Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KVzjCW2GdiJpSnxfz8lO7Lf2a8Q.roa
File:                     KVzjCW2GdiJpSnxfz8lO7Lf2a8Q.roa (raw, json)
Hash identifier:          TxmSkfwTAenxFH8vdmA7Yyd8yqVXH6X4yQLA2azPZLY=
Subject key identifier:   29:5C:E3:09:6D:86:76:22:69:4A:7C:5F:CF:C9:4E:EC:B7:F6:6B:C4
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD4C795CE30FBA4A6A82A174541A00
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KVzjCW2GdiJpSnxfz8lO7Lf2a8Q.roa
Signing time:             Tue 02 Jan 2024 10:34:35 +0000
ROA not before:           Tue 02 Jan 2024 10:34:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213171
IP address blocks:        2a0e:b107:9c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:4c:79:5c:e3:0f:ba:4a:6a:82:a1:74:54:1a:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=295ce3096d867622694a7c5fcfc94eecb7f66bc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:32:bf:c3:5f:3b:2c:8a:75:30:4c:70:2e:db:
                    8c:07:8d:5f:9f:db:fc:04:2b:6e:43:80:5f:da:5c:
                    07:5b:0c:17:b3:a0:37:c7:f0:68:91:66:ba:ca:42:
                    e0:3c:ac:c5:fe:7a:5e:c0:4f:c9:c8:f8:72:4d:0f:
                    6e:97:89:a6:76:3d:47:28:b0:ef:60:be:39:11:b0:
                    b8:8a:2e:be:1a:41:da:e8:dd:3d:26:26:c5:73:4a:
                    47:ba:17:12:4c:c4:8c:4e:94:ad:42:e9:04:22:8a:
                    c1:13:a6:e1:e0:e4:92:85:41:42:3f:ff:06:61:bf:
                    1b:3c:11:b1:9a:45:46:74:d3:77:14:fb:f0:6d:34:
                    7d:19:5e:5b:1c:dd:50:51:83:8b:be:af:24:13:e1:
                    1f:5a:08:33:ca:0f:c3:85:cc:62:7d:6b:83:92:f2:
                    e7:41:26:71:da:ff:ad:1f:e2:f0:a6:50:ce:ed:6f:
                    43:ac:1d:cb:b5:9d:90:00:95:fe:c0:9d:7b:58:3f:
                    1a:6d:f0:cc:f0:09:ed:a3:56:46:e6:8f:7d:f0:d4:
                    1e:34:d7:69:ce:a8:65:75:58:94:30:77:d8:76:67:
                    17:59:a0:a1:7b:7e:91:fe:b7:97:78:d3:fe:d4:b3:
                    28:d6:fb:ab:70:38:4a:10:2b:54:7a:97:7c:10:27:
                    7e:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:5C:E3:09:6D:86:76:22:69:4A:7C:5F:CF:C9:4E:EC:B7:F6:6B:C4
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KVzjCW2GdiJpSnxfz8lO7Lf2a8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:9c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         47:d3:9a:11:0d:0c:cb:aa:c9:e6:b1:29:2c:db:ec:9d:ba:72:
         17:e3:ea:f6:dc:88:67:09:17:03:6b:bd:35:9d:f0:5a:cb:d3:
         85:2c:90:ee:09:6e:51:b8:e1:4b:ae:3a:8e:b3:61:1d:c9:8d:
         57:c0:8b:03:81:41:81:eb:81:11:4a:fb:58:d0:13:3f:84:4c:
         8c:24:79:99:31:56:39:05:c9:83:f7:ba:f5:f2:a8:8f:06:c9:
         3f:24:0e:d4:41:c3:19:79:c1:af:1e:38:b6:ae:37:a0:d0:ff:
         53:78:5a:e8:9f:d0:fd:88:ef:0a:70:e4:8d:45:52:6b:a2:8d:
         08:86:1e:62:fb:18:39:67:77:4f:c4:8c:d3:13:01:88:18:cb:
         aa:95:e7:84:e0:69:23:60:ed:1d:01:09:a4:a9:11:40:e0:4a:
         5c:9b:57:bb:6f:a7:12:bd:f2:9b:df:df:20:a8:43:ee:06:0f:
         1c:c2:cd:04:89:3a:a8:b8:45:e0:88:8a:a8:cf:5e:b1:a8:0f:
         0f:09:a9:e4:cc:4b:07:d7:ff:5d:b0:40:8d:65:87:5b:81:4b:
         df:2d:71:07:9d:74:2f:9c:84:c9:8d:fc:b4:dd:0b:2c:17:e4:
         a4:3e:9a:93:3f:20:82:6d:7d:01:46:98:1f:6c:e0:b4:4e:f0:
         ba:40:7c:de
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvUx5XOMPukpqgqF0VBoAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTVjZTMwOTZkODY3NjIyNjk0YTdjNWZjZmM5NGVlY2I3ZjY2YmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzK/w187LIp1MExwLtuMB41fn9v8
BCtuQ4Bf2lwHWwwXs6A3x/BokWa6ykLgPKzF/npewE/JyPhyTQ9ul4mmdj1HKLDv
YL45EbC4ii6+GkHa6N09JibFc0pHuhcSTMSMTpStQukEIorBE6bh4OSShUFCP/8G
Yb8bPBGxmkVGdNN3FPvwbTR9GV5bHN1QUYOLvq8kE+EfWggzyg/DhcxifWuDkvLn
QSZx2v+tH+LwplDO7W9DrB3LtZ2QAJX+wJ17WD8abfDM8Anto1ZG5o998NQeNNdp
zqhldViUMHfYdmcXWaChe36R/reXeNP+1LMo1vurcDhKECtUepd8ECd+/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFClc4wlthnYiaUp8X8/JTuy39mvEMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvS1Z6akNXMkdkaUpwU254Zno4bE83TGYyYThRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBwnA
MA0GCSqGSIb3DQEBCwUAA4IBAQBH05oRDQzLqsnmsSks2+ydunIX4+r23IhnCRcD
a701nfBay9OFLJDuCW5RuOFLrjqOs2EdyY1XwIsDgUGB64ERSvtY0BM/hEyMJHmZ
MVY5BcmD97r18qiPBsk/JA7UQcMZecGvHji2rjeg0P9TeFron9D9iO8KcOSNRVJr
oo0Ihh5i+xg5Z3dPxIzTEwGIGMuqleeE4GkjYO0dAQmkqRFA4Epcm1e7b6cSvfKb
398gqEPuBg8cws0EiTqouEXgiIqoz16xqA8PCankzEsH1/9dsECNZYdbgUvfLXEH
nXQvnITJjfy03QssF+SkPpqTPyCCbX0BRpgfbOC0TvC6QHze
-----END CERTIFICATE-----