Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KYlPam3p5r6azBxxrCYmRGVgmbo.roa
File:                     KYlPam3p5r6azBxxrCYmRGVgmbo.roa (raw, json)
Hash identifier:          n+Z/heQi4i+8XDnG5WcXsnW4qWulRCjHL+n2AZEIhBI=
Subject key identifier:   29:89:4F:6A:6D:E9:E6:BE:9A:CC:1C:71:AC:26:26:44:65:60:99:BA
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD074B5241FC9A085FDAE7813F25E1
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KYlPam3p5r6azBxxrCYmRGVgmbo.roa
Signing time:             Tue 02 Jan 2024 10:34:17 +0000
ROA not before:           Tue 02 Jan 2024 10:34:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204160
IP address blocks:        2a0e:97c0:b70::/44 maxlen: 48
                          2a0e:97c0:b78::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:07:4b:52:41:fc:9a:08:5f:da:e7:81:3f:25:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29894f6a6de9e6be9acc1c71ac262644656099ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:28:cf:01:69:73:c8:8b:46:4f:e5:44:96:4c:
                    4f:37:67:e7:98:85:a7:43:00:36:4d:53:6d:e8:8a:
                    fe:03:10:c0:f3:82:07:cc:61:a2:5b:98:9a:6d:99:
                    df:ea:26:47:40:18:e9:c1:38:6d:85:ac:5a:37:4b:
                    dd:64:89:32:ee:ab:70:42:e5:30:1c:40:d4:09:58:
                    ad:89:77:19:6b:d7:9b:8d:47:d5:a7:a3:34:6f:3b:
                    04:77:78:0a:6a:f3:90:8f:c5:91:b8:da:eb:2e:50:
                    2a:ed:82:2f:19:30:3b:7e:b6:54:4a:cc:80:68:88:
                    05:b9:7e:c5:16:14:42:61:20:da:a9:6b:e2:63:df:
                    b7:84:24:17:26:d1:01:9a:99:bc:e9:2a:0e:5d:16:
                    64:4c:d1:3e:c7:19:5b:56:a9:e0:2e:08:f1:3f:2c:
                    dc:59:c3:6a:82:b8:87:f5:c0:c3:18:b4:97:bf:b5:
                    26:67:52:86:b1:12:5e:e6:b1:ce:c0:da:86:2e:f8:
                    2a:cb:df:92:2a:a5:52:90:e1:d2:b7:9e:61:ca:e4:
                    ae:a7:b0:a0:63:36:4d:8b:ec:46:24:5e:4e:68:4c:
                    13:8e:20:93:e8:a4:ca:3c:0d:2a:cc:5f:12:79:8a:
                    05:c2:a3:3f:c6:e8:f8:9a:40:f5:99:c1:8b:be:d9:
                    c8:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:89:4F:6A:6D:E9:E6:BE:9A:CC:1C:71:AC:26:26:44:65:60:99:BA
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KYlPam3p5r6azBxxrCYmRGVgmbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:b70::/44

    Signature Algorithm: sha256WithRSAEncryption
         c6:0c:b0:04:ae:0a:89:9f:92:7c:d0:95:d9:2a:95:f0:1e:6f:
         72:ad:b8:db:5e:d9:2b:c4:9d:37:72:73:0d:22:45:1a:72:99:
         46:67:53:36:64:b9:31:36:5e:25:eb:99:4c:28:30:f2:46:0a:
         c9:54:b7:3c:cd:57:e4:4d:89:0d:98:80:7b:87:79:e0:f6:87:
         25:ca:90:2c:36:9c:71:b0:e0:12:5d:39:3c:93:ae:5c:4f:80:
         33:ee:db:5e:c0:32:fb:de:d2:4f:16:6b:0e:31:dc:43:0d:87:
         b4:06:b3:02:c6:ec:44:6d:c4:7c:00:81:8a:ca:4b:af:29:15:
         16:50:40:f6:c9:c4:12:91:ab:10:4e:d7:47:56:71:78:ed:92:
         11:d9:cd:9c:2b:ef:67:c7:0e:ba:67:63:04:cb:b7:17:02:5f:
         5a:e6:29:15:bb:98:fb:42:39:ac:34:7b:88:b2:f2:58:94:ef:
         d4:b3:fa:42:c6:a2:06:fe:fe:96:63:20:fa:35:9b:db:78:57:
         bc:e7:07:61:e1:15:2b:55:3a:cb:de:d9:03:8f:f5:40:90:e8:
         41:8a:32:c7:53:21:d2:d3:e5:1b:4d:20:c4:3e:9a:9c:49:f8:
         23:56:4d:52:1e:6d:be:13:3b:76:82:7e:78:74:bd:4d:4f:7a:
         bd:a9:c1:f8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvQdLUkH8mghf2ueBPyXhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTg5NGY2YTZkZTllNmJlOWFjYzFjNzFhYzI2MjY0NDY1NjA5OWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSjPAWlzyItGT+VElkxPN2fnmIWn
QwA2TVNt6Ir+AxDA84IHzGGiW5iabZnf6iZHQBjpwThthaxaN0vdZIky7qtwQuUw
HEDUCVitiXcZa9ebjUfVp6M0bzsEd3gKavOQj8WRuNrrLlAq7YIvGTA7frZUSsyA
aIgFuX7FFhRCYSDaqWviY9+3hCQXJtEBmpm86SoOXRZkTNE+xxlbVqngLgjxPyzc
WcNqgriH9cDDGLSXv7UmZ1KGsRJe5rHOwNqGLvgqy9+SKqVSkOHSt55hyuSup7Cg
YzZNi+xGJF5OaEwTjiCT6KTKPA0qzF8SeYoFwqM/xuj4mkD1mcGLvtnI/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCmJT2pt6ea+mswccawmJkRlYJm6MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvS1lsUGFtM3A1cjZhekJ4eHJDWW1SR1ZnbWJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAtw
MA0GCSqGSIb3DQEBCwUAA4IBAQDGDLAErgqJn5J80JXZKpXwHm9yrbjbXtkrxJ03
cnMNIkUacplGZ1M2ZLkxNl4l65lMKDDyRgrJVLc8zVfkTYkNmIB7h3ng9oclypAs
NpxxsOASXTk8k65cT4Az7ttewDL73tJPFmsOMdxDDYe0BrMCxuxEbcR8AIGKykuv
KRUWUED2ycQSkasQTtdHVnF47ZIR2c2cK+9nxw66Z2MEy7cXAl9a5ikVu5j7Qjms
NHuIsvJYlO/Us/pCxqIG/v6WYyD6NZvbeFe85wdh4RUrVTrL3tkDj/VAkOhBijLH
UyHS0+UbTSDEPpqcSfgjVk1SHm2+Ezt2gn54dL1NT3q9qcH4
-----END CERTIFICATE-----