Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/IdUDZw6zDGbtYwpUJjXGBJh9j6A.roa
File:                     IdUDZw6zDGbtYwpUJjXGBJh9j6A.roa (raw, json)
Hash identifier:          snjl15WlnLfS2a6bNKV75VWBSlGCYuST/vXePg8wGU0=
Subject key identifier:   21:D5:03:67:0E:B3:0C:66:ED:63:0A:54:26:35:C6:04:98:7D:8F:A0
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0191AAA3BF439D51D48759F543BC4F00C224
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/IdUDZw6zDGbtYwpUJjXGBJh9j6A.roa
Signing time:             Sat 31 Aug 2024 22:52:23 +0000
ROA not before:           Sat 31 Aug 2024 22:52:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201412
IP address blocks:        2a0e:b107:1cf0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:aa:a3:bf:43:9d:51:d4:87:59:f5:43:bc:4f:00:c2:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Aug 31 22:52:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=21d503670eb30c66ed630a542635c604987d8fa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:41:5f:56:37:1f:34:46:ad:42:f0:a5:2b:34:
                    72:66:29:a0:57:04:6b:08:ee:aa:5b:bf:7b:a6:b3:
                    94:a1:c6:ef:17:74:0a:9e:5b:1b:ed:dc:0c:a6:11:
                    eb:fd:82:e3:e8:63:87:12:41:be:1d:74:62:f5:06:
                    c2:03:29:e2:90:f6:74:2f:c8:c6:6b:74:a4:03:0b:
                    f1:a9:fa:3b:5a:49:fe:8b:d0:7c:07:43:5d:b3:03:
                    4f:aa:d8:3e:18:17:9c:5e:bb:43:6f:78:22:46:35:
                    64:34:f1:17:82:34:b2:a5:f2:08:d2:4b:69:58:75:
                    ad:e7:f3:3f:d6:93:9e:81:b1:42:22:30:94:45:6d:
                    15:ce:8c:39:17:55:7e:de:d5:fa:b5:be:57:bb:e3:
                    49:69:6e:8a:2e:b1:79:d7:8b:22:54:be:f8:f7:48:
                    e8:4c:bd:42:e9:1c:b6:50:64:fb:0b:e2:20:b0:6c:
                    44:c4:83:f4:0b:0a:4c:13:de:c8:d5:bf:e5:bf:1b:
                    a0:5e:5d:69:05:44:6f:77:67:75:23:0b:c9:20:a9:
                    94:4e:38:1f:3c:e5:11:44:f5:42:d3:a3:a5:23:16:
                    ab:79:0d:06:e6:62:08:9f:2c:c5:74:de:7a:5b:cb:
                    b1:b0:b6:eb:70:a0:4c:e5:8e:a3:39:e3:29:45:6f:
                    4f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:D5:03:67:0E:B3:0C:66:ED:63:0A:54:26:35:C6:04:98:7D:8F:A0
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/IdUDZw6zDGbtYwpUJjXGBJh9j6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1cf0::/44

    Signature Algorithm: sha256WithRSAEncryption
         3a:e0:88:67:ee:b2:63:b4:50:9c:ed:80:c6:ce:0a:2a:20:f9:
         32:b3:68:76:c8:84:ea:52:4d:29:ca:25:37:44:e8:53:7e:27:
         47:6b:d0:1f:ac:c5:01:a9:36:e9:5e:e3:90:09:5b:2f:aa:5a:
         af:6c:d6:9f:7a:46:31:e5:03:64:c2:69:6b:35:96:b5:b3:38:
         65:aa:6f:2d:e0:32:4d:a1:85:e2:08:88:17:67:6d:ca:e5:02:
         5c:dd:05:f3:a5:fa:31:28:74:53:9e:ab:74:93:1e:1d:50:6b:
         8a:42:ec:35:bd:88:de:01:36:7e:57:a0:8c:b0:35:5d:04:b2:
         2e:f2:39:83:4b:0e:ea:b5:9b:66:b0:19:af:14:20:a2:c1:61:
         e8:8d:a8:c8:25:09:19:58:71:b4:07:46:88:4a:a6:a3:27:12:
         28:08:d8:01:74:e1:71:5d:c0:66:6d:fe:68:f8:0f:c1:ed:b7:
         b0:19:22:0b:a8:78:36:f5:89:05:3c:1a:6d:19:cf:db:5d:68:
         2c:12:a9:73:9c:00:47:19:b7:ba:a8:5f:53:3e:62:29:0c:6f:
         c3:97:4a:e4:a9:77:f0:0c:53:97:a1:00:66:02:12:02:f2:ea:
         12:36:06:cb:a0:b2:c7:08:aa:3b:b9:64:ef:bd:35:ff:00:82:
         0a:00:06:ce
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZGqo79DnVHUh1n1Q7xPAMIkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwODMxMjI1MjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWQ1MDM2NzBlYjMwYzY2ZWQ2MzBhNTQyNjM1YzYwNDk4N2Q4ZmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0FfVjcfNEatQvClKzRyZimgVwRr
CO6qW797prOUocbvF3QKnlsb7dwMphHr/YLj6GOHEkG+HXRi9QbCAynikPZ0L8jG
a3SkAwvxqfo7Wkn+i9B8B0NdswNPqtg+GBecXrtDb3giRjVkNPEXgjSypfII0ktp
WHWt5/M/1pOegbFCIjCURW0Vzow5F1V+3tX6tb5Xu+NJaW6KLrF514siVL7490jo
TL1C6Ry2UGT7C+IgsGxExIP0CwpME97I1b/lvxugXl1pBURvd2d1IwvJIKmUTjgf
POURRPVC06OlIxareQ0G5mIInyzFdN56W8uxsLbrcKBM5Y6jOeMpRW9PhQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCHVA2cOswxm7WMKVCY1xgSYfY+gMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSWRVRFp3NnpER2J0WXdwVUpqWEdCSmg5ajZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxzw
MA0GCSqGSIb3DQEBCwUAA4IBAQA64Ihn7rJjtFCc7YDGzgoqIPkys2h2yITqUk0p
yiU3ROhTfidHa9AfrMUBqTbpXuOQCVsvqlqvbNafekYx5QNkwmlrNZa1szhlqm8t
4DJNoYXiCIgXZ23K5QJc3QXzpfoxKHRTnqt0kx4dUGuKQuw1vYjeATZ+V6CMsDVd
BLIu8jmDSw7qtZtmsBmvFCCiwWHojajIJQkZWHG0B0aISqajJxIoCNgBdOFxXcBm
bf5o+A/B7bewGSILqHg29YkFPBptGc/bXWgsEqlznABHGbe6qF9TPmIpDG/Dl0rk
qXfwDFOXoQBmAhIC8uoSNgbLoLLHCKo7uWTvvTX/AIIKAAbO
-----END CERTIFICATE-----