Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/H0Wf-gdMrGLIGjmlhG6hF7nkSFc.roa
File:                     H0Wf-gdMrGLIGjmlhG6hF7nkSFc.roa (raw, json)
Hash identifier:          MTEVV54ExImtaS94cfHSzdmBzHjhlLpf02o2/LmnvG4=
Subject key identifier:   1F:45:9F:FA:07:4C:AC:62:C8:1A:39:A5:84:6E:A1:17:B9:E4:48:57
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD0E6493ECDCDC33277E25039ECAAE
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/H0Wf-gdMrGLIGjmlhG6hF7nkSFc.roa
Signing time:             Tue 02 Jan 2024 10:34:19 +0000
ROA not before:           Tue 02 Jan 2024 10:34:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205531
IP address blocks:        2a0e:b107:178b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:0e:64:93:ec:dc:dc:33:27:7e:25:03:9e:ca:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f459ffa074cac62c81a39a5846ea117b9e44857
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:5e:80:8a:54:14:72:ca:d3:a3:f2:9f:96:de:
                    2d:f0:cd:2f:2a:65:ab:76:58:2f:25:f3:db:3a:02:
                    bb:41:93:a1:d8:31:41:17:e0:2c:73:7a:9e:34:0b:
                    61:e6:1b:cb:08:be:68:70:69:1e:b5:31:b5:26:d4:
                    ac:70:ee:fe:8b:71:65:ae:c6:ab:d9:13:be:b9:87:
                    3b:a8:c3:86:19:8b:6a:68:ff:aa:04:5f:0f:92:2d:
                    4c:30:d7:80:e1:fc:fd:d9:50:38:ba:5b:e5:fc:28:
                    74:9b:34:4f:cb:e9:d6:f7:d8:93:89:c3:a2:50:02:
                    60:d5:1f:fb:09:c7:cb:2a:e9:62:4b:4c:b2:34:e3:
                    20:a6:2d:39:a8:3a:f8:cd:56:d7:11:1e:fc:9b:91:
                    7a:fc:b2:84:89:84:d3:8e:53:0a:43:17:8f:ec:95:
                    0a:9a:f0:41:39:53:af:42:31:4e:26:68:6e:5b:db:
                    04:a3:84:df:10:8b:7c:9a:60:01:44:4d:af:2c:1a:
                    d6:c0:c8:52:51:48:15:ac:e7:13:23:68:43:fd:20:
                    00:1f:7d:83:ea:4a:82:95:48:db:42:1c:ba:08:0a:
                    e8:1e:c9:0d:c0:20:6e:34:ac:f1:ef:af:f9:eb:2d:
                    e6:e5:e1:2e:83:65:43:23:5c:e5:02:61:ee:0d:b9:
                    29:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:45:9F:FA:07:4C:AC:62:C8:1A:39:A5:84:6E:A1:17:B9:E4:48:57
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/H0Wf-gdMrGLIGjmlhG6hF7nkSFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:178b::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:ba:ab:3f:97:2c:4b:25:54:22:90:bf:f4:e3:f4:db:a2:69:
         cd:46:36:91:4d:00:8b:b2:35:73:c3:1b:c8:71:bf:8e:2c:28:
         51:90:5e:d2:e2:ce:cb:da:f2:93:b9:c2:bf:79:dc:71:ad:53:
         64:5b:31:e6:df:1b:f1:92:ec:f9:75:b6:5d:f9:61:6b:16:11:
         13:e7:44:be:b7:70:6e:da:ec:1e:b7:b1:7a:85:f3:1d:a4:f6:
         2e:92:b4:06:e9:27:31:e6:a1:af:97:af:4d:4b:5b:30:be:b8:
         a5:f1:2f:20:9c:36:c9:46:58:ae:3c:b7:a7:0d:2d:50:df:28:
         0d:51:c2:8c:21:1d:79:58:81:7c:eb:ae:3b:66:19:ba:a3:fa:
         f0:b0:61:1c:94:ba:ca:1e:ad:82:41:07:76:28:9f:b8:35:6c:
         cc:30:46:e4:4d:c3:78:99:44:50:22:b2:6e:55:ce:28:ad:a3:
         b6:71:46:1c:91:81:a2:cb:df:6d:fc:fa:15:c5:55:b0:a9:8b:
         ce:41:f6:85:52:7d:45:8d:b1:f7:62:c0:62:98:74:5e:82:a2:
         b8:44:c3:25:8e:a5:52:5a:db:18:f9:0c:d6:65:a5:25:1c:0c:
         59:03:e5:08:cc:11:9c:f9:ca:cd:af:11:1d:00:a6:f4:40:2c:
         bf:24:bc:1d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvQ5kk+zc3DMnfiUDnsquMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjQ1OWZmYTA3NGNhYzYyYzgxYTM5YTU4NDZlYTExN2I5ZTQ0ODU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjF6AilQUcsrTo/Kflt4t8M0vKmWr
dlgvJfPbOgK7QZOh2DFBF+Asc3qeNAth5hvLCL5ocGketTG1JtSscO7+i3Flrsar
2RO+uYc7qMOGGYtqaP+qBF8Pki1MMNeA4fz92VA4ulvl/Ch0mzRPy+nW99iTicOi
UAJg1R/7CcfLKuliS0yyNOMgpi05qDr4zVbXER78m5F6/LKEiYTTjlMKQxeP7JUK
mvBBOVOvQjFOJmhuW9sEo4TfEIt8mmABRE2vLBrWwMhSUUgVrOcTI2hD/SAAH32D
6kqClUjbQhy6CAroHskNwCBuNKzx76/56y3m5eEug2VDI1zlAmHuDbkpiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB9Fn/oHTKxiyBo5pYRuoRe55EhXMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSDBXZi1nZE1yR0xJR2ptbGhHNmhGN25rU0ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBxeL
MA0GCSqGSIb3DQEBCwUAA4IBAQAuuqs/lyxLJVQikL/04/TbomnNRjaRTQCLsjVz
wxvIcb+OLChRkF7S4s7L2vKTucK/edxxrVNkWzHm3xvxkuz5dbZd+WFrFhET50S+
t3Bu2uwet7F6hfMdpPYukrQG6Scx5qGvl69NS1swvril8S8gnDbJRliuPLenDS1Q
3ygNUcKMIR15WIF86647Zhm6o/rwsGEclLrKHq2CQQd2KJ+4NWzMMEbkTcN4mURQ
IrJuVc4oraO2cUYckYGiy99t/PoVxVWwqYvOQfaFUn1FjbH3YsBimHRegqK4RMMl
jqVSWtsY+QzWZaUlHAxZA+UIzBGc+crNrxEdAKb0QCy/JLwd
-----END CERTIFICATE-----