Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9SrvwxafwBS_SzJ2hPbL_sKismY.roa
File:                     9SrvwxafwBS_SzJ2hPbL_sKismY.roa (raw, json)
Hash identifier:          X3xvj9XxEzk6jH3n8IfffKwwwNE6UUULPLQz6iUj1e4=
Subject key identifier:   F5:2A:EF:C3:16:9F:C0:14:BF:4B:32:76:84:F6:CB:FE:C2:A2:B2:66
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCC9C42AB3F23EA80C7D451CCD7A7B
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9SrvwxafwBS_SzJ2hPbL_sKismY.roa
Signing time:             Tue 02 Jan 2024 10:34:01 +0000
ROA not before:           Tue 02 Jan 2024 10:34:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41720
IP address blocks:        2a0e:97c0:cc0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c9:c4:2a:b3:f2:3e:a8:0c:7d:45:1c:cd:7a:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f52aefc3169fc014bf4b327684f6cbfec2a2b266
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:5e:82:0e:39:30:6a:7d:98:2c:ff:1b:84:4c:
                    32:a5:bd:54:da:dd:33:50:60:d1:51:b5:06:93:28:
                    67:13:8b:de:eb:bd:d4:17:29:91:ee:a7:ae:47:1b:
                    0e:44:6a:ac:be:d3:c8:d0:11:67:4d:8b:e4:44:55:
                    fc:ec:1c:07:a4:7e:07:65:11:8f:d8:e4:16:6a:c7:
                    7c:0e:30:05:44:8c:1e:e7:e0:c0:f3:f5:7c:6b:33:
                    bf:bc:2b:b4:81:58:c0:06:02:7c:ad:0a:e0:4c:c2:
                    03:0a:dc:ed:c1:ca:f1:84:2e:4c:ab:5b:2f:d8:a1:
                    55:21:9f:95:e8:4d:4c:26:71:68:b4:d6:b2:27:91:
                    e8:85:ce:ee:7a:37:ae:bf:a9:31:15:ed:ad:98:d3:
                    43:d9:29:50:ec:aa:56:26:12:f4:1f:3e:70:17:ae:
                    7a:d0:37:30:70:25:aa:21:fe:2a:17:54:db:8f:e4:
                    33:9b:28:8d:22:df:13:d7:b0:71:c5:7a:0e:cf:88:
                    62:41:6f:36:ff:5d:3d:07:f5:ce:61:04:00:4c:64:
                    cb:c9:e1:1a:9f:fd:93:f9:9b:53:da:bf:79:3d:91:
                    91:db:52:91:1e:dd:6e:07:f7:2b:62:a4:8c:c9:f2:
                    3d:02:ea:6f:91:df:d0:51:99:a8:73:e4:d9:6e:10:
                    48:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:2A:EF:C3:16:9F:C0:14:BF:4B:32:76:84:F6:CB:FE:C2:A2:B2:66
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9SrvwxafwBS_SzJ2hPbL_sKismY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:cc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         4d:06:26:f1:f5:76:76:27:0f:30:97:c6:eb:f3:fd:0d:45:19:
         fb:b4:90:8d:4d:8d:26:85:08:89:92:ac:ad:07:81:f8:05:42:
         6c:26:fb:7d:6b:74:31:f7:ae:10:bf:3d:d9:fb:6e:47:47:7a:
         dd:83:4f:45:0b:5f:33:a8:cb:7f:63:c7:9e:d0:a4:8d:c7:ac:
         41:73:80:8d:0c:d7:2e:66:87:9e:6e:e0:38:91:68:c0:f1:0f:
         ed:73:fa:d5:e6:43:46:d1:3b:6e:60:4a:dc:73:c4:ec:0e:4a:
         54:6e:14:31:80:88:34:b2:e0:b0:0f:95:bc:50:a9:51:7d:79:
         43:e4:aa:c4:f0:6f:1e:c9:b6:f9:d8:ec:e7:bb:95:f9:63:f3:
         1e:54:44:cb:89:f6:32:92:1b:50:88:11:9b:94:cc:95:a0:7b:
         23:ca:2e:75:90:bf:d5:81:a2:b7:0d:22:8a:d7:7a:04:09:28:
         30:a8:11:00:4b:54:b4:77:14:73:8d:f0:2b:ae:e5:e0:19:0b:
         fc:c3:d8:43:db:32:c6:d9:cf:e4:7a:53:96:c9:56:33:b0:d3:
         aa:2d:67:f1:db:f7:1b:d7:1d:ab:36:68:70:bc:63:57:a1:6a:
         88:91:23:46:b8:92:77:84:9f:8c:fa:5a:b6:07:c7:f6:dd:0e:
         aa:ca:ff:46
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvMnEKrPyPqgMfUUczXp7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTJhZWZjMzE2OWZjMDE0YmY0YjMyNzY4NGY2Y2JmZWMyYTJiMjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArV6CDjkwan2YLP8bhEwypb1U2t0z
UGDRUbUGkyhnE4ve673UFymR7qeuRxsORGqsvtPI0BFnTYvkRFX87BwHpH4HZRGP
2OQWasd8DjAFRIwe5+DA8/V8azO/vCu0gVjABgJ8rQrgTMIDCtztwcrxhC5Mq1sv
2KFVIZ+V6E1MJnFotNayJ5Hohc7uejeuv6kxFe2tmNND2SlQ7KpWJhL0Hz5wF656
0DcwcCWqIf4qF1Tbj+QzmyiNIt8T17BxxXoOz4hiQW82/109B/XOYQQATGTLyeEa
n/2T+ZtT2r95PZGR21KRHt1uB/crYqSMyfI9Aupvkd/QUZmoc+TZbhBICwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPUq78MWn8AUv0sydoT2y/7CorJmMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOVNydnd4YWZ3QlNfU3pKMmhQYkxfc0tpc21ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAzA
MA0GCSqGSIb3DQEBCwUAA4IBAQBNBibx9XZ2Jw8wl8br8/0NRRn7tJCNTY0mhQiJ
kqytB4H4BUJsJvt9a3Qx964Qvz3Z+25HR3rdg09FC18zqMt/Y8ee0KSNx6xBc4CN
DNcuZoeebuA4kWjA8Q/tc/rV5kNG0TtuYErcc8TsDkpUbhQxgIg0suCwD5W8UKlR
fXlD5KrE8G8eybb52Oznu5X5Y/MeVETLifYykhtQiBGblMyVoHsjyi51kL/VgaK3
DSKK13oECSgwqBEAS1S0dxRzjfArruXgGQv8w9hD2zLG2c/kelOWyVYzsNOqLWfx
2/cb1x2rNmhwvGNXoWqIkSNGuJJ3hJ+M+lq2B8f23Q6qyv9G
-----END CERTIFICATE-----