Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EE2q3soXZyvwTsGum7ZDX17GFvQ.roa
File:                     EE2q3soXZyvwTsGum7ZDX17GFvQ.roa (raw, json)
Hash identifier:          kxkwxSPSPGtLGxh0qicCtXLhGILuKLOGQx064mZlV5Y=
Subject key identifier:   10:4D:AA:DE:CA:17:67:2B:F0:4E:C1:AE:9B:B6:43:5F:5E:C6:16:F4
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD5B6BCED3637C39A21976B665D0FE
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EE2q3soXZyvwTsGum7ZDX17GFvQ.roa
Signing time:             Tue 02 Jan 2024 10:34:39 +0000
ROA not before:           Tue 02 Jan 2024 10:34:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     256257
IP address blocks:        2a0e:b107:219f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:5b:6b:ce:d3:63:7c:39:a2:19:76:b6:65:d0:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=104daadeca17672bf04ec1ae9bb6435f5ec616f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:cd:ac:50:31:7f:1b:79:5e:19:50:59:76:e8:
                    f3:09:dd:8e:c1:a9:35:34:14:2c:27:ee:75:33:3a:
                    cd:3e:ea:73:35:c3:86:3d:31:bd:f7:42:fe:4d:cd:
                    5d:91:0f:ad:58:eb:e5:df:a2:5e:cb:c9:67:78:a3:
                    62:22:69:1b:0a:68:e4:0e:f1:43:35:d8:a5:a9:a4:
                    7b:99:89:33:de:bc:3d:6c:5f:1b:4e:3d:d7:71:03:
                    02:b2:b2:96:28:31:8d:30:fc:67:d6:9b:a3:09:20:
                    00:8c:47:f4:00:1c:35:5e:e4:31:bb:e3:ab:9e:01:
                    06:ed:d8:5c:9b:d0:25:ae:3f:e5:6c:61:fc:00:cb:
                    bb:0c:21:e7:1f:3d:27:7b:42:d6:5a:79:28:2f:b7:
                    5b:3b:29:17:f4:f7:14:94:98:af:66:e5:44:54:ca:
                    0b:94:6c:b0:28:8c:ae:43:a0:2e:26:b4:2b:9b:a0:
                    18:b6:fe:7c:6d:9e:d9:15:be:16:f0:c7:d6:5e:d4:
                    93:bd:f8:07:db:69:1f:88:04:7d:1d:a1:63:b6:21:
                    7a:a8:de:a1:78:41:40:90:e1:6c:49:58:86:21:80:
                    4b:9c:a8:b1:8b:a0:14:1a:64:c2:76:c8:ed:61:93:
                    6c:2f:14:bb:29:d6:9a:17:fb:f1:d2:56:28:c7:45:
                    19:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:4D:AA:DE:CA:17:67:2B:F0:4E:C1:AE:9B:B6:43:5F:5E:C6:16:F4
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EE2q3soXZyvwTsGum7ZDX17GFvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:219f::/48

    Signature Algorithm: sha256WithRSAEncryption
         c3:bf:40:2b:cd:63:38:ae:81:ce:c0:81:72:d8:07:e6:5f:a6:
         39:df:8d:31:70:c3:60:c0:d1:78:65:4c:62:3e:66:a8:57:5a:
         ca:27:12:0b:00:6c:53:9e:ae:af:71:ce:57:df:f9:6e:67:5d:
         4c:3b:66:4e:ef:8d:79:ff:49:3a:d2:e6:b3:f0:14:87:c1:b4:
         17:8a:71:8f:f5:17:a6:b9:4e:4a:ca:74:55:bd:5a:fc:7c:e0:
         89:0a:15:a3:ae:8d:b2:7e:8c:77:c8:31:01:7c:2c:58:6d:c2:
         77:6c:4b:8c:68:cb:3f:68:09:3e:c1:53:02:79:24:79:18:3d:
         78:bf:85:71:33:b5:5d:fe:5f:94:3f:f3:b2:b0:6f:6e:7d:89:
         57:a1:13:39:18:ad:46:81:04:35:e0:ba:43:4f:f0:c2:67:9e:
         bf:a2:f5:b8:83:a6:27:11:60:9e:b2:3a:f1:fe:76:bc:60:b5:
         96:3c:90:39:94:9d:eb:b8:ac:72:e1:2a:d3:27:da:90:dc:29:
         0b:90:d6:4f:59:80:45:1c:d5:32:fe:21:99:7f:68:6e:e3:c3:
         46:5f:c2:6b:af:38:06:59:aa:0d:ca:c2:83:06:e8:e7:00:23:
         92:a8:89:9f:9c:4a:b7:56:d1:cc:35:f1:3a:d2:77:e6:7a:cb:
         a2:51:aa:11
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvVtrztNjfDmiGXa2ZdD+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDRkYWFkZWNhMTc2NzJiZjA0ZWMxYWU5YmI2NDM1ZjVlYzYxNmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt82sUDF/G3leGVBZdujzCd2Owak1
NBQsJ+51MzrNPupzNcOGPTG990L+Tc1dkQ+tWOvl36Jey8lneKNiImkbCmjkDvFD
NdilqaR7mYkz3rw9bF8bTj3XcQMCsrKWKDGNMPxn1pujCSAAjEf0ABw1XuQxu+Or
ngEG7dhcm9Alrj/lbGH8AMu7DCHnHz0ne0LWWnkoL7dbOykX9PcUlJivZuVEVMoL
lGywKIyuQ6AuJrQrm6AYtv58bZ7ZFb4W8MfWXtSTvfgH22kfiAR9HaFjtiF6qN6h
eEFAkOFsSViGIYBLnKixi6AUGmTCdsjtYZNsLxS7KdaaF/vx0lYox0UZawIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBBNqt7KF2cr8E7Brpu2Q19exhb0MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRUUycTNzb1haeXZ3VHNHdW03WkRYMTdHRnZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xByGf
MA0GCSqGSIb3DQEBCwUAA4IBAQDDv0ArzWM4roHOwIFy2AfmX6Y5340xcMNgwNF4
ZUxiPmaoV1rKJxILAGxTnq6vcc5X3/luZ11MO2ZO7415/0k60uaz8BSHwbQXinGP
9RemuU5KynRVvVr8fOCJChWjro2yfox3yDEBfCxYbcJ3bEuMaMs/aAk+wVMCeSR5
GD14v4VxM7Vd/l+UP/OysG9ufYlXoRM5GK1GgQQ14LpDT/DCZ56/ovW4g6YnEWCe
sjrx/na8YLWWPJA5lJ3ruKxy4SrTJ9qQ3CkLkNZPWYBFHNUy/iGZf2hu48NGX8Jr
rzgGWaoNysKDBujnACOSqImfnEq3VtHMNfE60nfmesuiUaoR
-----END CERTIFICATE-----