Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Ax5jCigwH2XHXVBg3v-2tC1scPk.roa
File:                     Ax5jCigwH2XHXVBg3v-2tC1scPk.roa (raw, json)
Hash identifier:          gDfGqsVxVDb/yEUwZc76eNYSdbriwgtHoRQ5ZnbHqgw=
Subject key identifier:   03:1E:63:0A:28:30:1F:65:C7:5D:50:60:DE:FF:B6:B4:2D:6C:70:F9
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01917D932F098CD866D936FD30102179A111
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Ax5jCigwH2XHXVBg3v-2tC1scPk.roa
Signing time:             Fri 23 Aug 2024 04:51:23 +0000
ROA not before:           Fri 23 Aug 2024 04:51:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203790
IP address blocks:        2a0e:b101::/32 maxlen: 48
                          2a0e:b107:12a0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7d:93:2f:09:8c:d8:66:d9:36:fd:30:10:21:79:a1:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Aug 23 04:51:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=031e630a28301f65c75d5060deffb6b42d6c70f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:6d:67:63:82:cd:6b:94:3b:3a:6f:0b:eb:43:
                    fb:ac:d4:0d:f7:63:32:f3:2a:94:a9:e9:f6:97:de:
                    94:ca:06:cd:07:8c:28:58:78:a9:68:1b:0b:8e:0c:
                    cd:d3:09:6d:79:06:d1:0c:79:fb:61:d0:f4:d1:5e:
                    5c:09:f7:b3:e4:6e:f9:19:de:43:cb:c8:ca:1a:fe:
                    ba:e7:39:8e:32:f4:e8:e6:20:58:ac:7b:74:c1:83:
                    c8:49:8e:f1:e6:ad:4b:25:2d:fc:be:8c:c3:06:ef:
                    d0:39:df:25:8a:eb:a1:37:41:87:23:a6:f6:72:6a:
                    62:74:c1:64:1e:0b:68:07:fc:f2:9d:b3:46:fb:7d:
                    e5:7a:d1:99:b8:35:4d:fd:bb:0f:c9:fe:c8:33:c3:
                    35:c4:59:4c:e7:8e:2a:4d:28:46:90:40:e9:8c:5d:
                    68:cf:99:8a:e5:df:81:de:16:1e:d1:15:92:4d:e6:
                    ae:da:7b:6e:0a:36:ec:c8:06:e5:8c:36:c5:e6:5d:
                    35:ec:b6:52:85:74:0b:7e:61:fa:6a:d2:7e:e6:3f:
                    9a:51:18:ac:3c:3e:27:6d:40:c3:39:5f:e6:f0:c1:
                    eb:23:3d:10:e5:8f:fc:03:45:17:2f:74:b7:9c:f0:
                    9a:2a:99:0d:c7:89:6e:18:ca:84:46:72:81:b0:96:
                    c0:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:1E:63:0A:28:30:1F:65:C7:5D:50:60:DE:FF:B6:B4:2D:6C:70:F9
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Ax5jCigwH2XHXVBg3v-2tC1scPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b101::/32
                  2a0e:b107:12a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         71:a3:e9:39:94:4e:dc:0c:59:ee:05:b4:6e:37:2d:fd:31:55:
         98:e8:d2:0d:90:91:d8:3b:6e:33:48:ee:33:5d:bc:5a:e7:01:
         df:fe:6a:10:c9:4c:0c:72:42:da:35:18:a8:25:d1:60:9a:e3:
         65:d6:d4:0c:bc:96:57:de:b5:9c:aa:1c:1f:49:c4:7c:e9:07:
         aa:f5:07:10:63:03:c9:5f:77:1e:ef:08:36:81:16:98:ad:14:
         49:5c:5e:46:8e:b0:f3:4c:0a:8f:2c:ce:9f:66:78:6f:2e:be:
         39:cc:61:85:21:d5:1a:ee:37:1d:48:17:e9:fe:15:cd:17:c0:
         d0:3c:84:03:3f:6e:74:d3:63:f6:fe:31:bb:62:2e:65:53:26:
         60:e4:a7:7e:5f:6d:65:90:f5:e8:66:7f:c5:85:df:ab:e6:9f:
         27:8f:d1:5c:54:70:7a:56:e9:59:a9:21:6d:e8:5b:94:2c:64:
         6d:d6:2a:ce:bb:92:62:6e:95:42:3b:ab:1b:68:9d:e9:14:f9:
         ea:05:a8:1f:5e:ba:4a:65:81:64:2a:34:2f:2d:cd:09:5a:3f:
         97:bb:b2:ce:35:a8:22:35:ca:ed:7e:4d:7d:e5:38:6b:39:fd:
         9a:e8:9e:b6:31:a6:72:b6:44:9d:1d:ed:75:fb:fe:8b:e0:ca:
         4e:c7:be:50
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZF9ky8JjNhm2Tb9MBAheaERMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwODIzMDQ1MTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzFlNjMwYTI4MzAxZjY1Yzc1ZDUwNjBkZWZmYjZiNDJkNmM3MGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArW1nY4LNa5Q7Om8L60P7rNQN92My
8yqUqen2l96UygbNB4woWHipaBsLjgzN0wlteQbRDHn7YdD00V5cCfez5G75Gd5D
y8jKGv665zmOMvTo5iBYrHt0wYPISY7x5q1LJS38vozDBu/QOd8liuuhN0GHI6b2
cmpidMFkHgtoB/zynbNG+33letGZuDVN/bsPyf7IM8M1xFlM544qTShGkEDpjF1o
z5mK5d+B3hYe0RWSTeau2ntuCjbsyAbljDbF5l017LZShXQLfmH6atJ+5j+aURis
PD4nbUDDOV/m8MHrIz0Q5Y/8A0UXL3S3nPCaKpkNx4luGMqERnKBsJbAtQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFAMeYwooMB9lx11QYN7/trQtbHD5MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQXg1akNpZ3dIMlhIWFZCZzN2LTJ0QzFzY1BrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwUAKg6xAQMH
BCoOsQcSoDANBgkqhkiG9w0BAQsFAAOCAQEAcaPpOZRO3AxZ7gW0bjct/TFVmOjS
DZCR2DtuM0juM128WucB3/5qEMlMDHJC2jUYqCXRYJrjZdbUDLyWV961nKocH0nE
fOkHqvUHEGMDyV93Hu8INoEWmK0USVxeRo6w80wKjyzOn2Z4by6+OcxhhSHVGu43
HUgX6f4VzRfA0DyEAz9udNNj9v4xu2IuZVMmYOSnfl9tZZD16GZ/xYXfq+afJ4/R
XFRwelbpWakhbehblCxkbdYqzruSYm6VQjurG2id6RT56gWoH166SmWBZCo0Ly3N
CVo/l7uyzjWoIjXK7X5NfeU4azn9muietjGmcrZEnR3tdfv+i+DKTse+UA==
-----END CERTIFICATE-----