Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GgtIJsd8Me3Z_1aBFtFTytXh4F4.roa
File:                     GgtIJsd8Me3Z_1aBFtFTytXh4F4.roa (raw, json)
Hash identifier:          TmDhElANdfmeCNpdIrp9K0A6DXVh25SWNJFukHmvX3I=
Subject key identifier:   1A:0B:48:26:C7:7C:31:ED:D9:FF:56:81:16:D1:53:CA:D5:E1:E0:5E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018E9036AAA9AFACE6862B9694C4FF024117
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GgtIJsd8Me3Z_1aBFtFTytXh4F4.roa
Signing time:             Sat 30 Mar 2024 16:34:45 +0000
ROA not before:           Sat 30 Mar 2024 16:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43607
IP address blocks:        2a0e:b107:28a4::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:90:36:aa:a9:af:ac:e6:86:2b:96:94:c4:ff:02:41:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Mar 30 16:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a0b4826c77c31edd9ff568116d153cad5e1e05e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:43:4c:57:9f:22:bc:9c:d4:89:79:de:eb:76:
                    88:a4:3e:dd:45:40:74:ac:9a:10:eb:f0:1e:70:d6:
                    9d:26:aa:c5:0b:dd:33:56:cc:a9:65:95:df:06:4a:
                    63:88:93:18:f7:57:c0:6f:15:45:9f:5e:f3:11:59:
                    77:b7:3c:b2:03:9e:63:09:95:0d:a3:51:17:c0:4d:
                    d8:27:2e:53:2b:b1:f0:32:70:fc:62:5b:ec:3d:69:
                    ae:db:0f:f4:20:81:f6:1d:ab:06:fa:cb:00:e2:0d:
                    43:7f:91:06:e2:32:8f:6b:f6:2d:2b:87:ec:88:92:
                    25:c7:7a:44:a8:fe:83:55:76:29:99:8c:6d:ce:f9:
                    86:7f:89:74:25:69:4a:39:b4:b5:6d:fb:07:97:c8:
                    9e:f0:ee:54:99:fc:1a:8d:b2:34:f6:f9:c8:30:f8:
                    99:df:2a:a1:b0:d5:d9:ad:50:00:21:a4:17:a7:8f:
                    be:4f:5e:af:1c:1b:e3:38:2c:22:52:b3:58:1e:44:
                    13:8d:82:8c:c0:f3:a4:42:42:cf:e3:9f:2b:8c:f1:
                    1f:44:a1:2f:7f:5c:16:8b:eb:e4:91:9c:c9:07:8e:
                    60:cd:57:7c:c6:f4:b7:27:f4:3e:47:57:6a:45:03:
                    d4:a0:89:06:6f:17:a4:cd:dc:7e:5e:05:57:15:ea:
                    34:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:0B:48:26:C7:7C:31:ED:D9:FF:56:81:16:D1:53:CA:D5:E1:E0:5E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GgtIJsd8Me3Z_1aBFtFTytXh4F4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:28a4::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:12:dd:ba:6e:80:41:db:9e:3a:86:19:92:0b:41:57:8f:76:
         4f:b5:11:23:bd:68:82:00:4d:34:4d:3f:af:d5:37:8d:cf:cb:
         e4:a8:c9:79:07:8e:8d:8a:b8:81:b6:0b:1e:b8:05:cb:60:e6:
         d1:07:6d:b7:b4:a0:4a:ef:e1:71:1e:0a:6c:5a:af:8e:41:63:
         3f:b5:e9:be:38:08:23:d2:f3:0c:5d:08:2f:b1:85:68:c1:cc:
         9a:cd:ba:bf:0c:db:d1:42:d6:5a:e3:f4:c5:5d:a6:ce:a9:da:
         ff:77:aa:83:4d:04:5e:e3:c3:a6:42:51:61:c2:03:f8:75:a5:
         de:27:5e:6b:e1:16:6f:41:5f:b5:a7:b1:e7:2a:48:6c:a7:cd:
         7e:88:3e:68:06:27:0d:5b:b3:cd:f9:5a:d0:84:46:0b:87:97:
         17:c6:45:c3:42:b6:6d:86:c7:e4:0a:cc:94:bc:45:a0:30:fb:
         58:c9:ab:2a:3d:c9:00:86:7e:81:c1:5d:09:7d:d3:05:ba:a9:
         dd:cf:73:70:c7:a5:76:6a:51:4e:e5:e2:1d:bd:7f:e5:ed:11:
         cd:ce:7a:c4:1d:88:fc:ca:49:7c:81:07:51:6d:e1:d5:e3:e8:
         e2:32:cc:d4:0f:ba:ee:15:fa:f2:6e:fb:97:c0:f5:83:42:51:
         ad:df:f7:08
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY6QNqqpr6zmhiuWlMT/AkEXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMzMwMTYzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTBiNDgyNmM3N2MzMWVkZDlmZjU2ODExNmQxNTNjYWQ1ZTFlMDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0NMV58ivJzUiXne63aIpD7dRUB0
rJoQ6/AecNadJqrFC90zVsypZZXfBkpjiJMY91fAbxVFn17zEVl3tzyyA55jCZUN
o1EXwE3YJy5TK7HwMnD8YlvsPWmu2w/0IIH2HasG+ssA4g1Df5EG4jKPa/YtK4fs
iJIlx3pEqP6DVXYpmYxtzvmGf4l0JWlKObS1bfsHl8ie8O5UmfwajbI09vnIMPiZ
3yqhsNXZrVAAIaQXp4++T16vHBvjOCwiUrNYHkQTjYKMwPOkQkLP458rjPEfRKEv
f1wWi+vkkZzJB45gzVd8xvS3J/Q+R1dqRQPUoIkGbxekzdx+XgVXFeo0JQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBoLSCbHfDHt2f9WgRbRU8rV4eBeMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvR2d0SUpzZDhNZTNaXzFhQkZ0RlR5dFhoNEY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xByik
MA0GCSqGSIb3DQEBCwUAA4IBAQAsEt26boBB2546hhmSC0FXj3ZPtREjvWiCAE00
TT+v1TeNz8vkqMl5B46NiriBtgseuAXLYObRB223tKBK7+FxHgpsWq+OQWM/tem+
OAgj0vMMXQgvsYVowcyazbq/DNvRQtZa4/TFXabOqdr/d6qDTQRe48OmQlFhwgP4
daXeJ15r4RZvQV+1p7HnKkhsp81+iD5oBicNW7PN+VrQhEYLh5cXxkXDQrZthsfk
CsyUvEWgMPtYyasqPckAhn6BwV0JfdMFuqndz3Nwx6V2alFO5eIdvX/l7RHNznrE
HYj8ykl8gQdRbeHV4+jiMszUD7ruFfrybvuXwPWDQlGt3/cI
-----END CERTIFICATE-----