Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GnGgn5eYcoM7LDeUrZlGLJgKZPM.roa
File:                     GnGgn5eYcoM7LDeUrZlGLJgKZPM.roa (raw, json)
Hash identifier:          V/lgVIE/7cRep+rKFeDQl2LAbicalKLwPenD09lay1c=
Subject key identifier:   1A:71:A0:9F:97:98:72:83:3B:2C:37:94:AD:99:46:2C:98:0A:64:F3
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01929E4B722BB2220AC999E9F0499363310E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GnGgn5eYcoM7LDeUrZlGLJgKZPM.roa
Signing time:             Fri 18 Oct 2024 06:23:17 +0000
ROA not before:           Fri 18 Oct 2024 06:23:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48791
IP address blocks:        2a0e:97c0:c60::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9e:4b:72:2b:b2:22:0a:c9:99:e9:f0:49:93:63:31:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Oct 18 06:23:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a71a09f979872833b2c3794ad99462c980a64f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c0:28:50:27:a5:64:89:1c:c7:62:c0:2b:e0:
                    43:7a:99:ae:a1:c3:7f:4e:a9:9e:ba:4d:33:6e:b7:
                    e6:14:c8:18:91:4d:d8:98:8e:6e:7b:4f:40:29:21:
                    da:73:d6:07:31:30:45:30:c5:86:72:28:49:8c:42:
                    0f:81:56:4e:0c:5e:94:c6:87:ea:28:5c:b1:19:77:
                    e5:30:f6:9d:5b:23:e5:16:fa:f7:ff:e0:53:98:3b:
                    5b:20:65:e1:b6:fb:8f:f8:81:6f:7c:cd:34:2b:15:
                    78:a8:bb:39:92:7c:ca:0c:47:0d:7d:13:21:54:7e:
                    cb:48:8a:cb:77:79:9f:89:b0:38:b6:11:ed:c0:3b:
                    a9:fe:bd:af:ef:92:44:d5:29:b3:62:78:79:4a:46:
                    3c:83:9c:fa:fc:be:59:43:12:ee:72:c2:e7:ac:d8:
                    d0:e6:30:ab:9c:70:a7:80:c2:79:e9:ec:c2:8e:e1:
                    5c:71:5e:c4:bf:65:d4:47:d5:5b:72:5e:e6:91:ba:
                    01:f4:e4:6e:c4:f0:88:8b:68:4f:8a:9c:9f:8b:57:
                    60:10:ba:19:6b:37:e9:05:67:1a:48:bc:db:65:2b:
                    b2:87:98:da:89:23:48:14:bd:e3:b6:a3:ea:ac:14:
                    9f:ac:59:17:74:56:ad:3e:81:b1:bd:fe:29:44:d2:
                    38:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:71:A0:9F:97:98:72:83:3B:2C:37:94:AD:99:46:2C:98:0A:64:F3
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GnGgn5eYcoM7LDeUrZlGLJgKZPM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:c60::/44

    Signature Algorithm: sha256WithRSAEncryption
         71:69:5b:68:24:ea:be:ef:79:e5:72:b0:8a:31:e5:7d:4d:d5:
         d3:69:e0:fd:24:26:cf:a3:7e:18:7b:27:bd:64:8f:14:3d:ab:
         95:a3:72:fe:d5:bf:1a:1f:9a:76:6e:9a:48:39:f6:0a:37:bd:
         ca:a9:78:a6:54:af:c3:dc:31:df:c7:d3:22:3d:f3:be:ef:ae:
         3e:13:7b:21:4f:40:96:47:2d:8c:bd:f8:11:43:88:c6:71:0b:
         cb:14:ec:3e:d0:9b:6e:3c:5d:dd:c8:7b:1e:e8:4e:b4:73:00:
         02:7a:95:c6:b0:8f:fd:81:ee:d2:c7:5f:08:07:9d:92:fc:2b:
         2f:58:8f:b1:34:62:d2:47:30:b8:ea:0b:72:6a:86:2c:64:0a:
         cf:42:60:51:70:d6:dc:73:e7:a5:b0:16:c4:b3:75:0c:10:7e:
         04:52:11:3d:70:de:c6:f5:49:f0:ea:f4:3c:ff:78:6a:8e:d4:
         59:5d:a7:d4:e9:60:a5:b5:6d:47:92:e4:a7:1e:7f:60:b6:13:
         eb:5b:9d:47:ab:b9:67:25:97:ea:71:2f:6f:0e:5d:eb:62:d4:
         4f:d1:a2:6f:f3:fe:c2:aa:7f:ba:f5:a2:f4:44:53:e7:8a:65:
         8e:b7:76:19:58:26:3c:d9:7b:e2:d2:31:a2:b6:67:41:3a:84:
         99:7e:9c:9e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZKeS3IrsiIKyZnp8EmTYzEOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQxMDE4MDYyMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTcxYTA5Zjk3OTg3MjgzM2IyYzM3OTRhZDk5NDYyYzk4MGE2NGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsAoUCelZIkcx2LAK+BDepmuocN/
Tqmeuk0zbrfmFMgYkU3YmI5ue09AKSHac9YHMTBFMMWGcihJjEIPgVZODF6Uxofq
KFyxGXflMPadWyPlFvr3/+BTmDtbIGXhtvuP+IFvfM00KxV4qLs5knzKDEcNfRMh
VH7LSIrLd3mfibA4thHtwDup/r2v75JE1SmzYnh5SkY8g5z6/L5ZQxLucsLnrNjQ
5jCrnHCngMJ56ezCjuFccV7Ev2XUR9Vbcl7mkboB9ORuxPCIi2hPipyfi1dgELoZ
azfpBWcaSLzbZSuyh5jaiSNIFL3jtqPqrBSfrFkXdFatPoGxvf4pRNI4XwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBpxoJ+XmHKDOyw3lK2ZRiyYCmTzMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvR25HZ241ZVljb003TERlVXJabEdMSmdLWlBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAxg
MA0GCSqGSIb3DQEBCwUAA4IBAQBxaVtoJOq+73nlcrCKMeV9TdXTaeD9JCbPo34Y
eye9ZI8UPauVo3L+1b8aH5p2bppIOfYKN73KqXimVK/D3DHfx9MiPfO+764+E3sh
T0CWRy2MvfgRQ4jGcQvLFOw+0JtuPF3dyHse6E60cwACepXGsI/9ge7Sx18IB52S
/CsvWI+xNGLSRzC46gtyaoYsZArPQmBRcNbcc+elsBbEs3UMEH4EUhE9cN7G9Unw
6vQ8/3hqjtRZXafU6WCltW1HkuSnHn9gthPrW51Hq7lnJZfqcS9vDl3rYtRP0aJv
8/7Cqn+69aL0RFPnimWOt3YZWCY82Xvi0jGitmdBOoSZfpye
-----END CERTIFICATE-----