Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/JOlJJIa9o7NzyEKewMNWxg8kERs.roa
File:                     JOlJJIa9o7NzyEKewMNWxg8kERs.roa (raw, json)
Hash identifier:          OmF+WYNQM97SknvljyTsIkAQZ9bpw8FxFXpVZ7xfdnc=
Subject key identifier:   24:E9:49:24:86:BD:A3:B3:73:C8:42:9E:C0:C3:56:C6:0F:24:11:1B
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCF03158AEBBACF82BEDF2039055B3
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/JOlJJIa9o7NzyEKewMNWxg8kERs.roa
Signing time:             Tue 02 Jan 2024 10:34:11 +0000
ROA not before:           Tue 02 Jan 2024 10:34:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199956
IP address blocks:        2a0e:97c0:850::/44 maxlen: 48
                          2a0e:b107:1db0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 04:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:f0:31:58:ae:bb:ac:f8:2b:ed:f2:03:90:55:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24e9492486bda3b373c8429ec0c356c60f24111b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:04:13:f4:3c:8f:35:c9:90:b5:86:23:ed:f9:
                    80:2b:7c:9c:e4:2e:87:eb:28:15:cb:2a:ab:9c:72:
                    42:0b:a0:cb:ad:4c:20:6c:53:a0:29:d2:55:a4:15:
                    a5:c0:2b:9c:76:71:34:3b:fb:fe:e7:78:c6:1f:cc:
                    8c:58:c8:17:9f:e4:b6:4a:71:6a:38:ab:3e:24:48:
                    75:59:db:85:ae:cf:9c:7d:65:a0:24:57:86:d0:38:
                    c8:f4:d5:5b:2c:01:a4:30:6a:95:c8:a2:9d:8e:31:
                    68:d6:73:98:3f:d4:19:c2:09:54:dc:50:74:50:a6:
                    bf:ea:0b:a4:a5:cd:16:5b:cc:b4:62:70:70:1d:88:
                    38:53:7c:c2:dd:02:d5:ae:89:8c:aa:ff:2f:4d:7f:
                    3f:66:02:0f:c2:e3:d7:ae:c0:4d:b3:f8:b9:8b:96:
                    73:62:4b:03:2e:60:b1:39:17:46:67:19:99:e5:f7:
                    be:e1:be:3b:97:67:89:bd:6a:fb:e1:be:ad:6b:04:
                    53:fc:5f:10:32:2d:91:fd:d1:46:0f:39:b2:f2:ef:
                    99:00:63:8e:9c:10:60:f4:f5:d6:16:2e:78:7d:51:
                    75:b7:3b:5f:87:5a:04:62:bd:37:b2:70:9c:a1:a4:
                    35:63:20:9c:d8:e2:d6:7e:df:de:18:41:60:3a:4c:
                    f1:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:E9:49:24:86:BD:A3:B3:73:C8:42:9E:C0:C3:56:C6:0F:24:11:1B
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/JOlJJIa9o7NzyEKewMNWxg8kERs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:850::/44
                  2a0e:b107:1db0::/44

    Signature Algorithm: sha256WithRSAEncryption
         04:50:7e:af:33:2b:68:9a:93:de:48:cb:91:63:14:af:e5:33:
         2c:cb:f8:2b:f3:63:35:31:1f:96:65:ae:73:7c:a7:e4:36:74:
         9b:2f:99:9c:7a:ec:60:fe:72:03:8e:cb:fe:42:58:54:d8:08:
         e2:8d:aa:d4:2d:52:8a:8d:92:76:04:54:7c:5d:d1:d9:4e:83:
         c9:2a:1b:d9:19:f9:4f:5d:d6:74:fc:43:ff:ce:07:20:0e:2c:
         52:3c:4e:11:71:59:6d:7a:b1:3a:1e:65:ae:5e:80:36:f0:95:
         e4:96:63:ff:b9:62:09:0c:d8:cc:cc:e8:6f:1d:b9:8c:e4:71:
         b5:3b:70:a1:c5:3d:45:bc:21:15:ce:6e:05:91:2f:4f:50:a8:
         71:12:33:53:bf:7c:04:dd:ed:5a:39:6e:73:7a:10:92:f6:b1:
         61:53:7c:37:3b:08:7d:9c:f4:f2:5f:6e:d3:4c:13:5b:60:05:
         c5:80:04:a7:c7:88:ba:15:09:1c:1f:08:09:d0:0a:6c:a1:bf:
         35:62:82:e5:09:f1:21:c5:a0:b6:5c:5a:4b:1d:7e:75:1e:33:
         39:ed:f6:e9:ea:d0:3b:67:43:4b:3d:7a:b1:fe:5d:15:5a:0f:
         a7:3e:d4:97:3f:c0:1b:7f:0d:cd:dd:84:69:27:9a:2a:15:ef:
         d7:6a:6b:61
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvPAxWK67rPgr7fIDkFWzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGU5NDkyNDg2YmRhM2IzNzNjODQyOWVjMGMzNTZjNjBmMjQxMTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQQT9DyPNcmQtYYj7fmAK3yc5C6H
6ygVyyqrnHJCC6DLrUwgbFOgKdJVpBWlwCucdnE0O/v+53jGH8yMWMgXn+S2SnFq
OKs+JEh1WduFrs+cfWWgJFeG0DjI9NVbLAGkMGqVyKKdjjFo1nOYP9QZwglU3FB0
UKa/6gukpc0WW8y0YnBwHYg4U3zC3QLVromMqv8vTX8/ZgIPwuPXrsBNs/i5i5Zz
YksDLmCxORdGZxmZ5fe+4b47l2eJvWr74b6tawRT/F8QMi2R/dFGDzmy8u+ZAGOO
nBBg9PXWFi54fVF1tztfh1oEYr03snCcoaQ1YyCc2OLWft/eGEFgOkzxjQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCTpSSSGvaOzc8hCnsDDVsYPJBEbMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSk9sSkpJYTlvN056eUVLZXdNTld4ZzhrRVJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6XwAhQ
AwcEKg6xBx2wMA0GCSqGSIb3DQEBCwUAA4IBAQAEUH6vMytompPeSMuRYxSv5TMs
y/gr82M1MR+WZa5zfKfkNnSbL5mceuxg/nIDjsv+QlhU2AjijarULVKKjZJ2BFR8
XdHZToPJKhvZGflPXdZ0/EP/zgcgDixSPE4RcVlterE6HmWuXoA28JXklmP/uWIJ
DNjMzOhvHbmM5HG1O3ChxT1FvCEVzm4FkS9PUKhxEjNTv3wE3e1aOW5zehCS9rFh
U3w3Owh9nPTyX27TTBNbYAXFgASnx4i6FQkcHwgJ0Apsob81YoLlCfEhxaC2XFpL
HX51HjM57fbp6tA7Z0NLPXqx/l0VWg+nPtSXP8Abfw3N3YRpJ5oqFe/Xamth
-----END CERTIFICATE-----