Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/I-baRIreTF8OYcAnXEj5J0fLZyo.roa
File:                     I-baRIreTF8OYcAnXEj5J0fLZyo.roa (raw, json)
Hash identifier:          7U9ze56uB8SjYGE7ykl81cqdBEn27PF5xAW3k5uQSlY=
Subject key identifier:   23:E6:DA:44:8A:DE:4C:5F:0E:61:C0:27:5C:48:F9:27:47:CB:67:2A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018DB1B6C7AEE69031F7FE59C9ACA153484E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/I-baRIreTF8OYcAnXEj5J0fLZyo.roa
Signing time:             Fri 16 Feb 2024 11:39:22 +0000
ROA not before:           Fri 16 Feb 2024 11:39:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211738
IP address blocks:        2a0e:b107:fd0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:b1:b6:c7:ae:e6:90:31:f7:fe:59:c9:ac:a1:53:48:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb 16 11:39:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23e6da448ade4c5f0e61c0275c48f92747cb672a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:4c:c1:f0:0a:9f:2e:8b:c0:c1:d9:52:35:96:
                    1a:f4:88:be:ab:50:dc:8a:cb:ae:51:f2:00:ac:69:
                    33:95:92:fe:7e:37:cb:6f:d2:57:1f:2e:74:80:3c:
                    a4:6a:ab:a1:c8:53:a1:2f:58:a8:31:a6:b8:92:df:
                    f7:c2:c8:dd:b9:f6:4e:75:02:1a:28:e9:54:73:79:
                    ea:23:c7:23:9b:73:3a:03:38:ac:89:a6:7b:f6:63:
                    fe:31:87:b1:a0:f3:8c:60:77:92:02:ce:69:84:68:
                    d4:47:be:e8:e6:ec:ff:6d:f1:cf:3b:ff:5a:81:09:
                    e2:fe:61:a8:6a:e8:22:ee:da:43:d0:c7:a1:af:1f:
                    42:4f:e0:c2:36:56:d2:d1:61:9c:a9:ce:ae:b4:93:
                    60:ee:77:0d:e6:aa:5f:6b:89:15:04:3e:5f:5f:fd:
                    80:f9:07:4d:e2:e7:cc:ce:dd:a5:ba:75:18:57:5b:
                    f2:ae:7a:39:d9:47:94:fb:3e:4c:e3:4d:82:fe:60:
                    84:71:80:95:6c:40:50:60:12:31:24:26:c1:f7:c4:
                    7f:a2:16:b3:54:86:0b:4d:2d:18:35:7e:58:6d:ac:
                    34:90:f6:cc:12:f5:63:6e:fc:4e:a2:14:4b:4e:58:
                    2a:77:ff:d8:86:7a:a9:48:3c:b7:c1:96:ca:96:ce:
                    9b:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:E6:DA:44:8A:DE:4C:5F:0E:61:C0:27:5C:48:F9:27:47:CB:67:2A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/I-baRIreTF8OYcAnXEj5J0fLZyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:fd0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a8:80:b4:41:13:13:c3:5d:3c:81:de:84:f0:cc:80:14:cf:3c:
         31:9b:07:df:70:4c:7a:14:97:9e:06:25:e9:95:d6:e7:1e:40:
         9b:15:86:21:bb:3e:f7:a2:06:f7:bb:1d:9d:33:f0:18:7c:56:
         62:01:ff:cd:25:ad:5e:e7:36:d8:26:36:de:d9:f8:4d:33:46:
         05:10:67:4e:db:8f:95:7c:90:8f:9f:c1:56:57:cf:45:b0:33:
         6b:69:46:ad:e2:58:f0:e4:99:b4:38:55:6d:e3:c9:38:1e:c7:
         05:c4:97:ad:fe:8e:a3:ac:da:30:ac:ce:60:03:62:7e:bb:56:
         6a:4c:ff:33:c6:33:de:6d:1e:fa:31:1c:95:37:c6:16:4e:5d:
         ef:de:97:c3:cc:de:54:af:aa:56:4a:11:a1:13:31:29:fc:d5:
         88:ee:8a:9a:09:65:f0:ce:6e:35:02:d3:da:3f:bc:37:fd:9c:
         45:d4:5c:83:dc:66:78:25:cb:e4:72:af:a2:4b:c9:d8:c7:86:
         16:b7:1d:f0:58:c5:d5:62:95:29:2c:9d:f0:1e:e7:94:8d:00:
         11:fe:44:39:3e:54:4b:dd:0e:d7:29:84:9b:97:b5:7d:10:1e:
         02:5b:39:f6:86:10:3f:15:a2:06:d0:a7:a0:bb:cb:48:53:c7:
         3e:76:08:4d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2xtseu5pAx9/5ZyayhU0hOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMjE2MTEzOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2U2ZGE0NDhhZGU0YzVmMGU2MWMwMjc1YzQ4ZjkyNzQ3Y2I2NzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArkzB8AqfLovAwdlSNZYa9Ii+q1Dc
isuuUfIArGkzlZL+fjfLb9JXHy50gDykaquhyFOhL1ioMaa4kt/3wsjdufZOdQIa
KOlUc3nqI8cjm3M6AzisiaZ79mP+MYexoPOMYHeSAs5phGjUR77o5uz/bfHPO/9a
gQni/mGoaugi7tpD0Mehrx9CT+DCNlbS0WGcqc6utJNg7ncN5qpfa4kVBD5fX/2A
+QdN4ufMzt2lunUYV1vyrno52UeU+z5M402C/mCEcYCVbEBQYBIxJCbB98R/ohaz
VIYLTS0YNX5Ybaw0kPbMEvVjbvxOohRLTlgqd//YhnqpSDy3wZbKls6b/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCPm2kSK3kxfDmHAJ1xI+SdHy2cqMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSS1iYVJJcmVURjhPWWNBblhFajVKMGZMWnlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBw/Q
MA0GCSqGSIb3DQEBCwUAA4IBAQCogLRBExPDXTyB3oTwzIAUzzwxmwffcEx6FJee
BiXpldbnHkCbFYYhuz73ogb3ux2dM/AYfFZiAf/NJa1e5zbYJjbe2fhNM0YFEGdO
24+VfJCPn8FWV89FsDNraUat4ljw5Jm0OFVt48k4HscFxJet/o6jrNowrM5gA2J+
u1ZqTP8zxjPebR76MRyVN8YWTl3v3pfDzN5Ur6pWShGhEzEp/NWI7oqaCWXwzm41
AtPaP7w3/ZxF1FyD3GZ4Jcvkcq+iS8nYx4YWtx3wWMXVYpUpLJ3wHueUjQAR/kQ5
PlRL3Q7XKYSbl7V9EB4CWzn2hhA/FaIG0Kegu8tIU8c+dghN
-----END CERTIFICATE-----