Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9FffZTPKl9KLCUD0ITzYQ9vWLJE.roa
File:                     9FffZTPKl9KLCUD0ITzYQ9vWLJE.roa (raw, json)
Hash identifier:          h6ViT5atE75fXU6ZM7KouSzSYjcBxybY2IJ4uE44pms=
Subject key identifier:   F4:57:DF:65:33:CA:97:D2:8B:09:40:F4:21:3C:D8:43:DB:D6:2C:91
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCEE184228A2730C9EE428568FF42B
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9FffZTPKl9KLCUD0ITzYQ9vWLJE.roa
Signing time:             Tue 02 Jan 2024 10:34:11 +0000
ROA not before:           Tue 02 Jan 2024 10:34:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199467
IP address blocks:        2a0e:b107:1f50::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ee:18:42:28:a2:73:0c:9e:e4:28:56:8f:f4:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f457df6533ca97d28b0940f4213cd843dbd62c91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:71:90:95:1a:1a:8b:45:b4:67:b8:f6:bd:0c:
                    6b:68:7f:eb:2f:f4:8d:d8:06:19:22:a4:7c:a7:f1:
                    55:31:c6:83:e9:01:15:a7:70:09:22:ae:bb:67:a4:
                    9a:da:0e:47:47:f7:16:b7:31:2d:b1:9a:9e:e9:79:
                    2f:61:c3:ce:7f:7e:44:97:60:72:46:3e:23:5b:f3:
                    15:cd:06:a5:51:37:d7:b8:10:3b:2b:7b:6c:96:bd:
                    af:20:ce:46:3a:cc:2f:90:6f:35:8f:ae:b6:83:20:
                    f0:b7:5b:b8:11:c6:60:a9:e9:ce:f0:12:92:8b:7d:
                    2e:a5:bd:72:37:74:fc:89:e0:66:68:4e:45:52:aa:
                    72:c4:b4:42:91:5c:97:48:b5:7e:47:74:22:5d:68:
                    32:78:e7:5f:67:b0:73:ef:9a:21:58:57:2b:5b:da:
                    dc:29:87:ed:52:35:a7:c1:3e:e3:68:8b:06:61:3d:
                    b4:63:6d:13:da:33:b3:8b:69:9c:37:a8:a9:2e:c2:
                    59:51:aa:a8:05:c5:8f:7c:70:df:f7:65:47:64:06:
                    8a:82:59:84:da:d4:17:44:03:3f:54:17:1a:35:7b:
                    ef:85:d5:99:55:85:9f:3a:70:5b:c6:7c:4d:d2:72:
                    08:a2:46:a0:5e:ac:54:70:e6:2e:43:4a:cc:b6:2f:
                    b7:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:57:DF:65:33:CA:97:D2:8B:09:40:F4:21:3C:D8:43:DB:D6:2C:91
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9FffZTPKl9KLCUD0ITzYQ9vWLJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1f50::/44

    Signature Algorithm: sha256WithRSAEncryption
         71:dd:79:9d:7f:6b:9a:52:50:9f:f7:2d:e7:d2:50:70:18:7c:
         6f:ff:bd:b9:ca:5a:0f:ae:30:13:20:93:e5:64:73:a1:3c:f7:
         09:68:ca:95:cd:7f:0a:c0:57:23:92:72:08:dc:b9:41:ff:72:
         ff:11:f7:02:bb:2a:10:b4:84:d9:67:fb:1e:7e:30:c2:e7:c5:
         6c:64:45:f2:e0:db:4a:df:3c:96:a9:b3:31:56:3d:0a:0f:71:
         20:45:df:4a:c2:94:5c:b0:cd:25:cc:4a:38:55:16:83:5d:89:
         d0:0c:03:83:0a:84:93:58:58:5b:ef:db:11:37:5c:db:da:22:
         74:5b:f2:05:c1:9f:0b:f0:ce:d6:5a:7d:b4:0f:06:3d:0a:1e:
         07:b8:1b:46:dc:9d:84:a5:bc:83:04:30:aa:05:82:52:78:01:
         af:f1:db:d2:65:24:89:de:48:c7:85:6f:1e:30:5a:19:ac:94:
         73:94:d8:4a:2f:5d:b5:69:6c:ea:6b:c6:eb:6f:32:b4:6f:1f:
         e2:25:a0:b0:74:73:21:f3:fe:96:4c:0c:a9:a9:cb:e5:03:8f:
         0f:68:50:13:48:b4:1b:c7:d9:33:c0:db:1e:84:97:a5:68:9b:
         ad:c1:7c:29:f5:9c:c0:a5:e0:1b:5a:7e:cc:fb:c7:55:d4:57:
         fe:5a:fd:57
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvO4YQiiicwye5ChWj/QrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDU3ZGY2NTMzY2E5N2QyOGIwOTQwZjQyMTNjZDg0M2RiZDYyYzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXGQlRoai0W0Z7j2vQxraH/rL/SN
2AYZIqR8p/FVMcaD6QEVp3AJIq67Z6Sa2g5HR/cWtzEtsZqe6XkvYcPOf35El2By
Rj4jW/MVzQalUTfXuBA7K3tslr2vIM5GOswvkG81j662gyDwt1u4EcZgqenO8BKS
i30upb1yN3T8ieBmaE5FUqpyxLRCkVyXSLV+R3QiXWgyeOdfZ7Bz75ohWFcrW9rc
KYftUjWnwT7jaIsGYT20Y20T2jOzi2mcN6ipLsJZUaqoBcWPfHDf92VHZAaKglmE
2tQXRAM/VBcaNXvvhdWZVYWfOnBbxnxN0nIIokagXqxUcOYuQ0rMti+3IwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPRX32UzypfSiwlA9CE82EPb1iyRMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOUZmZlpUUEtsOUtMQ1VEMElUellROXZXTEpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBx9Q
MA0GCSqGSIb3DQEBCwUAA4IBAQBx3Xmdf2uaUlCf9y3n0lBwGHxv/725yloPrjAT
IJPlZHOhPPcJaMqVzX8KwFcjknII3LlB/3L/EfcCuyoQtITZZ/sefjDC58VsZEXy
4NtK3zyWqbMxVj0KD3EgRd9KwpRcsM0lzEo4VRaDXYnQDAODCoSTWFhb79sRN1zb
2iJ0W/IFwZ8L8M7WWn20DwY9Ch4HuBtG3J2EpbyDBDCqBYJSeAGv8dvSZSSJ3kjH
hW8eMFoZrJRzlNhKL121aWzqa8brbzK0bx/iJaCwdHMh8/6WTAypqcvlA48PaFAT
SLQbx9kzwNsehJelaJutwXwp9ZzApeAbWn7M+8dV1Ff+Wv1X
-----END CERTIFICATE-----