Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/DNuoCY0PbfkgDrZJXAYZIkMpfDE.roa
File:                     DNuoCY0PbfkgDrZJXAYZIkMpfDE.roa (raw, json)
Hash identifier:          2bZRWbTKYbssDnJ2aTDQI5MzKT9lWwVrXpCIBalT7Qo=
Subject key identifier:   0C:DB:A8:09:8D:0F:6D:F9:20:0E:B6:49:5C:06:19:22:43:29:7C:31
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018EC3341514B4EEF5EF52ECAEB271B9E826
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/DNuoCY0PbfkgDrZJXAYZIkMpfDE.roa
Signing time:             Tue 09 Apr 2024 14:12:34 +0000
ROA not before:           Tue 09 Apr 2024 14:12:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200879
IP address blocks:        2a0e:b107:2090::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c3:34:15:14:b4:ee:f5:ef:52:ec:ae:b2:71:b9:e8:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr  9 14:12:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0cdba8098d0f6df9200eb6495c06192243297c31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:38:fa:de:ab:b9:1b:14:50:6e:aa:dc:26:55:
                    17:b1:f5:6b:83:a2:4c:7c:b6:f6:63:4b:b5:f4:ed:
                    5f:45:82:cc:62:46:a7:6a:17:30:7d:e3:c6:c7:a9:
                    62:4a:98:07:4e:f3:2c:a0:1d:7d:17:2f:ec:6b:c7:
                    53:72:2b:09:8c:1a:1d:b8:53:ad:6a:ac:a7:7c:95:
                    b7:4e:47:75:3c:a9:5b:90:3a:dc:c8:57:95:b8:38:
                    f5:1a:ea:ca:94:db:ff:82:ec:d2:fd:17:28:3e:48:
                    48:f9:ff:0a:49:68:60:c0:06:56:59:98:09:c6:ea:
                    0e:da:a8:10:a8:d4:55:c4:6f:e6:09:24:84:49:26:
                    b4:9a:30:6e:9c:f1:ce:a0:41:ad:9b:5a:17:23:aa:
                    9c:99:d1:c6:c4:b8:d8:ce:31:0a:07:83:27:0e:7f:
                    99:be:5c:84:eb:9b:aa:bf:bb:7b:30:08:92:42:cc:
                    ed:19:b1:1c:ef:8f:4e:e8:f4:93:8a:b6:26:71:33:
                    56:4f:2a:56:2f:18:03:1b:d5:f3:cb:02:8f:8a:31:
                    d7:8a:42:21:88:53:79:b4:78:00:e6:4c:01:30:8d:
                    fd:90:9b:64:84:d0:5a:1e:d2:8e:ce:f7:df:09:7c:
                    fa:e4:22:b5:9a:3e:ec:4c:d7:7e:95:22:2d:96:d2:
                    c6:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:DB:A8:09:8D:0F:6D:F9:20:0E:B6:49:5C:06:19:22:43:29:7C:31
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/DNuoCY0PbfkgDrZJXAYZIkMpfDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:2090::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:a2:52:5a:5f:00:5a:b1:2a:a2:02:09:d5:a9:1d:03:6f:09:
         55:5a:7d:ee:23:96:f2:bf:64:02:81:14:08:0d:67:6d:30:0c:
         8c:bb:0c:c6:d4:fc:82:cb:fe:21:c4:fa:fe:2f:93:37:2b:94:
         5e:df:91:26:6f:4b:50:9b:7e:8e:a7:aa:5b:d8:76:91:0f:6f:
         a9:ac:1a:1a:49:6a:ca:24:fa:32:a6:b8:54:6c:0f:23:49:d3:
         67:a1:49:81:ab:b1:6f:cd:b3:2c:49:ad:ea:db:e7:20:e5:c6:
         21:af:59:31:07:0b:c6:0f:50:4e:37:5c:03:6b:fd:f8:ac:84:
         22:07:8b:08:c8:6d:79:5b:b5:8f:44:c3:ed:66:bc:f1:4a:af:
         2d:08:b5:6c:be:b8:49:35:12:ad:47:0c:6d:96:51:35:4d:09:
         50:1d:a2:e7:92:bf:7d:e8:bf:45:cc:dc:89:8a:4e:14:cf:05:
         e8:9b:2e:da:bf:88:3f:3f:ba:3a:79:62:74:25:2d:53:5a:dd:
         b8:a7:57:87:9a:9d:a6:47:30:68:3b:3e:9c:9a:c9:0c:43:7b:
         b4:f9:0b:5d:3c:4d:f4:fc:a9:af:59:7f:c6:78:92:25:2d:07:
         d2:9f:2c:05:73:93:aa:75:6e:5d:4e:65:0a:b7:93:67:e4:92:
         b1:66:08:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY7DNBUUtO7171LsrrJxuegmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNDA5MTQxMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2RiYTgwOThkMGY2ZGY5MjAwZWI2NDk1YzA2MTkyMjQzMjk3YzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTj63qu5GxRQbqrcJlUXsfVrg6JM
fLb2Y0u19O1fRYLMYkanahcwfePGx6liSpgHTvMsoB19Fy/sa8dTcisJjBoduFOt
aqynfJW3Tkd1PKlbkDrcyFeVuDj1GurKlNv/guzS/RcoPkhI+f8KSWhgwAZWWZgJ
xuoO2qgQqNRVxG/mCSSESSa0mjBunPHOoEGtm1oXI6qcmdHGxLjYzjEKB4MnDn+Z
vlyE65uqv7t7MAiSQsztGbEc749O6PSTirYmcTNWTypWLxgDG9XzywKPijHXikIh
iFN5tHgA5kwBMI39kJtkhNBaHtKOzvffCXz65CK1mj7sTNd+lSItltLG2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAzbqAmND235IA62SVwGGSJDKXwxMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRE51b0NZMFBiZmtnRHJaSlhBWVpJa01wZkRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xByCQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAFolJaXwBasSqiAgnVqR0DbwlVWn3uI5byv2QC
gRQIDWdtMAyMuwzG1PyCy/4hxPr+L5M3K5Re35Emb0tQm36Op6pb2HaRD2+prBoa
SWrKJPoyprhUbA8jSdNnoUmBq7FvzbMsSa3q2+cg5cYhr1kxBwvGD1BON1wDa/34
rIQiB4sIyG15W7WPRMPtZrzxSq8tCLVsvrhJNRKtRwxtllE1TQlQHaLnkr996L9F
zNyJik4UzwXomy7av4g/P7o6eWJ0JS1TWt24p1eHmp2mRzBoOz6cmskMQ3u0+Qtd
PE30/KmvWX/GeJIlLQfSnywFc5OqdW5dTmUKt5Nn5JKxZgg8
-----END CERTIFICATE-----