Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7rmNJyXozk20smvZ5nUC2Jc7B-M.roa
File:                     7rmNJyXozk20smvZ5nUC2Jc7B-M.roa (raw, json)
Hash identifier:          yg7IO2xidmYolziQ8c2PmG3RTelZ703ikmilPrxBmFE=
Subject key identifier:   EE:B9:8D:27:25:E8:CE:4D:B4:B2:6B:D9:E6:75:02:D8:97:3B:07:E3
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCEF8B3E5388874470BC3D1EC15999
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7rmNJyXozk20smvZ5nUC2Jc7B-M.roa
Signing time:             Tue 02 Jan 2024 10:34:11 +0000
ROA not before:           Tue 02 Jan 2024 10:34:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199766
IP address blocks:        2a06:de00:11::/48 maxlen: 48
                          2a06:de00:18::/48 maxlen: 48
                          2a06:de00:10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ef:8b:3e:53:88:87:44:70:bc:3d:1e:c1:59:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eeb98d2725e8ce4db4b26bd9e67502d8973b07e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:d6:bc:a8:9d:d0:7d:d1:b8:33:93:d6:0e:92:
                    81:fc:9a:eb:8d:40:6a:8c:5a:62:36:0b:15:e8:2e:
                    5a:f1:ed:24:63:c3:af:a1:6e:f5:57:65:9f:68:84:
                    75:6c:86:17:6f:2a:f2:ea:f4:12:52:4e:06:ef:14:
                    08:42:27:89:2f:4d:45:31:c6:56:58:1b:c0:d7:d1:
                    be:42:7b:dd:bb:b4:d5:c8:4a:6c:41:c8:89:47:6b:
                    d9:03:47:fa:7b:aa:fd:50:83:60:91:b8:b1:7d:6f:
                    92:c9:f5:26:e6:65:3c:36:5f:7f:32:4b:59:b7:40:
                    c7:a4:a0:87:0b:ca:f0:b7:23:f9:14:81:ff:41:ee:
                    87:b2:a4:35:a9:54:a9:f2:a5:f3:aa:67:7c:fa:c5:
                    e4:ee:79:a3:50:75:b1:39:ea:d4:8d:3e:09:78:ca:
                    c3:c5:21:6c:cf:a2:90:72:7c:8e:91:f6:f9:97:ea:
                    d5:a9:e9:ea:ea:3b:fc:2a:57:ba:8b:c5:ce:a8:1e:
                    b8:16:75:34:13:36:55:4c:e4:56:2a:d5:0e:84:45:
                    c0:4e:59:e5:ce:e2:01:4a:42:13:f2:35:5d:90:8e:
                    fd:de:52:50:ef:f9:4e:d4:7d:93:cc:78:01:e3:15:
                    e1:23:79:5a:b0:95:ac:2b:9a:e2:0a:d9:a4:1f:0c:
                    3b:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:B9:8D:27:25:E8:CE:4D:B4:B2:6B:D9:E6:75:02:D8:97:3B:07:E3
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7rmNJyXozk20smvZ5nUC2Jc7B-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de00:10::/47
                  2a06:de00:18::/48

    Signature Algorithm: sha256WithRSAEncryption
         c7:f0:ed:06:4e:34:bf:74:f9:fd:bf:c3:76:96:b9:42:28:5d:
         2b:45:8f:92:df:60:bb:c8:f7:c4:be:5f:da:1c:98:40:f3:f7:
         c6:f6:8a:c4:cd:d4:52:39:eb:84:5f:b3:f9:cb:2e:fb:10:45:
         39:58:2a:9c:f5:51:dc:2f:3d:8d:13:32:34:a0:f6:a6:d4:62:
         b4:8a:43:05:6d:7e:a5:83:5d:df:a7:c2:e4:27:e6:9a:c4:8e:
         e3:c9:e9:d7:98:9f:8b:3f:64:ff:93:5d:c7:ad:f3:7c:78:25:
         cf:a0:10:30:13:04:b4:4b:e9:fd:ad:87:60:db:d2:7b:64:06:
         40:0e:85:8c:6a:95:e8:61:5a:39:cb:47:f5:cf:31:60:dc:97:
         76:83:d3:80:00:55:06:c1:e6:f0:29:0f:22:e9:c2:ae:31:fb:
         51:a9:96:fe:10:7d:cf:67:5e:6f:a4:93:ae:df:24:da:77:c2:
         21:39:72:12:c5:0e:2c:7c:c9:d7:26:26:52:92:36:3b:39:55:
         4f:57:b5:e2:b6:c6:0d:96:72:23:7e:53:bd:bc:98:cd:d7:09:
         40:f9:f6:93:c5:39:f7:cc:d3:d8:ee:10:1b:d6:8e:5f:cb:6d:
         58:16:98:ba:68:ed:7c:a1:9a:fc:6d:79:dc:b1:b1:a4:47:68:
         b4:03:c8:10
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvO+LPlOIh0RwvD0ewVmZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWI5OGQyNzI1ZThjZTRkYjRiMjZiZDllNjc1MDJkODk3M2IwN2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApNa8qJ3QfdG4M5PWDpKB/JrrjUBq
jFpiNgsV6C5a8e0kY8OvoW71V2WfaIR1bIYXbyry6vQSUk4G7xQIQieJL01FMcZW
WBvA19G+Qnvdu7TVyEpsQciJR2vZA0f6e6r9UINgkbixfW+SyfUm5mU8Nl9/MktZ
t0DHpKCHC8rwtyP5FIH/Qe6HsqQ1qVSp8qXzqmd8+sXk7nmjUHWxOerUjT4JeMrD
xSFsz6KQcnyOkfb5l+rVqenq6jv8Kle6i8XOqB64FnU0EzZVTORWKtUOhEXATlnl
zuIBSkIT8jVdkI793lJQ7/lO1H2TzHgB4xXhI3lasJWsK5riCtmkHww7+QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO65jScl6M5NtLJr2eZ1AtiXOwfjMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvN3JtTkp5WG96azIwc212WjVuVUMySmM3Qi1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcBKgbeAAAQ
AwcAKgbeAAAYMA0GCSqGSIb3DQEBCwUAA4IBAQDH8O0GTjS/dPn9v8N2lrlCKF0r
RY+S32C7yPfEvl/aHJhA8/fG9orEzdRSOeuEX7P5yy77EEU5WCqc9VHcLz2NEzI0
oPam1GK0ikMFbX6lg13fp8LkJ+aaxI7jyenXmJ+LP2T/k13HrfN8eCXPoBAwEwS0
S+n9rYdg29J7ZAZADoWMapXoYVo5y0f1zzFg3Jd2g9OAAFUGwebwKQ8i6cKuMftR
qZb+EH3PZ15vpJOu3yTad8IhOXISxQ4sfMnXJiZSkjY7OVVPV7XitsYNlnIjflO9
vJjN1wlA+faTxTn3zNPY7hAb1o5fy21YFpi6aO18oZr8bXncsbGkR2i0A8gQ
-----END CERTIFICATE-----