Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Cv-GOtO7njkx0WXxGoyp1GWE4lA.roa
File:                     Cv-GOtO7njkx0WXxGoyp1GWE4lA.roa (raw, json)
Hash identifier:          7P3njJOqC21MTcxvlj4+qTwPOp1TxHSjyDSnUvAmQEU=
Subject key identifier:   0A:FF:86:3A:D3:BB:9E:39:31:D1:65:F1:1A:8C:A9:D4:65:84:E2:50
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD37B8623F067545AF6C1A9CF6862A
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Cv-GOtO7njkx0WXxGoyp1GWE4lA.roa
Signing time:             Tue 02 Jan 2024 10:34:30 +0000
ROA not before:           Tue 02 Jan 2024 10:34:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211548
IP address blocks:        2a0e:97c0:2c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:37:b8:62:3f:06:75:45:af:6c:1a:9c:f6:86:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0aff863ad3bb9e3931d165f11a8ca9d46584e250
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:7e:98:4e:70:4b:cf:87:a4:31:f0:69:1c:57:
                    1f:85:ca:b5:2d:90:4d:2d:69:d4:bc:b6:9b:fb:8b:
                    83:be:38:82:4e:da:e7:00:5b:e5:b5:5c:4d:63:d5:
                    9d:29:70:59:ef:86:d7:91:10:bf:99:46:6b:3b:62:
                    e0:82:b0:04:c8:a3:5f:cd:58:80:42:c8:bc:c5:09:
                    c2:89:e8:5e:01:e1:e1:32:84:fb:7f:ad:36:a1:f8:
                    4f:42:a0:54:3d:0f:16:77:75:f4:9b:d8:ea:0f:36:
                    49:c9:6d:91:fb:d3:cc:4c:5f:26:39:20:99:8d:68:
                    f5:af:f9:07:66:ac:78:a5:91:01:8e:b3:03:ac:05:
                    74:2d:69:df:dc:7d:e3:1c:f1:e5:9c:05:78:ac:92:
                    68:c5:ac:ad:02:b1:91:91:df:88:94:94:09:7c:69:
                    3d:bf:8a:04:47:14:5b:df:79:8e:cc:68:b6:6c:33:
                    3b:ef:c3:c0:ca:65:12:f5:ad:5d:4b:2d:14:e1:7d:
                    df:ed:b8:ee:67:5d:7c:10:ca:88:b6:10:d9:6f:10:
                    37:f0:96:52:93:81:49:95:8c:09:a2:88:43:0f:72:
                    5e:ac:19:63:38:b2:b5:0d:45:60:6a:94:37:eb:b8:
                    d7:0a:01:1a:e2:23:29:34:71:8d:f2:61:cc:68:a2:
                    1b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:FF:86:3A:D3:BB:9E:39:31:D1:65:F1:1A:8C:A9:D4:65:84:E2:50
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Cv-GOtO7njkx0WXxGoyp1GWE4lA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:2c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         cc:2d:df:35:6d:ca:4b:1d:1a:c6:c4:c8:f9:9e:c1:68:1d:fa:
         fd:28:be:7c:0f:91:c7:f6:36:aa:ef:ea:96:00:45:5b:18:11:
         13:e1:f0:8e:81:62:ab:7f:c0:1f:c3:d1:d5:9b:f2:7b:ae:0a:
         99:20:6c:d8:b6:8a:be:3a:18:8f:f5:34:03:b2:d3:14:90:53:
         96:24:38:0b:db:78:9c:38:21:7c:dd:55:c8:2d:b8:cb:51:51:
         76:27:3d:8f:40:8f:89:a5:4c:18:13:29:28:83:70:30:cc:c4:
         ce:6f:4e:db:97:23:e4:94:3b:d1:c7:3b:f6:f3:f9:98:0e:55:
         59:28:e5:1b:db:6d:71:28:9a:11:c3:a8:ef:a8:a6:95:08:7b:
         44:7d:69:d6:b3:2f:4f:69:f4:1b:74:69:53:13:62:92:5a:6d:
         52:3a:7c:ff:d6:1e:ec:84:92:82:5f:10:d1:bc:72:25:c3:16:
         4a:a1:93:e7:ec:99:ef:e7:c3:53:ff:40:b8:80:86:4d:35:58:
         8a:59:a9:97:30:9a:9c:4a:4d:aa:9e:01:82:f1:03:e5:7a:e3:
         f8:aa:ec:55:4e:2e:b3:05:14:6d:73:8d:05:c3:56:a6:d6:b8:
         af:83:5d:72:4e:70:c4:3d:33:b5:9e:6f:77:c8:f8:a6:79:ce:
         65:16:bf:c8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvTe4Yj8GdUWvbBqc9oYqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWZmODYzYWQzYmI5ZTM5MzFkMTY1ZjExYThjYTlkNDY1ODRlMjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoX6YTnBLz4ekMfBpHFcfhcq1LZBN
LWnUvLab+4uDvjiCTtrnAFvltVxNY9WdKXBZ74bXkRC/mUZrO2LggrAEyKNfzViA
Qsi8xQnCieheAeHhMoT7f602ofhPQqBUPQ8Wd3X0m9jqDzZJyW2R+9PMTF8mOSCZ
jWj1r/kHZqx4pZEBjrMDrAV0LWnf3H3jHPHlnAV4rJJoxaytArGRkd+IlJQJfGk9
v4oERxRb33mOzGi2bDM778PAymUS9a1dSy0U4X3f7bjuZ118EMqIthDZbxA38JZS
k4FJlYwJoohDD3JerBljOLK1DUVgapQ367jXCgEa4iMpNHGN8mHMaKIbQQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAr/hjrTu545MdFl8RqMqdRlhOJQMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQ3YtR090Tzduamt4MFdYeEdveXAxR1dFNGxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwALA
MA0GCSqGSIb3DQEBCwUAA4IBAQDMLd81bcpLHRrGxMj5nsFoHfr9KL58D5HH9jaq
7+qWAEVbGBET4fCOgWKrf8Afw9HVm/J7rgqZIGzYtoq+OhiP9TQDstMUkFOWJDgL
23icOCF83VXILbjLUVF2Jz2PQI+JpUwYEykog3AwzMTOb07blyPklDvRxzv28/mY
DlVZKOUb221xKJoRw6jvqKaVCHtEfWnWsy9PafQbdGlTE2KSWm1SOnz/1h7shJKC
XxDRvHIlwxZKoZPn7Jnv58NT/0C4gIZNNViKWamXMJqcSk2qngGC8QPleuP4quxV
Ti6zBRRtc40Fw1am1rivg11yTnDEPTO1nm93yPimec5lFr/I
-----END CERTIFICATE-----