Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/IgQJcJ1subfgMC3G7MWBINDsUxI.roa
File:                     IgQJcJ1subfgMC3G7MWBINDsUxI.roa (raw, json)
Hash identifier:          kRl2uruZsY4jLmqAj9kbmYvyA7iu7XDbdLJUDTMeSZE=
Subject key identifier:   22:04:09:70:9D:6C:B9:B7:E0:30:2D:C6:EC:C5:81:20:D0:EC:53:12
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCC2DCE2900175ED4423C05F9AECF2
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/IgQJcJ1subfgMC3G7MWBINDsUxI.roa
Signing time:             Tue 02 Jan 2024 10:34:00 +0000
ROA not before:           Tue 02 Jan 2024 10:34:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     24312
IP address blocks:        2a0e:97c0:600::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c2:dc:e2:90:01:75:ed:44:23:c0:5f:9a:ec:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=220409709d6cb9b7e0302dc6ecc58120d0ec5312
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:d7:87:67:1e:55:8c:e7:a5:c6:45:a4:31:a9:
                    14:2a:6c:8d:d2:33:65:a9:cd:2a:d1:13:93:66:14:
                    50:f7:bf:4b:1a:11:79:6f:0a:8f:e6:36:2a:22:59:
                    d3:55:32:62:89:72:f0:e6:e9:79:f6:e5:71:5c:31:
                    ce:2b:f9:1b:b2:8b:bf:4f:b0:80:23:f8:7f:17:d0:
                    04:9f:8a:2e:75:f1:b4:02:bc:00:22:13:54:4c:e2:
                    67:14:c3:e7:48:0a:69:fc:c8:dd:8b:95:f3:ec:cc:
                    ca:03:ec:44:ce:e5:44:0a:3c:50:cb:ae:be:14:c8:
                    c9:96:41:65:a5:11:5a:61:e4:f0:8d:a8:59:48:29:
                    56:fd:d7:95:4a:31:9d:8e:08:a1:57:51:7f:78:07:
                    b7:e0:2f:50:9c:86:2b:54:92:f5:82:15:cc:0a:b8:
                    1a:17:8d:55:db:66:d9:b7:af:ba:6a:95:3a:f7:a5:
                    f2:22:39:ec:4a:3b:75:50:44:84:98:ac:ab:64:2a:
                    73:1e:a6:40:6d:d2:54:5b:11:71:be:8c:ac:84:2c:
                    85:b8:69:ba:6e:de:af:ff:73:f5:73:8b:cb:af:88:
                    d2:96:bc:12:33:32:69:53:29:33:0d:08:7a:73:40:
                    47:00:d5:66:91:8c:9c:b3:4e:f3:18:2b:d0:c1:70:
                    9a:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:04:09:70:9D:6C:B9:B7:E0:30:2D:C6:EC:C5:81:20:D0:EC:53:12
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/IgQJcJ1subfgMC3G7MWBINDsUxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:600::/44

    Signature Algorithm: sha256WithRSAEncryption
         b0:91:3f:bf:06:27:fc:2a:df:44:2d:74:53:b7:fc:1f:67:c7:
         ae:07:e7:da:06:7d:30:ba:ec:4b:b3:dc:0c:25:c4:6f:01:c4:
         5a:62:cc:73:1b:83:8e:d8:dd:5b:d6:75:d7:93:01:47:c1:bb:
         b7:a4:65:e5:e4:2a:80:5f:10:e8:93:35:15:88:02:5d:b3:71:
         ed:81:10:a2:7c:34:42:9b:71:d1:29:60:9d:03:95:96:3e:8b:
         98:dd:31:14:7d:5b:c4:b3:ab:92:e2:5c:ba:f3:7c:58:f9:77:
         54:86:52:f1:06:99:91:f4:63:55:1d:81:66:e4:18:a7:2c:1b:
         18:df:0d:28:fb:17:e3:8c:b5:ff:65:57:14:b7:91:40:f4:cd:
         a5:c3:d1:d9:ce:d7:e9:5d:be:5b:ea:68:97:b5:b2:2f:95:94:
         56:91:fe:96:cd:f7:8f:56:2c:9f:c2:b4:52:dc:5d:62:79:98:
         1e:ff:8c:ef:8b:a5:3e:84:7a:30:dc:11:40:50:c1:38:56:1b:
         5f:37:3f:6a:df:6d:56:fe:01:0b:e8:c1:15:d3:d0:ec:f4:36:
         d0:fd:62:49:c4:07:e3:b9:a9:fd:d6:d2:16:0d:12:b4:7a:4a:
         6a:54:28:54:ad:45:2d:73:cb:4c:8f:b0:e2:47:a8:a7:9c:c2:
         47:d2:a7:7e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvMLc4pABde1EI8BfmuzyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjA0MDk3MDlkNmNiOWI3ZTAzMDJkYzZlY2M1ODEyMGQwZWM1MzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhteHZx5VjOelxkWkMakUKmyN0jNl
qc0q0ROTZhRQ979LGhF5bwqP5jYqIlnTVTJiiXLw5ul59uVxXDHOK/kbsou/T7CA
I/h/F9AEn4oudfG0ArwAIhNUTOJnFMPnSApp/Mjdi5Xz7MzKA+xEzuVECjxQy66+
FMjJlkFlpRFaYeTwjahZSClW/deVSjGdjgihV1F/eAe34C9QnIYrVJL1ghXMCrga
F41V22bZt6+6apU696XyIjnsSjt1UESEmKyrZCpzHqZAbdJUWxFxvoyshCyFuGm6
bt6v/3P1c4vLr4jSlrwSMzJpUykzDQh6c0BHANVmkYycs07zGCvQwXCamwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCIECXCdbLm34DAtxuzFgSDQ7FMSMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSWdRSmNKMXN1YmZnTUMzRzdNV0JJTkRzVXhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAYA
MA0GCSqGSIb3DQEBCwUAA4IBAQCwkT+/Bif8Kt9ELXRTt/wfZ8euB+faBn0wuuxL
s9wMJcRvAcRaYsxzG4OO2N1b1nXXkwFHwbu3pGXl5CqAXxDokzUViAJds3HtgRCi
fDRCm3HRKWCdA5WWPouY3TEUfVvEs6uS4ly683xY+XdUhlLxBpmR9GNVHYFm5Bin
LBsY3w0o+xfjjLX/ZVcUt5FA9M2lw9HZztfpXb5b6miXtbIvlZRWkf6WzfePViyf
wrRS3F1ieZge/4zvi6U+hHow3BFAUME4VhtfNz9q321W/gEL6MEV09Ds9DbQ/WJJ
xAfjuan91tIWDRK0ekpqVChUrUUtc8tMj7DiR6innMJH0qd+
-----END CERTIFICATE-----