Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BESY77HMX63qkyUMbNBVPKzD0UY.roa
File:                     BESY77HMX63qkyUMbNBVPKzD0UY.roa (raw, json)
Hash identifier:          whqSdBL8sjst9xeTw1rhqV38zFSDlQJk3dNE/6FboDs=
Subject key identifier:   04:44:98:EF:B1:CC:5F:AD:EA:93:25:0C:6C:D0:55:3C:AC:C3:D1:46
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD2AD93EE7AE7F06694D7B44F37A5F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BESY77HMX63qkyUMbNBVPKzD0UY.roa
Signing time:             Tue 02 Jan 2024 10:34:26 +0000
ROA not before:           Tue 02 Jan 2024 10:34:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210825
IP address blocks:        2a0e:b107:24f0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:2a:d9:3e:e7:ae:7f:06:69:4d:7b:44:f3:7a:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=044498efb1cc5fadea93250c6cd0553cacc3d146
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:12:52:46:c5:3b:52:66:28:fa:a2:eb:f0:87:
                    d1:ad:e6:43:97:fe:0a:52:05:8b:e2:b2:21:9c:91:
                    ed:7c:cb:b5:44:d5:68:7b:fa:8d:16:1c:fb:60:7e:
                    fc:13:07:76:00:b2:8e:56:f4:1c:c2:c7:85:fd:81:
                    df:d2:dc:45:66:72:5c:6e:8b:14:ec:51:6e:a2:dc:
                    b2:b6:e4:be:4d:b8:4e:80:24:6d:30:07:02:3f:1e:
                    4e:f7:99:8e:06:a0:8f:60:a9:95:86:f8:69:90:72:
                    2e:2c:64:ce:1a:c6:e4:45:c8:69:f7:08:88:52:18:
                    a4:3a:b2:7f:c5:c0:c7:9a:3c:1e:1f:61:c7:b7:70:
                    75:86:0a:5f:ff:f2:de:cb:bc:d4:dd:72:4b:ce:62:
                    bb:bd:40:9f:4e:1c:08:01:14:27:c8:2d:c7:bc:4d:
                    47:8b:58:7b:22:0c:6d:d5:a5:ed:58:4f:96:f7:8b:
                    9a:d8:90:5e:bb:66:6d:51:ac:bf:4d:0c:6d:c6:77:
                    eb:f1:68:71:db:c8:87:e6:b8:34:47:ac:00:9c:31:
                    8c:d8:d8:2d:b6:c1:d2:79:39:f9:77:8f:3b:57:c0:
                    d6:d1:51:df:c7:eb:07:5d:a5:17:a1:b4:bf:d7:84:
                    25:d7:53:29:98:ed:c9:63:45:97:db:10:c5:22:c8:
                    49:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:44:98:EF:B1:CC:5F:AD:EA:93:25:0C:6C:D0:55:3C:AC:C3:D1:46
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BESY77HMX63qkyUMbNBVPKzD0UY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:24f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:9e:43:b7:29:c4:4c:d9:dd:d7:c3:b8:ff:9b:cb:97:0f:f0:
         6d:1d:31:4d:5f:6c:5c:3a:68:6c:f2:05:72:f5:34:b1:6d:f5:
         89:da:eb:3b:90:5e:79:3e:09:c5:4b:2c:0e:21:78:95:1b:0a:
         52:39:44:82:ad:9d:3e:33:e6:91:dc:aa:a0:af:17:46:10:90:
         c5:c3:37:39:9c:b1:a1:a3:5c:72:c1:ca:e1:f0:5b:35:9f:ee:
         b5:b5:a5:98:e8:6d:a8:88:27:a4:8e:fb:8f:42:f7:41:2d:a1:
         e4:83:6d:8a:74:ef:d8:52:17:08:d7:55:ce:4b:4e:99:45:ca:
         b8:fb:c5:0a:2e:83:e5:53:84:d0:eb:3e:7a:f2:8f:e9:26:6a:
         36:c0:2e:3b:e8:77:e2:26:1e:05:a4:91:1d:b2:0d:d3:a0:bb:
         87:96:fb:00:1f:26:0c:32:91:98:fa:7f:8b:9e:2c:1a:52:38:
         7f:25:91:69:c7:16:93:16:87:0d:ca:6b:d1:2f:ac:77:63:9e:
         67:26:09:bb:f5:77:ab:52:a8:78:ef:d7:18:8a:cf:69:b3:d6:
         e1:08:5b:73:69:49:6c:eb:35:70:12:93:f7:d4:14:d3:d1:6c:
         75:94:e8:11:9b:32:aa:c4:97:56:8b:55:ed:36:89:cb:29:99:
         5f:de:83:56
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvSrZPueufwZpTXtE83pfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDQ0OThlZmIxY2M1ZmFkZWE5MzI1MGM2Y2QwNTUzY2FjYzNkMTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhJSRsU7UmYo+qLr8IfRreZDl/4K
UgWL4rIhnJHtfMu1RNVoe/qNFhz7YH78Ewd2ALKOVvQcwseF/YHf0txFZnJcbosU
7FFuotyytuS+TbhOgCRtMAcCPx5O95mOBqCPYKmVhvhpkHIuLGTOGsbkRchp9wiI
UhikOrJ/xcDHmjweH2HHt3B1hgpf//Ley7zU3XJLzmK7vUCfThwIARQnyC3HvE1H
i1h7Igxt1aXtWE+W94ua2JBeu2ZtUay/TQxtxnfr8Whx28iH5rg0R6wAnDGM2Ngt
tsHSeTn5d487V8DW0VHfx+sHXaUXobS/14Ql11MpmO3JY0WX2xDFIshJmwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAREmO+xzF+t6pMlDGzQVTysw9FGMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQkVTWTc3SE1YNjNxa3lVTWJOQlZQS3pEMFVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xByTw
MA0GCSqGSIb3DQEBCwUAA4IBAQBtnkO3KcRM2d3Xw7j/m8uXD/BtHTFNX2xcOmhs
8gVy9TSxbfWJ2us7kF55PgnFSywOIXiVGwpSOUSCrZ0+M+aR3KqgrxdGEJDFwzc5
nLGho1xywcrh8Fs1n+61taWY6G2oiCekjvuPQvdBLaHkg22KdO/YUhcI11XOS06Z
Rcq4+8UKLoPlU4TQ6z568o/pJmo2wC476HfiJh4FpJEdsg3ToLuHlvsAHyYMMpGY
+n+LniwaUjh/JZFpxxaTFocNymvRL6x3Y55nJgm79XerUqh479cYis9ps9bhCFtz
aUls6zVwEpP31BTT0Wx1lOgRmzKqxJdWi1XtNonLKZlf3oNW
-----END CERTIFICATE-----