Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/LErI8EuiLH6RmAOqwUUegPbXSJ4.roa
File:                     LErI8EuiLH6RmAOqwUUegPbXSJ4.roa (raw, json)
Hash identifier:          Wlb5b04YX4uz0T3chFK3g5DrFdcRr9imarGCWtOCXeM=
Subject key identifier:   2C:4A:C8:F0:4B:A2:2C:7E:91:98:03:AA:C1:45:1E:80:F6:D7:48:9E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCDDA67BE8A680D863DCA9537F1945
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/LErI8EuiLH6RmAOqwUUegPbXSJ4.roa
Signing time:             Tue 02 Jan 2024 10:34:06 +0000
ROA not before:           Tue 02 Jan 2024 10:34:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     140731
IP address blocks:        2a0e:b107:c30::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:38:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:dd:a6:7b:e8:a6:80:d8:63:dc:a9:53:7f:19:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c4ac8f04ba22c7e919803aac1451e80f6d7489e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:69:e5:a5:12:8c:e7:a9:99:97:d1:67:86:09:
                    98:72:a6:32:a2:85:91:39:c0:86:6f:ca:a9:8e:14:
                    f6:66:e3:71:92:bb:24:61:46:0a:2b:27:10:35:21:
                    57:79:75:1c:6e:d4:ad:9c:1a:8b:c0:a3:3c:bb:7e:
                    26:b4:dc:21:79:19:fb:a8:e2:e5:4e:cc:93:70:8d:
                    74:31:41:64:ec:ac:b6:67:28:6d:82:2a:ef:6a:15:
                    62:d2:c1:83:83:9f:10:5e:c2:46:2d:8a:cd:96:0f:
                    bd:a9:98:8f:08:af:9b:6d:f9:8b:f5:dc:e3:9b:e1:
                    85:97:79:ac:ab:20:37:a3:b1:ed:e2:d5:0c:78:7c:
                    5b:b0:e1:96:63:0e:81:9f:5f:fb:dc:22:b1:69:c7:
                    16:60:28:17:5b:6a:93:1a:48:40:75:8c:c7:07:8d:
                    53:00:32:0c:26:d9:4f:2d:9e:ef:2f:b0:42:75:d6:
                    dd:89:dd:a0:37:93:79:ff:4c:c7:a0:ed:8c:46:f5:
                    4a:10:ec:c6:65:fe:1e:30:57:77:43:5b:8d:60:54:
                    2a:9f:79:d7:60:7f:cb:23:ca:20:c8:2b:6f:77:01:
                    8f:da:84:00:38:8e:c5:b8:bf:4c:da:bb:cd:96:6c:
                    09:5a:de:4c:71:ec:d4:9e:53:b9:ab:66:48:c2:3c:
                    5d:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:4A:C8:F0:4B:A2:2C:7E:91:98:03:AA:C1:45:1E:80:F6:D7:48:9E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/LErI8EuiLH6RmAOqwUUegPbXSJ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:c30::/44

    Signature Algorithm: sha256WithRSAEncryption
         10:81:1a:65:47:4f:e4:68:bd:b4:84:c8:3a:0a:fb:25:64:1e:
         56:42:eb:a4:36:fc:9b:18:66:e2:f7:ab:ac:f7:8e:e3:b2:6b:
         46:09:e7:50:86:07:5f:81:71:bb:63:3e:b0:42:ff:97:1d:1e:
         70:d9:4d:33:e4:41:c6:3f:4c:b4:cf:48:ea:5b:d8:c9:1e:40:
         a3:35:f9:c9:bd:2b:08:18:65:d6:0f:a4:20:c8:20:94:b1:71:
         88:d5:cf:da:8d:3f:b3:c0:73:94:31:36:01:cd:18:68:e2:5c:
         f5:88:18:18:32:74:b7:8b:6e:06:b3:00:01:44:7f:ab:5a:6e:
         32:38:f3:e8:cb:82:9e:65:32:50:05:da:82:0c:8d:3b:59:22:
         d8:b2:e2:71:fb:90:cb:43:b0:e2:29:43:f0:d6:b5:52:a5:86:
         7c:ac:a4:96:9b:b9:99:14:ca:c4:f6:2d:cb:ce:55:79:a1:da:
         bf:8b:69:e9:58:3c:33:6b:34:c5:4b:36:f9:4f:cb:a0:3c:08:
         7c:f7:31:7f:a7:95:b6:ce:3b:64:f0:35:dd:5b:d9:06:ad:71:
         43:ba:2a:8b:da:cb:43:7b:88:20:2e:c8:a6:58:92:05:08:af:
         b2:4d:5c:d4:e8:05:a8:8b:56:aa:3f:23:de:e7:61:db:4f:8f:
         9b:c5:d2:75
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvN2me+imgNhj3KlTfxlFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzRhYzhmMDRiYTIyYzdlOTE5ODAzYWFjMTQ1MWU4MGY2ZDc0ODllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWnlpRKM56mZl9FnhgmYcqYyooWR
OcCGb8qpjhT2ZuNxkrskYUYKKycQNSFXeXUcbtStnBqLwKM8u34mtNwheRn7qOLl
TsyTcI10MUFk7Ky2ZyhtgirvahVi0sGDg58QXsJGLYrNlg+9qZiPCK+bbfmL9dzj
m+GFl3msqyA3o7Ht4tUMeHxbsOGWYw6Bn1/73CKxaccWYCgXW2qTGkhAdYzHB41T
ADIMJtlPLZ7vL7BCddbdid2gN5N5/0zHoO2MRvVKEOzGZf4eMFd3Q1uNYFQqn3nX
YH/LI8ogyCtvdwGP2oQAOI7FuL9M2rvNlmwJWt5McezUnlO5q2ZIwjxdDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCxKyPBLoix+kZgDqsFFHoD210ieMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTEVySThFdWlMSDZSbUFPcXdVVWVnUGJYU0o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBwww
MA0GCSqGSIb3DQEBCwUAA4IBAQAQgRplR0/kaL20hMg6CvslZB5WQuukNvybGGbi
96us947jsmtGCedQhgdfgXG7Yz6wQv+XHR5w2U0z5EHGP0y0z0jqW9jJHkCjNfnJ
vSsIGGXWD6QgyCCUsXGI1c/ajT+zwHOUMTYBzRho4lz1iBgYMnS3i24GswABRH+r
Wm4yOPPoy4KeZTJQBdqCDI07WSLYsuJx+5DLQ7DiKUPw1rVSpYZ8rKSWm7mZFMrE
9i3LzlV5odq/i2npWDwzazTFSzb5T8ugPAh89zF/p5W2zjtk8DXdW9kGrXFDuiqL
2stDe4ggLsimWJIFCK+yTVzU6AWoi1aqPyPe52HbT4+bxdJ1
-----END CERTIFICATE-----