Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/JYWnXEu0xU0rRb8K2e-97oKExps.roa
File:                     JYWnXEu0xU0rRb8K2e-97oKExps.roa (raw, json)
Hash identifier:          i28wWRzJ35Dv/pU34IhaYFaXWpDKqoqiBjyNynI24ag=
Subject key identifier:   25:85:A7:5C:4B:B4:C5:4D:2B:45:BF:0A:D9:EF:BD:EE:82:84:C6:9B
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0191287F6E70B6FD79BCA98A8397D87706B3
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/JYWnXEu0xU0rRb8K2e-97oKExps.roa
Signing time:             Tue 06 Aug 2024 16:22:05 +0000
ROA not before:           Tue 06 Aug 2024 16:22:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25198
IP address blocks:        2a0e:97c0:300::/44 maxlen: 48
                          2a0e:97c0:650::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:28:7f:6e:70:b6:fd:79:bc:a9:8a:83:97:d8:77:06:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Aug  6 16:22:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2585a75c4bb4c54d2b45bf0ad9efbdee8284c69b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:31:70:a8:7c:38:8e:3e:3e:32:bf:dd:e0:bf:
                    24:e2:e8:83:cb:48:df:1a:81:d7:7c:f0:52:c1:4a:
                    a6:69:65:1b:1d:b3:c0:1c:e5:e4:f0:5c:b5:d9:c1:
                    f0:64:f7:43:22:80:3e:b5:19:70:73:cb:7c:14:64:
                    98:e1:31:66:35:dc:d3:82:ed:bc:10:df:5a:03:9d:
                    f4:9a:24:af:d2:3f:77:d8:7a:95:3e:01:70:b7:a0:
                    43:5d:1c:d0:13:8a:08:1d:2e:1c:12:e3:a8:c6:01:
                    16:cf:c3:a4:ea:1a:d3:8c:f5:24:8f:60:4a:ca:a3:
                    6f:4b:24:5f:84:f9:c6:59:5b:ac:f1:99:d7:32:73:
                    6c:21:0f:26:9b:a6:0a:f5:7c:a0:1c:be:c2:db:48:
                    6b:68:b6:f3:c7:5e:ed:d4:c2:dd:02:84:31:8a:67:
                    4d:bb:c3:21:b3:b3:4e:40:ab:20:67:cd:83:27:6a:
                    0a:d7:f7:ec:53:05:4a:7c:5b:33:7a:d8:0a:90:84:
                    db:93:3c:a3:d4:01:82:8d:bc:95:84:a1:e8:a4:47:
                    af:78:5b:32:70:5e:10:aa:b1:79:68:88:ce:b0:1b:
                    ed:ee:00:b1:78:c9:92:22:d1:e9:5e:c9:35:c3:33:
                    89:b3:1b:70:c7:64:c5:3a:09:40:04:a6:a3:2c:29:
                    a0:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:85:A7:5C:4B:B4:C5:4D:2B:45:BF:0A:D9:EF:BD:EE:82:84:C6:9B
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/JYWnXEu0xU0rRb8K2e-97oKExps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:300::/44
                  2a0e:97c0:650::/44

    Signature Algorithm: sha256WithRSAEncryption
         aa:bd:ea:19:95:8e:05:2f:27:dc:e5:b2:14:78:a0:d4:cb:c9:
         00:f7:82:f5:e0:42:c0:7b:2c:a5:55:c5:3e:69:47:e6:d7:72:
         eb:7b:80:80:32:f5:a1:8d:ae:3e:9a:f6:ef:2c:10:2a:75:f9:
         a0:a7:50:4c:99:7a:7b:bb:02:49:76:84:26:9d:5b:0a:3b:c2:
         6b:25:34:2f:65:ee:9c:73:14:34:31:41:f2:c1:a9:82:72:1f:
         bf:3c:b6:c4:5d:b8:d0:76:97:ff:b9:13:f9:08:ff:b5:ff:77:
         e8:a3:51:9a:ab:81:b9:5d:6a:95:dc:a9:fe:d0:04:43:74:27:
         b5:bb:3d:1f:05:f6:94:95:e9:8a:82:ea:81:77:8f:58:93:6c:
         3f:ed:03:99:3d:56:3b:f2:22:16:52:53:e6:7d:cf:73:b1:d7:
         b8:0b:da:5d:b9:ed:b0:b8:e2:69:b0:70:82:6d:c8:35:92:ad:
         fe:22:84:ea:ca:36:72:2b:05:f5:a8:e6:7f:d8:54:0b:71:d4:
         74:04:06:cc:c1:6c:65:22:d3:50:b5:11:02:34:1b:bb:13:29:
         9c:89:43:fe:74:66:d3:23:1c:27:8d:78:a0:08:43:1d:dd:36:
         0d:99:31:4d:66:ad:59:84:fb:42:db:62:c1:58:92:45:a7:40:
         2c:e9:fe:3c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZEof25wtv15vKmKg5fYdwazMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwODA2MTYyMjA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTg1YTc1YzRiYjRjNTRkMmI0NWJmMGFkOWVmYmRlZTgyODRjNjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDFwqHw4jj4+Mr/d4L8k4uiDy0jf
GoHXfPBSwUqmaWUbHbPAHOXk8Fy12cHwZPdDIoA+tRlwc8t8FGSY4TFmNdzTgu28
EN9aA530miSv0j932HqVPgFwt6BDXRzQE4oIHS4cEuOoxgEWz8Ok6hrTjPUkj2BK
yqNvSyRfhPnGWVus8ZnXMnNsIQ8mm6YK9XygHL7C20hraLbzx17t1MLdAoQximdN
u8Mhs7NOQKsgZ82DJ2oK1/fsUwVKfFszetgKkITbkzyj1AGCjbyVhKHopEeveFsy
cF4QqrF5aIjOsBvt7gCxeMmSItHpXsk1wzOJsxtwx2TFOglABKajLCmghwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCWFp1xLtMVNK0W/Ctnvve6ChMabMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSllXblhFdTB4VTByUmI4SzJlLTk3b0tFeHBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6XwAMA
AwcEKg6XwAZQMA0GCSqGSIb3DQEBCwUAA4IBAQCqveoZlY4FLyfc5bIUeKDUy8kA
94L14ELAeyylVcU+aUfm13Lre4CAMvWhja4+mvbvLBAqdfmgp1BMmXp7uwJJdoQm
nVsKO8JrJTQvZe6ccxQ0MUHywamCch+/PLbEXbjQdpf/uRP5CP+1/3foo1Gaq4G5
XWqV3Kn+0ARDdCe1uz0fBfaUlemKguqBd49Yk2w/7QOZPVY78iIWUlPmfc9zsde4
C9pdue2wuOJpsHCCbcg1kq3+IoTqyjZyKwX1qOZ/2FQLcdR0BAbMwWxlItNQtREC
NBu7EymciUP+dGbTIxwnjXigCEMd3TYNmTFNZq1ZhPtC22LBWJJFp0As6f48
-----END CERTIFICATE-----