Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/IoUjM8zyuj6bu3asEJLODubdwGI.roa
File:                     IoUjM8zyuj6bu3asEJLODubdwGI.roa (raw, json)
Hash identifier:          RQ0TpWGY6vPzQ3jFUETVyY/q3s+r4btV7lk44BJvezA=
Subject key identifier:   22:85:23:33:CC:F2:BA:3E:9B:BB:76:AC:10:92:CE:0E:E6:DD:C0:62
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCDCF2431892B07D535661BC3E8FB7
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/IoUjM8zyuj6bu3asEJLODubdwGI.roa
Signing time:             Tue 02 Jan 2024 10:34:06 +0000
ROA not before:           Tue 02 Jan 2024 10:34:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     140098
IP address blocks:        2a0e:b107:700::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:38:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:dc:f2:43:18:92:b0:7d:53:56:61:bc:3e:8f:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22852333ccf2ba3e9bbb76ac1092ce0ee6ddc062
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:4c:51:2b:3d:a8:d4:79:6c:ec:37:54:db:ad:
                    03:a5:5b:11:16:d9:8f:39:e7:72:d4:b9:3f:7a:10:
                    27:30:a9:27:28:5a:5f:7f:4a:87:f1:30:46:d1:1e:
                    00:9b:a3:66:00:3c:7c:31:bf:90:89:cb:c4:e0:d5:
                    74:eb:7e:e6:e4:87:6d:80:09:d9:09:62:cc:e8:65:
                    da:f9:d6:c2:c3:e5:01:12:3d:33:60:b2:af:a1:ac:
                    bf:81:87:bc:3e:d5:c8:1a:8a:b2:57:89:f9:a3:17:
                    65:8f:50:58:36:9d:4f:3a:ec:1a:b8:a4:34:ed:dd:
                    9d:eb:91:4f:13:84:28:b4:f4:00:94:06:70:6d:57:
                    d7:a9:8f:fe:ae:1f:e1:4d:a3:f5:33:91:ff:37:66:
                    12:d4:35:94:53:45:35:57:d0:49:b2:c8:3a:dc:1b:
                    cc:6f:f4:f0:dc:49:1e:ca:61:b5:de:20:4c:ce:49:
                    cb:df:8c:f1:31:d9:87:c2:b9:48:49:71:e2:b1:82:
                    1a:51:0d:3b:bc:5a:87:cd:9b:27:6d:6f:c1:fc:7a:
                    ed:58:bf:a1:70:2e:44:d2:ea:1f:f6:27:b1:dc:08:
                    f1:e1:01:14:80:7e:66:05:be:50:fe:59:75:9f:7d:
                    e1:95:c3:68:7e:59:4c:d5:e0:85:66:cd:0a:10:73:
                    1c:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:85:23:33:CC:F2:BA:3E:9B:BB:76:AC:10:92:CE:0E:E6:DD:C0:62
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/IoUjM8zyuj6bu3asEJLODubdwGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:700::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:71:3b:8f:ac:00:45:f7:cd:e0:2b:0d:cd:34:25:27:1f:b7:
         79:c6:6e:38:f8:a1:96:bd:91:59:84:7b:8d:e4:f4:47:bc:e4:
         0f:05:16:ef:de:2b:82:47:3a:c6:68:9d:06:66:eb:9b:9b:69:
         c3:d4:61:64:84:6f:3f:a5:16:f4:86:c7:24:e9:d1:1e:c4:0b:
         37:05:ce:19:e3:4c:30:85:df:29:5c:8d:cd:9c:99:f3:e7:02:
         35:d8:7d:6b:38:be:b9:6a:b0:2d:61:3b:32:2f:78:dd:2a:07:
         6f:78:06:3b:7d:d0:01:7d:bb:0a:cc:dc:45:9c:28:13:23:01:
         fa:f7:73:d4:72:b2:2b:a3:5c:6b:1e:f4:6e:02:dd:e4:ee:52:
         89:f5:fd:09:53:7c:48:9c:33:09:ab:b4:13:76:9c:ea:00:81:
         2b:6d:70:58:30:13:26:4b:3a:f7:47:73:ee:18:4b:77:45:fd:
         f2:55:a8:0b:6e:a3:35:fc:b4:e5:77:b9:9b:15:c6:6e:29:57:
         d8:5d:ee:97:8b:3d:cb:86:76:11:d7:08:db:a0:f5:0a:ea:0b:
         0b:70:00:56:93:d9:95:fd:3d:fb:60:94:86:62:ad:63:dd:e5:
         ea:bf:aa:48:33:71:f8:13:5d:bd:e2:99:9d:ed:40:61:e1:7c:
         86:43:68:40
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvNzyQxiSsH1TVmG8Po+3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjg1MjMzM2NjZjJiYTNlOWJiYjc2YWMxMDkyY2UwZWU2ZGRjMDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoExRKz2o1Hls7DdU260DpVsRFtmP
Oedy1Lk/ehAnMKknKFpff0qH8TBG0R4Am6NmADx8Mb+QicvE4NV0637m5IdtgAnZ
CWLM6GXa+dbCw+UBEj0zYLKvoay/gYe8PtXIGoqyV4n5oxdlj1BYNp1POuwauKQ0
7d2d65FPE4QotPQAlAZwbVfXqY/+rh/hTaP1M5H/N2YS1DWUU0U1V9BJssg63BvM
b/Tw3EkeymG13iBMzknL34zxMdmHwrlISXHisYIaUQ07vFqHzZsnbW/B/HrtWL+h
cC5E0uof9iex3Ajx4QEUgH5mBb5Q/ll1n33hlcNofllM1eCFZs0KEHMcGQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCKFIzPM8ro+m7t2rBCSzg7m3cBiMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSW9Vak04enl1ajZidTNhc0VKTE9EdWJkd0dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBwcA
MA0GCSqGSIb3DQEBCwUAA4IBAQAzcTuPrABF983gKw3NNCUnH7d5xm44+KGWvZFZ
hHuN5PRHvOQPBRbv3iuCRzrGaJ0GZuubm2nD1GFkhG8/pRb0hsck6dEexAs3Bc4Z
40wwhd8pXI3NnJnz5wI12H1rOL65arAtYTsyL3jdKgdveAY7fdABfbsKzNxFnCgT
IwH693PUcrIro1xrHvRuAt3k7lKJ9f0JU3xInDMJq7QTdpzqAIErbXBYMBMmSzr3
R3PuGEt3Rf3yVagLbqM1/LTld7mbFcZuKVfYXe6Xiz3LhnYR1wjboPUK6gsLcABW
k9mV/T37YJSGYq1j3eXqv6pIM3H4E1294pmd7UBh4XyGQ2hA
-----END CERTIFICATE-----