Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6kOYeqMSbo1U3_F0-GdLNBRGblM.roa
File:                     6kOYeqMSbo1U3_F0-GdLNBRGblM.roa (raw, json)
Hash identifier:          ODyQ0lYzaqLIb441bvN0Mp1ydJBrwWhEQ/FmHJY5Zbc=
Subject key identifier:   EA:43:98:7A:A3:12:6E:8D:54:DF:F1:74:F8:67:4B:34:14:46:6E:53
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCE194ABF7B09A537A23C4853BC9A1
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6kOYeqMSbo1U3_F0-GdLNBRGblM.roa
Signing time:             Tue 02 Jan 2024 10:34:08 +0000
ROA not before:           Tue 02 Jan 2024 10:34:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142597
IP address blocks:        2a0e:b107:15aa::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e1:94:ab:f7:b0:9a:53:7a:23:c4:85:3b:c9:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea43987aa3126e8d54dff174f8674b3414466e53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:b6:9a:4d:16:dc:8e:0e:01:40:e7:d3:6b:70:
                    c8:64:1f:1f:1a:88:3d:09:55:c5:9d:87:ef:3a:5f:
                    2d:8a:4a:cb:ef:fb:a9:a1:ad:57:b1:df:aa:61:cc:
                    19:a9:f2:54:96:ce:04:93:e0:17:f2:dd:50:db:b1:
                    83:53:fc:bb:79:17:3a:c3:99:bc:af:13:90:ba:5e:
                    b4:17:0b:b9:69:48:c0:da:a5:07:63:70:b1:7f:5f:
                    e8:f3:e4:22:f1:fa:94:da:8e:71:8e:a1:9e:4a:59:
                    c5:c9:ed:de:7b:48:da:b8:4b:05:4e:f7:23:97:79:
                    ed:25:a7:91:4b:4c:93:82:59:b7:eb:e0:84:c5:50:
                    8f:ea:df:c1:96:b3:79:0a:f5:af:03:20:a2:4c:1d:
                    93:fb:05:b0:11:ca:67:88:13:de:33:19:b7:7e:9b:
                    ab:31:76:1d:ef:cc:e6:58:a7:89:9f:fe:de:db:cc:
                    e7:41:53:65:99:c9:1a:23:f2:7b:90:48:55:65:62:
                    f3:dd:ad:d1:f0:af:a8:71:5e:b3:62:a0:52:c3:a0:
                    be:97:07:f1:f9:07:92:37:60:6c:d5:48:5f:4b:34:
                    16:0b:d2:e4:4a:9f:a5:eb:43:2f:67:c5:3d:62:d3:
                    5a:d5:73:29:6c:e9:ac:a2:d7:c0:89:0c:3e:d7:b6:
                    0a:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:43:98:7A:A3:12:6E:8D:54:DF:F1:74:F8:67:4B:34:14:46:6E:53
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/6kOYeqMSbo1U3_F0-GdLNBRGblM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:15aa::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:63:a1:87:52:61:f2:51:1b:57:fa:f2:ce:5f:f4:bf:11:e1:
         85:aa:1a:4c:62:a2:32:b6:f7:8b:10:f0:68:54:6b:33:a9:0c:
         6c:b1:59:08:3c:f3:ca:74:62:09:fd:d9:76:c5:61:bc:01:19:
         e8:92:8a:e6:6e:87:6b:4c:45:ca:20:23:1e:2b:4f:b7:42:70:
         4e:db:ea:2b:31:39:37:5b:11:bf:23:8a:4e:da:1d:8a:d4:7b:
         6f:dd:cb:3f:ca:de:40:d3:c9:d2:7c:0f:6e:37:16:52:bf:56:
         7e:93:b4:70:40:40:e3:76:fb:5a:4f:40:58:d2:60:41:10:21:
         5f:1b:1b:a3:14:57:2c:8a:15:d2:d5:af:87:30:c7:b9:8c:c1:
         dd:f0:3e:57:13:74:82:31:6f:83:23:34:49:17:51:03:79:1b:
         af:b8:64:cf:63:a3:66:05:22:e7:c7:6c:4d:f9:48:b1:31:86:
         5a:32:ba:a7:07:3d:4d:98:98:69:5f:4a:02:5d:2a:76:04:ed:
         01:ff:11:d4:2a:67:5c:52:50:88:ce:49:3f:0c:d0:39:7e:bf:
         0c:3c:fa:af:67:75:61:50:b6:e5:32:80:6c:b2:10:94:30:f9:
         ac:6e:c0:66:b2:03:39:5c:95:0d:8c:07:ad:95:58:3a:60:ba:
         0d:e1:cf:a6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvOGUq/ewmlN6I8SFO8mhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTQzOTg3YWEzMTI2ZThkNTRkZmYxNzRmODY3NGIzNDE0NDY2ZTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLaaTRbcjg4BQOfTa3DIZB8fGog9
CVXFnYfvOl8tikrL7/upoa1Xsd+qYcwZqfJUls4Ek+AX8t1Q27GDU/y7eRc6w5m8
rxOQul60Fwu5aUjA2qUHY3Cxf1/o8+Qi8fqU2o5xjqGeSlnFye3ee0jauEsFTvcj
l3ntJaeRS0yTglm36+CExVCP6t/BlrN5CvWvAyCiTB2T+wWwEcpniBPeMxm3fpur
MXYd78zmWKeJn/7e28znQVNlmckaI/J7kEhVZWLz3a3R8K+ocV6zYqBSw6C+lwfx
+QeSN2Bs1UhfSzQWC9LkSp+l60MvZ8U9YtNa1XMpbOmsotfAiQw+17YKiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOpDmHqjEm6NVN/xdPhnSzQURm5TMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNmtPWWVxTVNibzFVM19GMC1HZExOQlJHYmxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBxWq
MA0GCSqGSIb3DQEBCwUAA4IBAQBRY6GHUmHyURtX+vLOX/S/EeGFqhpMYqIytveL
EPBoVGszqQxssVkIPPPKdGIJ/dl2xWG8ARnokormbodrTEXKICMeK0+3QnBO2+or
MTk3WxG/I4pO2h2K1Htv3cs/yt5A08nSfA9uNxZSv1Z+k7RwQEDjdvtaT0BY0mBB
ECFfGxujFFcsihXS1a+HMMe5jMHd8D5XE3SCMW+DIzRJF1EDeRuvuGTPY6NmBSLn
x2xN+UixMYZaMrqnBz1NmJhpX0oCXSp2BO0B/xHUKmdcUlCIzkk/DNA5fr8MPPqv
Z3VhULblMoBsshCUMPmsbsBmsgM5XJUNjAetlVg6YLoN4c+m
-----END CERTIFICATE-----