHBD/FIyg0Lj9bZ3VFp+CKqkU
2/v2uqN3tSC5YJXkEUEdLRHt8XLkpaSx2bsJWWRDDB0/rmDq
-----END CERTIFICATE-----