Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BagkY2W5INhZ303U12ZCvujkKOg.roa
File:                     BagkY2W5INhZ303U12ZCvujkKOg.roa (raw, json)
Hash identifier:          90BZWtbKSL3J9Zdj9P98J8PMEcHo+n0ErgZlt7FELOc=
Subject key identifier:   05:A8:24:63:65:B9:20:D8:59:DF:4D:D4:D7:66:42:BE:E8:E4:28:E8
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018D461F68EA793CD007D168ED1BF0562012
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BagkY2W5INhZ303U12ZCvujkKOg.roa
Signing time:             Fri 26 Jan 2024 14:14:40 +0000
ROA not before:           Fri 26 Jan 2024 14:14:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215642
IP address blocks:        2a0e:97c0:5b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:46:1f:68:ea:79:3c:d0:07:d1:68:ed:1b:f0:56:20:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan 26 14:14:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=05a8246365b920d859df4dd4d76642bee8e428e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:cd:68:a1:97:7a:78:16:32:a3:ce:4f:08:37:
                    7b:2e:4e:84:5d:06:c0:8e:9a:fb:b3:f5:98:4b:d5:
                    0f:a9:09:4a:dd:68:cf:5e:c4:f2:27:f6:ac:6a:e8:
                    d2:61:0a:c8:11:4f:62:62:f3:2e:fe:b6:78:b4:4c:
                    69:4d:9f:53:32:43:73:6f:e2:36:40:38:5d:55:4e:
                    3f:6b:d3:5c:b7:e0:d4:b5:68:b4:18:0c:8d:0e:77:
                    ce:bb:2c:28:1f:96:8c:8e:67:a1:fe:8b:1a:1d:ef:
                    24:8e:88:d9:9a:25:7b:da:7b:4d:3e:60:40:2b:e6:
                    0c:7f:57:16:60:94:4a:29:f4:fc:10:b3:b9:df:20:
                    bf:aa:5a:b7:a2:eb:d0:11:7b:37:a0:ef:e9:c1:0e:
                    16:1a:79:79:31:3e:cb:d6:e6:34:2c:85:cf:24:36:
                    fa:64:2a:35:7d:e8:ab:bf:d4:1d:fd:5c:9a:ec:32:
                    1e:50:42:bb:b6:fa:a7:51:e5:b0:3c:15:a7:87:76:
                    54:71:3c:b8:f7:84:a0:33:26:e2:2d:4c:7a:55:af:
                    d9:9f:a0:7d:4c:cd:6e:53:dd:99:ae:0a:8e:24:23:
                    dd:21:6b:87:ca:28:71:b6:e9:c5:18:b0:cc:2b:53:
                    5b:c1:88:f9:a6:7c:22:4a:38:2b:8f:74:9a:0e:1b:
                    d4:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:A8:24:63:65:B9:20:D8:59:DF:4D:D4:D7:66:42:BE:E8:E4:28:E8
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BagkY2W5INhZ303U12ZCvujkKOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:5b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         b3:5a:4e:36:26:62:37:a8:1a:c4:92:d8:03:5d:e5:cc:52:cb:
         bd:33:c1:14:91:02:62:6d:2a:e0:7f:35:90:73:a2:6a:26:b4:
         b9:d1:64:cb:11:f0:98:aa:2e:ef:66:01:2e:f3:7f:20:33:28:
         97:4f:01:75:51:7a:9e:8c:43:b7:06:ac:a9:61:b8:a7:72:19:
         ba:b3:4f:66:94:3b:c1:c0:ab:af:e3:59:5d:69:67:a8:12:fa:
         7d:9a:4e:52:7f:2f:8e:7e:81:fd:2c:5f:ae:f0:f7:f8:90:b0:
         40:6c:41:37:15:0e:28:31:f9:f9:b0:2e:5c:83:28:07:ba:07:
         f9:c9:5e:6e:d3:f3:0d:d7:4d:90:02:9a:9b:f4:b2:d0:22:95:
         9f:f7:e9:1b:4d:cd:f5:e1:9a:06:b7:0e:00:78:f8:a7:c7:82:
         4d:59:b5:be:60:54:53:25:5e:46:c7:3f:07:76:d4:02:b5:d9:
         d5:df:27:fd:0f:f5:3e:34:2d:b2:fb:de:49:97:52:a2:33:0d:
         b9:96:e1:62:4d:10:b2:4d:5b:a1:35:78:4c:ad:5f:eb:98:49:
         cd:4e:fd:bc:6e:87:ae:63:fa:7a:77:5b:e0:95:83:d3:60:a9:
         d9:1f:66:d0:1e:a7:f6:c1:7a:a1:b1:30:67:df:00:5e:60:27:
         80:49:bb:a8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1GH2jqeTzQB9Fo7RvwViASMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTI2MTQxNDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWE4MjQ2MzY1YjkyMGQ4NTlkZjRkZDRkNzY2NDJiZWU4ZTQyOGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1c1ooZd6eBYyo85PCDd7Lk6EXQbA
jpr7s/WYS9UPqQlK3WjPXsTyJ/asaujSYQrIEU9iYvMu/rZ4tExpTZ9TMkNzb+I2
QDhdVU4/a9Nct+DUtWi0GAyNDnfOuywoH5aMjmeh/osaHe8kjojZmiV72ntNPmBA
K+YMf1cWYJRKKfT8ELO53yC/qlq3ouvQEXs3oO/pwQ4WGnl5MT7L1uY0LIXPJDb6
ZCo1feirv9Qd/Vya7DIeUEK7tvqnUeWwPBWnh3ZUcTy494SgMybiLUx6Va/Zn6B9
TM1uU92ZrgqOJCPdIWuHyihxtunFGLDMK1NbwYj5pnwiSjgrj3SaDhvUBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAWoJGNluSDYWd9N1NdmQr7o5CjoMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQmFna1kyVzVJTmhaMzAzVTEyWkN2dWprS09nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAWw
MA0GCSqGSIb3DQEBCwUAA4IBAQCzWk42JmI3qBrEktgDXeXMUsu9M8EUkQJibSrg
fzWQc6JqJrS50WTLEfCYqi7vZgEu838gMyiXTwF1UXqejEO3BqypYbinchm6s09m
lDvBwKuv41ldaWeoEvp9mk5Sfy+OfoH9LF+u8Pf4kLBAbEE3FQ4oMfn5sC5cgygH
ugf5yV5u0/MN102QApqb9LLQIpWf9+kbTc314ZoGtw4AePinx4JNWbW+YFRTJV5G
xz8HdtQCtdnV3yf9D/U+NC2y+95Jl1KiMw25luFiTRCyTVuhNXhMrV/rmEnNTv28
boeuY/p6d1vglYPTYKnZH2bQHqf2wXqhsTBn3wBeYCeASbuo
-----END CERTIFICATE-----