Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/CbZjsQKCPb-eG_NkWRore2syEOg.roa
File:                     CbZjsQKCPb-eG_NkWRore2syEOg.roa (raw, json)
Hash identifier:          OQEiHkDz2YQDqply0ikEO7ZeH+m6sF2EaKzgQlYHcIk=
Subject key identifier:   09:B6:63:B1:02:82:3D:BF:9E:1B:F3:64:59:1A:2B:7B:6B:32:10:E8
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD03FF0C421FB8AC4B175FA487A950
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/CbZjsQKCPb-eG_NkWRore2syEOg.roa
Signing time:             Tue 02 Jan 2024 10:34:16 +0000
ROA not before:           Tue 02 Jan 2024 10:34:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203490
IP address blocks:        2a0e:97c0:ba0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:03:ff:0c:42:1f:b8:ac:4b:17:5f:a4:87:a9:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09b663b102823dbf9e1bf364591a2b7b6b3210e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:bc:c3:57:da:e9:bf:11:0c:ef:75:79:4e:b2:
                    30:37:b9:9b:34:2c:45:8b:c4:b0:f3:6d:79:1c:06:
                    cb:8b:b6:d2:6a:a6:13:7f:c8:0c:eb:75:78:27:2a:
                    f1:fa:0f:68:7c:36:df:f2:2b:f4:31:fa:63:aa:76:
                    93:ea:03:51:17:8a:5b:4e:3e:e2:67:a8:52:5f:c3:
                    90:a6:01:e6:8d:06:92:f3:6a:ef:37:c0:c6:ac:a6:
                    e4:39:a8:b3:a4:8d:ae:c3:25:6c:77:31:09:c9:ce:
                    6f:55:05:5f:76:35:a8:d5:f5:f2:3a:98:65:d1:6f:
                    0a:8f:8f:7b:c0:ae:74:2b:0a:bf:16:61:32:fe:29:
                    a8:27:98:94:b8:99:4c:3e:48:86:ad:8b:b9:05:5b:
                    63:56:fd:f4:45:d3:4e:6b:ab:9c:15:12:6f:b2:a7:
                    e4:2b:a5:b2:3d:c5:fd:a6:e7:a4:15:c2:74:6c:65:
                    74:27:85:3d:ca:fc:62:12:17:15:66:e3:70:cf:d3:
                    15:3e:1f:7f:13:fa:93:af:81:89:ac:20:c9:41:ed:
                    d1:b2:f2:fe:39:f2:fc:5d:6b:c2:ed:08:1f:2d:37:
                    67:1b:44:49:60:c9:57:23:81:d5:6d:90:7a:69:eb:
                    cb:fd:7f:ae:50:6c:39:aa:7a:ec:0f:a8:93:40:53:
                    c9:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:B6:63:B1:02:82:3D:BF:9E:1B:F3:64:59:1A:2B:7B:6B:32:10:E8
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/CbZjsQKCPb-eG_NkWRore2syEOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:ba0::/44

    Signature Algorithm: sha256WithRSAEncryption
         61:93:34:c4:f0:f7:f8:9a:de:b0:16:65:24:22:09:70:1a:7f:
         4d:a7:60:4c:2b:c8:80:ea:8a:9c:c3:96:de:c9:cd:a1:f4:43:
         6e:3d:79:e2:7b:17:1d:bf:9a:e4:1a:50:b4:95:bd:cf:b7:a4:
         73:48:5b:a4:57:b3:34:29:a7:2a:fb:ea:a7:d4:da:74:e8:75:
         cc:12:08:df:b5:19:13:63:86:51:0e:72:e6:0a:90:9b:a8:1b:
         26:27:8a:1d:72:30:b9:ea:5e:26:6d:68:7f:2e:e8:fe:5f:c8:
         fa:5d:61:e3:90:4c:8b:72:f0:1d:8b:d3:af:f2:3e:08:95:a8:
         b9:f1:34:fd:fd:0e:70:46:ea:15:56:41:73:4c:0f:cd:b9:4c:
         5f:55:e5:0d:04:93:af:35:68:ff:95:e9:fd:45:e3:77:7b:ac:
         c0:c3:eb:18:50:fc:fa:18:c9:e5:d2:4f:32:07:05:9a:4e:8b:
         e7:4c:55:03:1d:42:3e:fa:2a:74:58:a5:40:de:ed:0f:cb:f2:
         45:5d:f0:00:c2:12:5f:92:c3:ed:93:3a:73:ae:5c:fc:93:a7:
         3b:f6:a4:39:ae:41:52:b7:1b:95:4f:4a:c1:3b:5d:ba:cc:1d:
         ae:0a:c4:3c:b7:ad:4a:dd:43:24:51:e7:9d:ee:3b:14:c7:12:
         79:e8:d1:dd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvQP/DEIfuKxLF1+kh6lQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWI2NjNiMTAyODIzZGJmOWUxYmYzNjQ1OTFhMmI3YjZiMzIxMGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLzDV9rpvxEM73V5TrIwN7mbNCxF
i8Sw8215HAbLi7bSaqYTf8gM63V4Jyrx+g9ofDbf8iv0MfpjqnaT6gNRF4pbTj7i
Z6hSX8OQpgHmjQaS82rvN8DGrKbkOaizpI2uwyVsdzEJyc5vVQVfdjWo1fXyOphl
0W8Kj497wK50Kwq/FmEy/imoJ5iUuJlMPkiGrYu5BVtjVv30RdNOa6ucFRJvsqfk
K6WyPcX9puekFcJ0bGV0J4U9yvxiEhcVZuNwz9MVPh9/E/qTr4GJrCDJQe3RsvL+
OfL8XWvC7QgfLTdnG0RJYMlXI4HVbZB6aevL/X+uUGw5qnrsD6iTQFPJ6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAm2Y7ECgj2/nhvzZFkaK3trMhDoMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQ2JaanNRS0NQYi1lR19Oa1dSb3JlMnN5RU9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAug
MA0GCSqGSIb3DQEBCwUAA4IBAQBhkzTE8Pf4mt6wFmUkIglwGn9Np2BMK8iA6oqc
w5beyc2h9ENuPXniexcdv5rkGlC0lb3Pt6RzSFukV7M0Kacq++qn1Np06HXMEgjf
tRkTY4ZRDnLmCpCbqBsmJ4odcjC56l4mbWh/Luj+X8j6XWHjkEyLcvAdi9Ov8j4I
lai58TT9/Q5wRuoVVkFzTA/NuUxfVeUNBJOvNWj/len9ReN3e6zAw+sYUPz6GMnl
0k8yBwWaTovnTFUDHUI++ip0WKVA3u0Py/JFXfAAwhJfksPtkzpzrlz8k6c79qQ5
rkFStxuVT0rBO126zB2uCsQ8t61K3UMkUeed7jsUxxJ56NHd
-----END CERTIFICATE-----