Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9S5XLXepMv2Q3avfslYT6h4gjos.roa
File:                     9S5XLXepMv2Q3avfslYT6h4gjos.roa (raw, json)
Hash identifier:          ZS4viOld1kgsSkVV8dNiBLm51B6ELGnLHXBWzmGWkmM=
Subject key identifier:   F5:2E:57:2D:77:A9:32:FD:90:DD:AB:DF:B2:56:13:EA:1E:20:8E:8B
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018EC404D34D0650C6255FCFC7A4C4300CA9
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9S5XLXepMv2Q3avfslYT6h4gjos.roa
Signing time:             Tue 09 Apr 2024 18:00:34 +0000
ROA not before:           Tue 09 Apr 2024 18:00:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215536
IP address blocks:        2a0e:b107:12d6::/48 maxlen: 48
                          2a0e:b107:12df::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c4:04:d3:4d:06:50:c6:25:5f:cf:c7:a4:c4:30:0c:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr  9 18:00:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f52e572d77a932fd90ddabdfb25613ea1e208e8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:07:4a:e9:f4:ef:55:04:5c:04:24:88:87:d7:
                    c5:55:13:88:e5:2d:6b:af:55:b1:22:bf:97:f9:27:
                    c9:8c:c9:20:30:6a:f5:ab:98:bc:fb:6a:92:17:7c:
                    cc:1f:19:b3:f2:9c:5d:60:d2:42:2a:52:cc:93:1d:
                    7f:92:1b:a1:03:6a:2f:c3:57:e4:11:26:94:43:1c:
                    bb:36:65:04:a2:7d:42:e2:f1:e1:e6:7b:91:32:4e:
                    c6:1e:aa:40:5a:6e:b5:bc:7e:7f:d8:06:2e:94:28:
                    ce:a1:d2:d9:7d:fc:d7:e3:48:3e:2b:d3:74:e0:12:
                    a4:3d:41:14:8a:54:f5:a8:e2:b5:f9:fc:fa:8f:a7:
                    c2:27:31:63:b9:3d:76:44:11:55:df:4b:e7:b7:bb:
                    c4:81:70:f1:ad:d2:0c:0d:ed:8d:0c:b1:87:08:8f:
                    6e:47:99:45:5d:e4:54:cd:03:df:a5:8e:45:62:93:
                    59:fc:90:0e:f3:ae:34:d3:d0:5f:5e:7b:1c:ec:5f:
                    5d:06:8d:f5:63:05:30:ed:36:be:19:4f:1f:d3:5d:
                    6c:87:15:bb:3f:74:b1:87:42:12:f5:e2:f2:9b:18:
                    83:ec:2a:68:ae:e3:85:51:06:65:1a:3e:a2:97:14:
                    c1:b6:6e:48:b5:49:0b:12:0a:84:98:27:b5:08:96:
                    0b:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:2E:57:2D:77:A9:32:FD:90:DD:AB:DF:B2:56:13:EA:1E:20:8E:8B
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9S5XLXepMv2Q3avfslYT6h4gjos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:12d6::/48
                  2a0e:b107:12df::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:a5:60:dd:47:48:99:c3:14:91:18:a2:c7:0b:64:ab:8c:4f:
         67:a2:e3:77:70:fc:b5:db:9a:ff:91:50:2e:df:75:7e:1f:92:
         04:71:3f:58:1e:3a:e1:d6:1e:31:ce:de:7f:33:e0:6e:1c:5e:
         2e:0c:7a:a7:be:6b:7f:d4:2a:ad:df:18:e6:6b:84:fa:57:3f:
         0a:22:9d:89:8e:9d:37:61:59:f9:6c:7f:5a:cb:af:77:a9:4b:
         e0:b6:3d:cf:f2:45:9e:85:5a:51:a5:ed:b7:51:36:20:3f:63:
         3b:59:23:36:2e:08:5f:b0:c1:c7:93:41:5b:d4:32:2e:59:c1:
         a9:6b:4a:9f:fc:ab:b2:a4:ab:f6:6a:a9:a2:bd:06:c0:a2:b2:
         41:0a:06:13:0c:e9:37:ed:55:f7:2c:f5:39:d5:c4:f5:3c:a6:
         79:0e:93:46:da:80:75:4f:e1:37:59:1b:98:b0:7c:c0:b8:b5:
         29:9a:91:2a:d3:6a:9b:14:36:b7:b3:55:3d:e6:59:c2:2d:11:
         f2:3d:36:6d:03:75:37:1b:b6:6b:ed:3a:2f:b9:be:99:be:f9:
         2f:13:51:fd:18:96:b7:72:93:2e:dc:a4:e8:42:a0:ef:4b:28:
         68:be:c5:0e:9d:8f:14:de:af:54:c0:03:24:64:4d:36:7a:bc:
         48:6d:b9:44
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY7EBNNNBlDGJV/Px6TEMAypMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNDA5MTgwMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTJlNTcyZDc3YTkzMmZkOTBkZGFiZGZiMjU2MTNlYTFlMjA4ZThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAdK6fTvVQRcBCSIh9fFVROI5S1r
r1WxIr+X+SfJjMkgMGr1q5i8+2qSF3zMHxmz8pxdYNJCKlLMkx1/khuhA2ovw1fk
ESaUQxy7NmUEon1C4vHh5nuRMk7GHqpAWm61vH5/2AYulCjOodLZffzX40g+K9N0
4BKkPUEUilT1qOK1+fz6j6fCJzFjuT12RBFV30vnt7vEgXDxrdIMDe2NDLGHCI9u
R5lFXeRUzQPfpY5FYpNZ/JAO864009BfXnsc7F9dBo31YwUw7Ta+GU8f011shxW7
P3Sxh0IS9eLymxiD7CporuOFUQZlGj6ilxTBtm5ItUkLEgqEmCe1CJYLAQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPUuVy13qTL9kN2r37JWE+oeII6LMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOVM1WExYZXBNdjJRM2F2ZnNsWVQ2aDRnam9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6xBxLW
AwcAKg6xBxLfMA0GCSqGSIb3DQEBCwUAA4IBAQBGpWDdR0iZwxSRGKLHC2SrjE9n
ouN3cPy125r/kVAu33V+H5IEcT9YHjrh1h4xzt5/M+BuHF4uDHqnvmt/1Cqt3xjm
a4T6Vz8KIp2Jjp03YVn5bH9ay693qUvgtj3P8kWehVpRpe23UTYgP2M7WSM2Lghf
sMHHk0Fb1DIuWcGpa0qf/KuypKv2aqmivQbAorJBCgYTDOk37VX3LPU51cT1PKZ5
DpNG2oB1T+E3WRuYsHzAuLUpmpEq02qbFDa3s1U95lnCLRHyPTZtA3U3G7Zr7Tov
ub6ZvvkvE1H9GJa3cpMu3KToQqDvSyhovsUOnY8U3q9UwAMkZE02erxIbblE
-----END CERTIFICATE-----