Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KRlRcqC9aB3W79WLgy9-WHBe__M.roa
File:                     KRlRcqC9aB3W79WLgy9-WHBe__M.roa (raw, json)
Hash identifier:          iHNEFOZaZLjyQNYVHrHIi5CEysJle0f9ZDvxlueI1Qg=
Subject key identifier:   29:19:51:72:A0:BD:68:1D:D6:EF:D5:8B:83:2F:7E:58:70:5E:FF:F3
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD2B524A7AE51EBA90E4C12E8936DA
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KRlRcqC9aB3W79WLgy9-WHBe__M.roa
Signing time:             Tue 02 Jan 2024 10:34:26 +0000
ROA not before:           Tue 02 Jan 2024 10:34:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210836
IP address blocks:        2a0e:97c0:750::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:2b:52:4a:7a:e5:1e:ba:90:e4:c1:2e:89:36:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29195172a0bd681dd6efd58b832f7e58705efff3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f7:37:d8:37:f2:d1:e8:97:b9:60:70:b7:16:
                    f2:b9:ad:7f:c1:76:e6:60:ed:12:e4:98:40:9b:1e:
                    76:d9:60:36:67:57:37:37:be:8d:80:09:42:fa:7f:
                    e7:71:96:f3:1a:bd:03:bd:53:2b:42:55:c0:4e:64:
                    62:dd:7d:46:55:0b:9c:e3:2f:ab:34:ac:13:d6:7b:
                    21:57:8b:7f:a7:b3:a0:0f:0e:46:2a:19:17:ed:cc:
                    e6:6b:79:58:89:7e:f9:5a:fa:92:dd:69:45:c8:56:
                    49:b4:84:48:bf:a5:ba:05:3c:f6:e9:0c:47:05:98:
                    69:59:78:a9:ea:b2:c2:a3:41:e0:8c:ea:70:b9:9f:
                    5b:d8:64:d2:34:35:ae:69:71:2a:ce:77:11:9c:e2:
                    5d:f0:ba:e5:25:44:6b:b7:6c:31:17:bc:90:22:95:
                    2a:94:27:51:fb:ee:0f:29:5c:eb:58:44:0f:36:2b:
                    58:86:d3:c9:ff:c2:a8:c2:23:dd:71:2b:ae:88:e2:
                    c3:33:7c:6a:4c:ee:23:93:5d:e9:5c:db:22:24:f0:
                    f7:55:05:42:3a:a1:92:c0:5c:a3:72:6f:cc:c8:bd:
                    65:ff:3b:3a:25:62:0d:37:84:32:b4:d1:7e:f8:24:
                    56:0e:cd:9e:de:b9:3d:0e:83:85:b4:eb:6b:f2:8b:
                    50:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:19:51:72:A0:BD:68:1D:D6:EF:D5:8B:83:2F:7E:58:70:5E:FF:F3
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KRlRcqC9aB3W79WLgy9-WHBe__M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:750::/44

    Signature Algorithm: sha256WithRSAEncryption
         74:e8:be:61:91:c6:ce:96:07:d8:df:01:55:fb:18:cf:1b:35:
         20:a7:ee:23:3b:43:14:3b:09:4f:f8:fb:b1:11:c6:29:56:40:
         63:bf:76:35:48:6a:e8:be:ff:66:ae:95:ff:e1:b4:dc:d5:3a:
         1d:d5:0d:22:7d:4a:57:9e:97:0e:61:4b:78:73:ad:f4:2e:d8:
         89:41:0c:40:25:af:9c:88:53:fd:28:f4:ed:6d:4b:60:32:a1:
         d0:99:99:2b:48:c2:69:0d:e8:dd:0f:5c:df:88:39:51:63:fa:
         31:3b:06:f5:68:b8:bd:bb:6b:71:e1:e6:f1:03:b1:33:5f:28:
         e2:d0:c1:ea:0c:26:84:b7:73:0f:a4:a8:30:ff:be:8a:61:3d:
         59:bb:00:0f:e7:ca:d4:08:19:b3:67:4a:8e:81:78:e7:ce:5c:
         d7:93:93:b1:4a:fd:7a:08:c4:76:23:1d:cc:1b:f3:e7:17:5f:
         15:46:97:0e:b7:5f:ac:25:b9:d1:9a:74:d1:c2:64:ad:06:28:
         86:11:dc:8a:27:a1:6e:a5:6a:0a:33:c9:7a:a4:7d:0d:03:36:
         de:18:8c:c3:7d:ce:04:8a:f3:c3:35:e7:06:4a:02:d5:9b:9c:
         d4:a2:2d:ed:b7:e8:53:a7:1d:ca:b4:29:5d:3d:d4:e8:35:e4:
         1e:2c:7a:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvStSSnrlHrqQ5MEuiTbaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTE5NTE3MmEwYmQ2ODFkZDZlZmQ1OGI4MzJmN2U1ODcwNWVmZmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfc32Dfy0eiXuWBwtxbyua1/wXbm
YO0S5JhAmx522WA2Z1c3N76NgAlC+n/ncZbzGr0DvVMrQlXATmRi3X1GVQuc4y+r
NKwT1nshV4t/p7OgDw5GKhkX7czma3lYiX75WvqS3WlFyFZJtIRIv6W6BTz26QxH
BZhpWXip6rLCo0HgjOpwuZ9b2GTSNDWuaXEqzncRnOJd8LrlJURrt2wxF7yQIpUq
lCdR++4PKVzrWEQPNitYhtPJ/8KowiPdcSuuiOLDM3xqTO4jk13pXNsiJPD3VQVC
OqGSwFyjcm/MyL1l/zs6JWINN4QytNF++CRWDs2e3rk9DoOFtOtr8otQiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCkZUXKgvWgd1u/Vi4MvflhwXv/zMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvS1JsUmNxQzlhQjNXNzlXTGd5OS1XSEJlX19NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAdQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB06L5hkcbOlgfY3wFV+xjPGzUgp+4jO0MUOwlP
+PuxEcYpVkBjv3Y1SGrovv9mrpX/4bTc1Tod1Q0ifUpXnpcOYUt4c630LtiJQQxA
Ja+ciFP9KPTtbUtgMqHQmZkrSMJpDejdD1zfiDlRY/oxOwb1aLi9u2tx4ebxA7Ez
Xyji0MHqDCaEt3MPpKgw/76KYT1ZuwAP58rUCBmzZ0qOgXjnzlzXk5OxSv16CMR2
Ix3MG/PnF18VRpcOt1+sJbnRmnTRwmStBiiGEdyKJ6FupWoKM8l6pH0NAzbeGIzD
fc4EivPDNecGSgLVm5zUoi3tt+hTpx3KtCldPdToNeQeLHpM
-----END CERTIFICATE-----