Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9z9MYdzfUUQjW1Oqx3oVOyUpH9k.roa
File:                     9z9MYdzfUUQjW1Oqx3oVOyUpH9k.roa (raw, json)
Hash identifier:          BpZPZTtUD8Mz0Vrf5RQH5QXBtOFsdNWQprjjrivvUQo=
Subject key identifier:   F7:3F:4C:61:DC:DF:51:44:23:5B:53:AA:C7:7A:15:3B:25:29:1F:D9
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCD3A931E1C0CEEE071170B475E307
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9z9MYdzfUUQjW1Oqx3oVOyUpH9k.roa
Signing time:             Tue 02 Jan 2024 10:34:04 +0000
ROA not before:           Tue 02 Jan 2024 10:34:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57266
IP address blocks:        2a0e:97c0:110::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d3:a9:31:e1:c0:ce:ee:07:11:70:b4:75:e3:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f73f4c61dcdf5144235b53aac77a153b25291fd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:0d:33:d2:cd:e7:c3:8c:77:44:93:7b:43:30:
                    b8:d6:fc:1b:d6:17:f8:a0:60:ab:15:c5:be:6c:74:
                    21:3c:85:de:86:05:5c:2c:bb:08:d2:bc:6b:f8:60:
                    40:30:d2:49:84:33:2b:9d:50:6f:50:9d:c4:3c:e0:
                    46:7e:01:d8:65:28:20:4f:7f:46:6d:1b:d2:4f:5d:
                    01:ea:70:2e:c1:1b:27:f4:fa:f8:99:c8:09:8f:c6:
                    f2:e3:ee:6f:12:72:d7:a0:6c:42:4b:09:11:1e:c2:
                    88:6f:bb:c4:f4:22:fe:0f:71:d4:4d:1d:2e:57:7e:
                    9e:57:b6:cb:3f:98:5a:b1:03:3d:f4:9d:81:d4:19:
                    73:00:d5:58:87:28:a3:12:fa:d0:34:af:c6:82:ee:
                    a1:94:62:d9:7e:a1:df:5d:3f:ae:0e:29:38:2c:1c:
                    3e:08:d1:6c:06:6c:b1:1e:52:fd:43:6d:7b:6e:84:
                    d3:da:1a:af:90:fa:89:2a:97:59:3d:d8:d2:df:5b:
                    ca:cd:b1:96:1a:b3:be:40:dc:91:fe:f5:c9:4b:62:
                    ad:26:88:58:e3:fc:8f:3e:65:ba:e7:b7:7d:3f:8b:
                    da:f0:a7:70:40:08:32:7b:1c:19:a5:d9:59:a9:38:
                    48:03:3f:64:48:ac:a1:21:6a:5b:d6:40:53:b6:db:
                    72:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:3F:4C:61:DC:DF:51:44:23:5B:53:AA:C7:7A:15:3B:25:29:1F:D9
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9z9MYdzfUUQjW1Oqx3oVOyUpH9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:110::/44

    Signature Algorithm: sha256WithRSAEncryption
         9a:5d:48:85:97:fe:c6:5c:6b:e9:48:72:04:51:d7:45:99:8d:
         11:c4:f8:84:c4:20:9d:cd:9a:1f:d3:f6:1f:cf:7b:26:35:60:
         fd:be:84:55:6c:a2:47:f2:6f:6a:65:72:1a:9c:b9:c0:35:7e:
         70:f9:a9:71:b1:33:2b:56:01:d7:d1:82:19:dd:8f:4a:66:da:
         2b:73:91:9b:56:c1:0a:36:0d:3a:b9:1f:ab:53:b7:46:34:72:
         2f:4a:20:e1:a2:0c:c4:0c:71:60:8f:e0:46:74:60:8c:91:4d:
         bd:97:1e:3a:70:8f:06:2e:6f:69:b9:0f:76:69:00:ed:1d:6c:
         be:7e:6f:d6:25:3e:03:78:b6:72:9d:ba:b9:a7:a6:81:f6:ce:
         52:7c:85:c6:7e:63:d9:3f:58:fb:36:f1:24:dd:59:2e:ec:bb:
         07:9c:58:39:86:b1:72:a5:c8:84:71:38:bc:75:a9:cb:f2:c0:
         2e:46:b3:0d:6c:0f:82:c6:fd:e6:87:69:1b:2b:df:5c:76:1b:
         d1:07:74:2a:d2:eb:c1:c0:a5:1f:24:bb:67:ee:06:f4:56:a7:
         96:d3:fe:cc:5f:5a:63:cb:22:da:76:63:6e:36:1a:3a:4d:10:
         a3:6d:28:47:bf:5e:f5:84:bf:55:b5:70:85:7a:60:58:82:1c:
         64:4a:33:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvNOpMeHAzu4HEXC0deMHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzNmNGM2MWRjZGY1MTQ0MjM1YjUzYWFjNzdhMTUzYjI1MjkxZmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7g0z0s3nw4x3RJN7QzC41vwb1hf4
oGCrFcW+bHQhPIXehgVcLLsI0rxr+GBAMNJJhDMrnVBvUJ3EPOBGfgHYZSggT39G
bRvST10B6nAuwRsn9Pr4mcgJj8by4+5vEnLXoGxCSwkRHsKIb7vE9CL+D3HUTR0u
V36eV7bLP5hasQM99J2B1BlzANVYhyijEvrQNK/Ggu6hlGLZfqHfXT+uDik4LBw+
CNFsBmyxHlL9Q217boTT2hqvkPqJKpdZPdjS31vKzbGWGrO+QNyR/vXJS2KtJohY
4/yPPmW657d9P4va8KdwQAgyexwZpdlZqThIAz9kSKyhIWpb1kBTtttyjwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPc/TGHc31FEI1tTqsd6FTslKR/ZMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOXo5TVlkemZVVVFqVzFPcXgzb1ZPeVVwSDlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCaXUiFl/7GXGvpSHIEUddFmY0RxPiExCCdzZof
0/Yfz3smNWD9voRVbKJH8m9qZXIanLnANX5w+alxsTMrVgHX0YIZ3Y9KZtorc5Gb
VsEKNg06uR+rU7dGNHIvSiDhogzEDHFgj+BGdGCMkU29lx46cI8GLm9puQ92aQDt
HWy+fm/WJT4DeLZynbq5p6aB9s5SfIXGfmPZP1j7NvEk3Vku7LsHnFg5hrFypciE
cTi8danL8sAuRrMNbA+Cxv3mh2kbK99cdhvRB3Qq0uvBwKUfJLtn7gb0VqeW0/7M
X1pjyyLadmNuNho6TRCjbShHv171hL9VtXCFemBYghxkSjPD
-----END CERTIFICATE-----