Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/AJdSDbtYhOLN7J_EB_UpUnJS9Y0.roa
File:                     AJdSDbtYhOLN7J_EB_UpUnJS9Y0.roa (raw, json)
Hash identifier:          ViATk8ET+KCLxpGfRh2JR75zgYL68sYcth0g8nkufEY=
Subject key identifier:   00:97:52:0D:BB:58:84:E2:CD:EC:9F:C4:07:F5:29:52:72:52:F5:8D
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD0E9C6C93223BD683746358AAB3C6
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/AJdSDbtYhOLN7J_EB_UpUnJS9Y0.roa
Signing time:             Tue 02 Jan 2024 10:34:19 +0000
ROA not before:           Tue 02 Jan 2024 10:34:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205635
IP address blocks:        2a10:2f00:124::/48 maxlen: 48
                          2a10:2f01:2b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:0e:9c:6c:93:22:3b:d6:83:74:63:58:aa:b3:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0097520dbb5884e2cdec9fc407f529527252f58d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:af:52:d1:43:c0:75:93:9a:b0:ce:af:20:86:
                    e8:85:56:e2:51:78:b5:65:2d:09:f2:13:b0:80:50:
                    2d:55:52:ee:1b:a2:65:06:f7:b7:90:4e:7a:af:ce:
                    f3:2c:7f:84:96:0e:89:12:6d:2b:c4:3a:58:f4:b2:
                    83:40:5f:ed:76:80:3b:05:15:d8:5b:a0:90:d4:b6:
                    09:7d:50:2e:6b:cc:53:05:62:f4:f1:86:0c:25:c4:
                    42:9e:98:ab:90:59:0b:a3:b9:2c:22:57:7a:eb:f0:
                    05:b1:40:90:eb:f5:6f:68:cc:bd:f7:66:6e:ca:90:
                    15:14:fa:9e:6f:d4:89:fb:fe:af:13:5f:80:c8:3d:
                    c4:38:8d:b1:37:c7:2d:f4:52:9c:c2:9c:56:23:4c:
                    b5:65:04:bc:24:0c:d1:3b:87:18:15:f2:f3:e4:84:
                    72:0b:11:4c:80:a1:45:6d:21:50:ef:ae:b8:fa:b9:
                    1d:b1:c1:c2:c1:35:30:63:38:8f:ec:47:d9:7c:5d:
                    04:ed:f3:5a:85:a8:66:15:43:75:48:85:38:9e:4f:
                    67:8c:84:6d:8f:90:59:bb:e2:da:97:f1:19:de:69:
                    1d:61:00:94:82:45:28:0b:f0:bc:7d:c9:9d:06:80:
                    bb:26:39:c7:12:98:94:2b:42:05:16:f5:06:fb:b5:
                    1c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:97:52:0D:BB:58:84:E2:CD:EC:9F:C4:07:F5:29:52:72:52:F5:8D
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/AJdSDbtYhOLN7J_EB_UpUnJS9Y0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:124::/48
                  2a10:2f01:2b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         20:57:eb:ac:37:55:5e:f7:d2:6e:f8:a4:42:b0:54:6b:60:3b:
         03:96:bb:42:73:3c:63:de:e3:77:c4:17:2e:3a:27:cb:06:66:
         32:ac:67:0a:a0:ad:6f:e8:e8:3c:4f:1b:f5:e4:8b:30:6c:08:
         41:e6:b8:93:6b:a0:67:10:f8:8c:8a:8b:ee:e4:16:30:0e:c1:
         17:a6:2d:d2:48:56:7b:9b:93:91:f8:ea:f2:e7:21:8b:27:32:
         7b:91:92:d9:64:97:6a:55:0b:96:67:fa:72:39:1d:16:d6:2f:
         61:b4:70:04:44:5f:80:64:56:43:75:28:3d:22:b9:07:02:af:
         ff:4b:db:e2:75:98:b2:46:a8:71:80:4d:d0:5a:99:fd:af:0b:
         37:f6:99:ff:92:ff:cd:67:23:1f:71:77:72:e4:7e:92:f3:a3:
         c6:12:5f:39:74:31:76:0c:68:c6:25:a8:e0:cb:95:93:02:5f:
         d5:d2:2f:4e:93:ac:19:a1:03:0d:e9:62:4d:31:b5:6e:0c:f6:
         c4:f7:cb:00:96:85:cd:65:a8:9d:80:6e:75:64:07:8b:b6:f2:
         89:70:31:9b:7e:89:d9:d1:de:8a:da:47:74:5b:84:52:5f:21:
         c0:4d:ed:fc:cc:72:b5:5b:0d:58:f5:6c:22:9e:8f:13:da:33:
         73:f4:89:62
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvQ6cbJMiO9aDdGNYqrPGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDk3NTIwZGJiNTg4NGUyY2RlYzlmYzQwN2Y1Mjk1MjcyNTJmNThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuK9S0UPAdZOasM6vIIbohVbiUXi1
ZS0J8hOwgFAtVVLuG6JlBve3kE56r87zLH+Elg6JEm0rxDpY9LKDQF/tdoA7BRXY
W6CQ1LYJfVAua8xTBWL08YYMJcRCnpirkFkLo7ksIld66/AFsUCQ6/VvaMy992Zu
ypAVFPqeb9SJ+/6vE1+AyD3EOI2xN8ct9FKcwpxWI0y1ZQS8JAzRO4cYFfLz5IRy
CxFMgKFFbSFQ7664+rkdscHCwTUwYziP7EfZfF0E7fNahahmFUN1SIU4nk9njIRt
j5BZu+Lal/EZ3mkdYQCUgkUoC/C8fcmdBoC7JjnHEpiUK0IFFvUG+7UcMQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFACXUg27WITizeyfxAf1KVJyUvWNMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQUpkU0RidFloT0xON0pfRUJfVXBVbkpTOVkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhAvAAEk
AwcEKhAvAQKwMA0GCSqGSIb3DQEBCwUAA4IBAQAgV+usN1Ve99Ju+KRCsFRrYDsD
lrtCczxj3uN3xBcuOifLBmYyrGcKoK1v6Og8Txv15IswbAhB5riTa6BnEPiMiovu
5BYwDsEXpi3SSFZ7m5OR+Ory5yGLJzJ7kZLZZJdqVQuWZ/pyOR0W1i9htHAERF+A
ZFZDdSg9IrkHAq//S9vidZiyRqhxgE3QWpn9rws39pn/kv/NZyMfcXdy5H6S86PG
El85dDF2DGjGJajgy5WTAl/V0i9Ok6wZoQMN6WJNMbVuDPbE98sAloXNZaidgG51
ZAeLtvKJcDGbfonZ0d6K2kd0W4RSXyHATe38zHK1Ww1Y9Wwino8T2jNz9Ili
-----END CERTIFICATE-----