Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EEsHi1iSnV_bBvy5njSr4nPoBTM.roa
File:                     EEsHi1iSnV_bBvy5njSr4nPoBTM.roa (raw, json)
Hash identifier:          mDyZ4P5ADlb+pMrJo1w9zZlGNDcXOGFrSLgryn0aUAk=
Subject key identifier:   10:4B:07:8B:58:92:9D:5F:DB:06:FC:B9:9E:34:AB:E2:73:E8:05:33
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD0AEAA8F5E6F5CEE528FA0DC12C7A
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EEsHi1iSnV_bBvy5njSr4nPoBTM.roa
Signing time:             Tue 02 Jan 2024 10:34:18 +0000
ROA not before:           Tue 02 Jan 2024 10:34:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204778
IP address blocks:        2a0e:97c0:b33::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:0a:ea:a8:f5:e6:f5:ce:e5:28:fa:0d:c1:2c:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=104b078b58929d5fdb06fcb99e34abe273e80533
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:a9:97:78:a5:00:82:0c:3d:55:63:5b:a8:37:
                    a5:56:16:65:21:01:de:9e:c4:74:07:68:d1:5d:a2:
                    cc:28:df:9a:63:22:2b:d3:f3:9d:0d:d5:d2:7c:85:
                    a1:d5:9b:1a:23:3d:28:25:27:c8:73:26:d3:e8:3d:
                    56:b4:3f:5e:26:c1:fe:d9:b3:48:72:4e:48:32:11:
                    08:51:b3:98:06:ba:5f:0b:3c:54:42:dd:b4:05:00:
                    aa:d8:e3:12:5b:94:98:18:12:6c:40:b6:c9:b4:46:
                    6d:31:de:bc:bb:25:bb:3a:a1:1f:f1:99:bd:1f:8c:
                    b9:f5:be:cc:30:86:07:66:52:39:fe:67:15:93:ba:
                    37:0c:c2:e0:db:d7:84:85:12:8b:21:34:b2:70:c4:
                    29:94:24:4d:07:33:1c:73:34:87:3c:0f:ac:fe:ee:
                    4a:f5:9f:db:b3:73:84:6a:ab:9a:ee:9c:af:94:20:
                    3a:72:50:22:8b:da:ac:62:fa:22:a7:e5:16:44:4e:
                    f5:9e:3f:1d:b5:d9:8e:3e:72:9f:83:46:07:cf:b2:
                    25:1f:35:0a:58:09:ca:2f:5d:22:3b:8e:74:6c:06:
                    63:0e:53:19:5b:d2:73:d8:70:4e:00:9c:b9:8c:1e:
                    57:6a:1a:31:4d:50:9b:d6:4a:26:ca:bf:59:9a:0e:
                    c9:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:4B:07:8B:58:92:9D:5F:DB:06:FC:B9:9E:34:AB:E2:73:E8:05:33
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EEsHi1iSnV_bBvy5njSr4nPoBTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:b33::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:69:09:7d:3d:46:a4:af:52:22:18:93:a0:75:94:73:53:e7:
         28:fc:54:6d:e9:ae:d4:30:6b:c9:e8:e5:1c:d2:a3:12:f9:da:
         09:28:af:5c:b8:62:95:ed:40:81:71:ae:c1:0a:41:c4:dd:f7:
         a9:c4:21:03:21:d1:6c:a8:17:aa:20:1c:1c:06:88:7d:b1:cc:
         27:29:f2:b0:82:21:43:48:10:22:c5:95:ce:45:6e:4f:ca:fa:
         1e:06:66:82:92:bb:74:ff:9f:8b:cf:d8:30:c0:f4:b5:50:71:
         10:10:08:b7:8d:12:d6:27:4f:a3:e2:b1:fa:67:91:d2:d8:fe:
         07:bd:46:19:15:ec:9a:c5:e8:8b:2c:88:15:69:33:70:f0:32:
         2b:f7:65:18:c5:43:94:42:2d:0f:35:5b:52:ec:83:89:67:f0:
         12:87:d4:c6:06:1b:d7:3c:ac:6d:ab:a9:7e:d0:f6:0b:a8:e6:
         72:06:f3:b0:fd:64:0d:52:af:93:df:18:a8:25:59:2a:c2:4f:
         56:70:9b:3c:3d:dc:56:be:b3:d4:91:31:f3:20:fb:cb:1d:b4:
         55:a5:6a:c2:0f:53:37:d3:94:64:9a:eb:62:6d:5f:c1:1b:d7:
         f7:c9:aa:56:4c:da:ff:5a:05:8e:1c:36:52:ec:19:a2:24:d0:
         e2:5b:3f:85
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvQrqqPXm9c7lKPoNwSx6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDRiMDc4YjU4OTI5ZDVmZGIwNmZjYjk5ZTM0YWJlMjczZTgwNTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjqmXeKUAggw9VWNbqDelVhZlIQHe
nsR0B2jRXaLMKN+aYyIr0/OdDdXSfIWh1ZsaIz0oJSfIcybT6D1WtD9eJsH+2bNI
ck5IMhEIUbOYBrpfCzxUQt20BQCq2OMSW5SYGBJsQLbJtEZtMd68uyW7OqEf8Zm9
H4y59b7MMIYHZlI5/mcVk7o3DMLg29eEhRKLITSycMQplCRNBzMcczSHPA+s/u5K
9Z/bs3OEaqua7pyvlCA6clAii9qsYvoip+UWRE71nj8dtdmOPnKfg0YHz7IlHzUK
WAnKL10iO450bAZjDlMZW9Jz2HBOAJy5jB5XahoxTVCb1komyr9Zmg7JCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBBLB4tYkp1f2wb8uZ40q+Jz6AUzMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRUVzSGkxaVNuVl9iQnZ5NW5qU3I0blBvQlRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6XwAsz
MA0GCSqGSIb3DQEBCwUAA4IBAQA7aQl9PUakr1IiGJOgdZRzU+co/FRt6a7UMGvJ
6OUc0qMS+doJKK9cuGKV7UCBca7BCkHE3fepxCEDIdFsqBeqIBwcBoh9scwnKfKw
giFDSBAixZXORW5PyvoeBmaCkrt0/5+Lz9gwwPS1UHEQEAi3jRLWJ0+j4rH6Z5HS
2P4HvUYZFeyaxeiLLIgVaTNw8DIr92UYxUOUQi0PNVtS7IOJZ/ASh9TGBhvXPKxt
q6l+0PYLqOZyBvOw/WQNUq+T3xioJVkqwk9WcJs8PdxWvrPUkTHzIPvLHbRVpWrC
D1M305RkmutibV/BG9f3yapWTNr/WgWOHDZS7BmiJNDiWz+F
-----END CERTIFICATE-----