Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/I-GtOeLhZYhsfl2DKRixLbMNGYY.roa
File:                     I-GtOeLhZYhsfl2DKRixLbMNGYY.roa (raw, json)
Hash identifier:          jwz2KGpnqwpdxXUWWFkbyE/L1EJjcZyagjlio4yN2gI=
Subject key identifier:   23:E1:AD:39:E2:E1:65:88:6C:7E:5D:83:29:18:B1:2D:B3:0D:19:86
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD47D4EA766E38EE80DD96F7FAD43E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/I-GtOeLhZYhsfl2DKRixLbMNGYY.roa
Signing time:             Tue 02 Jan 2024 10:34:34 +0000
ROA not before:           Tue 02 Jan 2024 10:34:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212746
IP address blocks:        2a0e:b107:d00::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 04:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:47:d4:ea:76:6e:38:ee:80:dd:96:f7:fa:d4:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23e1ad39e2e165886c7e5d832918b12db30d1986
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:98:f7:55:84:d9:79:4b:0a:f0:56:80:95:0f:
                    16:83:be:3f:e1:a0:76:4a:5b:76:ca:37:ac:05:78:
                    60:8b:5b:28:47:b0:d9:37:0b:83:a0:98:4d:81:b7:
                    40:06:6f:58:bf:18:58:09:00:79:f0:a6:2d:48:81:
                    76:40:9a:58:e5:a3:51:8f:6c:2f:d9:27:6d:ff:b7:
                    f3:6f:61:1a:8b:bb:06:a4:b3:c7:c5:d7:37:9f:e6:
                    2b:9b:a3:0a:53:7d:1b:14:d6:2c:ca:42:b3:02:c9:
                    e8:64:89:13:32:82:dc:81:c5:71:1f:b2:40:bd:05:
                    87:14:09:36:6f:08:f6:e7:b0:70:47:cf:a0:68:72:
                    9d:99:5c:eb:f8:39:b0:23:14:5f:ad:19:04:c9:75:
                    70:2b:7d:0b:87:7a:e2:6f:12:77:5b:c4:b7:5f:34:
                    9a:a8:f7:75:f4:be:2b:f5:ef:e4:b5:88:d4:06:b7:
                    97:2d:1e:fb:ad:bf:fa:48:05:9c:13:10:15:44:ed:
                    07:2a:fa:ca:7a:c3:72:8e:09:22:4d:a8:c9:c8:1d:
                    51:8a:3a:34:c7:81:98:97:a6:89:99:d7:98:3b:d6:
                    0c:ab:71:1b:cd:b2:f0:59:8f:4e:53:db:82:ef:76:
                    f8:1e:a5:c2:ce:d5:c1:e1:71:42:b3:c2:98:74:90:
                    71:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:E1:AD:39:E2:E1:65:88:6C:7E:5D:83:29:18:B1:2D:B3:0D:19:86
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/I-GtOeLhZYhsfl2DKRixLbMNGYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:d00::/44

    Signature Algorithm: sha256WithRSAEncryption
         19:33:ad:4f:5e:2b:03:62:8c:f0:66:14:5f:7e:97:98:15:77:
         d6:73:bd:fb:a2:b9:ab:6e:b3:53:c9:e0:5a:50:98:7c:df:dc:
         b9:5e:35:b7:eb:33:e8:fe:c6:99:8f:d8:a9:d3:2c:05:b7:21:
         a1:0f:e7:d1:5c:80:85:cc:a0:bb:4d:08:27:cb:2c:1d:15:b0:
         15:6a:e8:a3:dc:9c:f5:7c:a3:28:57:d0:6d:cb:b0:56:db:06:
         fc:9b:4e:8a:5b:20:50:90:93:c2:58:a8:fe:08:27:92:04:9e:
         5f:6f:ef:3e:b7:b4:a7:9c:2c:ce:89:ca:2d:a4:f5:4c:7b:b7:
         3b:76:d5:d9:60:df:8c:42:be:dc:c7:3e:8e:af:97:18:3e:1d:
         67:ef:31:7d:67:b9:b9:d2:77:0c:85:a5:71:5a:e9:be:26:3a:
         de:47:d1:f8:3d:67:2c:8b:52:bf:73:12:ff:4f:8a:48:7f:05:
         3c:64:7c:86:4f:5d:ac:4e:36:62:3e:fd:ac:30:e5:5d:93:d9:
         5c:8a:3b:66:e0:2c:42:a9:a0:20:71:ff:6f:cf:13:cb:9b:27:
         eb:03:cb:d0:9e:a5:a0:84:71:2d:40:b8:12:b6:9f:cd:d2:73:
         31:be:4b:52:e8:ac:b7:14:9c:0d:d5:e3:e1:48:2f:cd:ea:f2:
         d3:e6:08:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvUfU6nZuOO6A3Zb3+tQ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2UxYWQzOWUyZTE2NTg4NmM3ZTVkODMyOTE4YjEyZGIzMGQxOTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Zj3VYTZeUsK8FaAlQ8Wg74/4aB2
Slt2yjesBXhgi1soR7DZNwuDoJhNgbdABm9YvxhYCQB58KYtSIF2QJpY5aNRj2wv
2Sdt/7fzb2Eai7sGpLPHxdc3n+Yrm6MKU30bFNYsykKzAsnoZIkTMoLcgcVxH7JA
vQWHFAk2bwj257BwR8+gaHKdmVzr+DmwIxRfrRkEyXVwK30Lh3ribxJ3W8S3XzSa
qPd19L4r9e/ktYjUBreXLR77rb/6SAWcExAVRO0HKvrKesNyjgkiTajJyB1Rijo0
x4GYl6aJmdeYO9YMq3EbzbLwWY9OU9uC73b4HqXCztXB4XFCs8KYdJBxmQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCPhrTni4WWIbH5dgykYsS2zDRmGMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSS1HdE9lTGhaWWhzZmwyREtSaXhMYk1OR1lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBw0A
MA0GCSqGSIb3DQEBCwUAA4IBAQAZM61PXisDYozwZhRffpeYFXfWc737ormrbrNT
yeBaUJh839y5XjW36zPo/saZj9ip0ywFtyGhD+fRXICFzKC7TQgnyywdFbAVauij
3Jz1fKMoV9Bty7BW2wb8m06KWyBQkJPCWKj+CCeSBJ5fb+8+t7SnnCzOicotpPVM
e7c7dtXZYN+MQr7cxz6Or5cYPh1n7zF9Z7m50ncMhaVxWum+JjreR9H4PWcsi1K/
cxL/T4pIfwU8ZHyGT12sTjZiPv2sMOVdk9lcijtm4CxCqaAgcf9vzxPLmyfrA8vQ
nqWghHEtQLgStp/N0nMxvktS6Ky3FJwN1ePhSC/N6vLT5ggT
-----END CERTIFICATE-----