Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GIsrGhVqRi71ZiDW6p1qnvhydAs.roa
File:                     GIsrGhVqRi71ZiDW6p1qnvhydAs.roa (raw, json)
Hash identifier:          QSZnEN3Z4VydZHJCU7FIxJ1xJAfVoZ060+CtuGXzSJI=
Subject key identifier:   18:8B:2B:1A:15:6A:46:2E:F5:66:20:D6:EA:9D:6A:9E:F8:72:74:0B
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018DA33E8ECD4E49A2173E1E6C4FC2638877
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GIsrGhVqRi71ZiDW6p1qnvhydAs.roa
Signing time:             Tue 13 Feb 2024 16:13:22 +0000
ROA not before:           Tue 13 Feb 2024 16:13:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216049
IP address blocks:        2a0e:97c0:be0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a3:3e:8e:cd:4e:49:a2:17:3e:1e:6c:4f:c2:63:88:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb 13 16:13:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=188b2b1a156a462ef56620d6ea9d6a9ef872740b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:91:e9:a7:e9:db:66:f4:3d:a9:20:7d:f1:0a:
                    de:76:ef:f2:32:6e:fe:c9:24:f6:f7:b5:8a:1d:ac:
                    79:57:13:3e:c8:80:5f:66:d1:4a:9e:b2:63:f9:04:
                    0b:71:ff:3f:0f:34:eb:b5:65:d1:03:d6:ec:99:4d:
                    bf:bb:84:1b:4c:97:c8:9f:bf:25:8c:6c:db:38:33:
                    04:7e:b2:f0:87:9c:d9:91:ce:80:79:90:3b:2a:58:
                    62:01:a8:9e:5b:44:30:4a:d1:86:83:ac:47:6c:3a:
                    91:26:da:43:5e:6d:d1:e2:2f:c8:be:ba:f2:df:90:
                    cc:05:56:e1:4e:dd:99:36:f0:b5:6e:83:ae:bf:a6:
                    06:78:f9:9f:67:89:1d:c5:02:fc:9d:bb:7d:38:3f:
                    50:83:6b:8e:16:72:a3:1f:58:91:af:ce:2e:3b:fd:
                    eb:ad:4d:af:0d:1b:f8:23:14:50:9f:c0:3e:fb:61:
                    03:94:92:e7:4b:52:53:ce:6b:62:c2:1e:fa:9d:24:
                    c2:89:c7:9e:95:15:df:bc:3c:6b:33:1b:26:67:64:
                    48:5a:da:7b:fe:5f:cd:a6:a1:09:dd:52:40:97:53:
                    92:92:46:b2:18:b6:95:6e:0b:9b:82:de:59:ac:14:
                    4a:01:31:ab:dd:ef:32:d3:47:0d:e4:f2:21:a7:79:
                    ae:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:8B:2B:1A:15:6A:46:2E:F5:66:20:D6:EA:9D:6A:9E:F8:72:74:0B
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GIsrGhVqRi71ZiDW6p1qnvhydAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:be0::/44

    Signature Algorithm: sha256WithRSAEncryption
         92:3b:9d:1d:1b:5a:04:eb:19:b0:17:ba:4a:c7:4f:a1:54:69:
         e3:83:51:0e:a7:05:93:43:bf:bb:6c:a4:ea:6c:77:f0:72:05:
         90:b1:af:ce:60:c0:03:be:46:45:04:46:b7:1b:63:f8:26:fc:
         a5:88:70:cc:be:74:bf:64:b4:6b:0a:41:39:f5:71:ef:d5:a7:
         3f:53:53:73:36:e8:7e:f0:96:71:9e:35:0c:79:c4:22:cd:b9:
         5e:20:51:d1:65:f9:13:25:f8:87:52:ec:f3:06:1d:7e:08:6d:
         3e:ce:b6:71:09:fa:7b:c5:ea:5d:38:26:6a:8d:0e:c0:1e:8d:
         d4:c4:26:bb:24:1c:ea:22:19:61:54:51:c5:bd:68:d8:fe:f6:
         94:40:db:7b:7b:7e:c3:39:73:8b:04:4d:2c:83:26:8d:a7:98:
         30:aa:99:17:d9:6f:c6:43:1e:41:d4:32:6a:a2:92:5b:81:7d:
         3b:e9:7b:66:be:37:3b:8a:8b:f0:67:3b:e1:62:4d:e0:11:64:
         4c:de:be:a7:0e:2a:1c:3b:41:69:22:cc:2b:32:46:fa:57:60:
         9f:06:80:50:66:2b:ea:46:b6:ab:ba:fa:85:30:c2:12:b6:f0:
         39:54:59:d9:2f:fc:58:1f:c1:f1:80:71:4e:e2:16:3a:4d:80:
         29:ea:4a:64
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2jPo7NTkmiFz4ebE/CY4h3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMjEzMTYxMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODhiMmIxYTE1NmE0NjJlZjU2NjIwZDZlYTlkNmE5ZWY4NzI3NDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpHpp+nbZvQ9qSB98Qredu/yMm7+
yST297WKHax5VxM+yIBfZtFKnrJj+QQLcf8/DzTrtWXRA9bsmU2/u4QbTJfIn78l
jGzbODMEfrLwh5zZkc6AeZA7KlhiAaieW0QwStGGg6xHbDqRJtpDXm3R4i/Ivrry
35DMBVbhTt2ZNvC1boOuv6YGePmfZ4kdxQL8nbt9OD9Qg2uOFnKjH1iRr84uO/3r
rU2vDRv4IxRQn8A++2EDlJLnS1JTzmtiwh76nSTCiceelRXfvDxrMxsmZ2RIWtp7
/l/NpqEJ3VJAl1OSkkayGLaVbgubgt5ZrBRKATGr3e8y00cN5PIhp3muHwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBiLKxoVakYu9WYg1uqdap74cnQLMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvR0lzckdoVnFSaTcxWmlEVzZwMXFudmh5ZEFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAvg
MA0GCSqGSIb3DQEBCwUAA4IBAQCSO50dG1oE6xmwF7pKx0+hVGnjg1EOpwWTQ7+7
bKTqbHfwcgWQsa/OYMADvkZFBEa3G2P4JvyliHDMvnS/ZLRrCkE59XHv1ac/U1Nz
Nuh+8JZxnjUMecQizbleIFHRZfkTJfiHUuzzBh1+CG0+zrZxCfp7xepdOCZqjQ7A
Ho3UxCa7JBzqIhlhVFHFvWjY/vaUQNt7e37DOXOLBE0sgyaNp5gwqpkX2W/GQx5B
1DJqopJbgX076Xtmvjc7iovwZzvhYk3gEWRM3r6nDiocO0FpIswrMkb6V2CfBoBQ
ZivqRraruvqFMMIStvA5VFnZL/xYH8HxgHFO4hY6TYAp6kpk
-----END CERTIFICATE-----