Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/LmjxmnE7EzclWyhQs8EvxxBYvm4.roa
File:                     LmjxmnE7EzclWyhQs8EvxxBYvm4.roa (raw, json)
Hash identifier:          5YWzhYkTBHLBDHjtIFjqDll0HBYYiLzU3Qk7nwL3auY=
Subject key identifier:   2E:68:F1:9A:71:3B:13:37:25:5B:28:50:B3:C1:2F:C7:10:58:BE:6E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD503E4EE1B85BD4F3DC3B3AF66753
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/LmjxmnE7EzclWyhQs8EvxxBYvm4.roa
Signing time:             Tue 02 Jan 2024 10:34:36 +0000
ROA not before:           Tue 02 Jan 2024 10:34:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213367
IP address blocks:        2a0e:97c0:6e0::/48 maxlen: 48
                          2a0e:97c0:6ee::/47 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:50:3e:4e:e1:b8:5b:d4:f3:dc:3b:3a:f6:67:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e68f19a713b1337255b2850b3c12fc71058be6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:30:b8:a7:4a:22:a9:09:e9:7c:8a:7f:aa:92:
                    32:b6:00:b5:48:34:12:b7:8d:86:9d:53:06:50:29:
                    5c:00:7e:cf:7a:c8:3f:2d:d2:f6:be:e2:8f:44:65:
                    70:f8:61:a6:93:c7:f9:8b:1a:ee:c6:cd:a5:ab:16:
                    50:58:48:eb:39:c8:36:cf:d2:7a:31:8f:5c:11:11:
                    3d:53:0e:d6:7b:4c:f5:15:dd:fa:ce:87:6d:3c:f4:
                    de:f8:6d:d3:e0:45:75:b2:0e:84:10:7c:71:32:35:
                    fc:26:a7:31:ff:9a:e2:6d:0a:4a:d7:ba:00:9f:48:
                    ad:f6:46:97:96:3d:de:c3:da:1d:4f:69:03:32:07:
                    d6:85:45:97:78:92:66:ad:96:a6:ae:0f:cc:b1:ee:
                    0c:f8:d6:0b:96:9f:8c:d6:29:bb:0a:a2:fd:ee:ce:
                    53:43:9c:ac:f6:89:84:08:55:d6:a5:21:42:99:db:
                    6a:33:35:06:37:1a:6a:26:59:21:f1:27:ab:10:fc:
                    8b:d3:07:fc:f0:6d:66:32:70:33:b0:13:41:d1:12:
                    dc:6c:fe:83:a5:0a:2c:2b:61:76:65:38:37:91:92:
                    74:43:29:2a:24:30:5a:04:cb:1e:65:22:35:73:f7:
                    b7:ce:6a:6d:0f:6a:25:e3:b1:17:5c:23:90:fc:c2:
                    5c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:68:F1:9A:71:3B:13:37:25:5B:28:50:B3:C1:2F:C7:10:58:BE:6E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/LmjxmnE7EzclWyhQs8EvxxBYvm4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:6e0::/48
                  2a0e:97c0:6ee::/47

    Signature Algorithm: sha256WithRSAEncryption
         3e:60:c0:ea:20:0b:0e:50:50:17:9b:02:61:a4:c7:a0:22:29:
         4b:9b:e9:f5:8b:f4:b6:22:98:a8:a8:13:fd:5b:3b:20:f7:93:
         bc:5b:42:b5:ed:52:4a:bd:93:44:27:29:71:fe:5d:f1:5d:f2:
         26:6c:fc:4b:6b:2f:f4:af:d0:30:d7:d8:16:25:47:6e:5f:69:
         94:34:b4:f9:82:1a:62:5d:f7:3c:2e:0c:ed:43:75:80:92:f1:
         36:e9:c0:35:92:ae:85:4a:0c:be:27:28:e2:82:68:d6:4f:95:
         7e:d8:da:b1:65:f8:4c:ca:a2:17:0d:76:16:50:e6:3e:c8:85:
         83:2f:2a:b4:d2:fa:42:81:6f:8d:dc:85:eb:b8:fe:63:f3:e6:
         78:6d:47:55:76:b8:9b:f9:e7:8b:1f:89:08:ab:34:d9:d4:3b:
         05:0b:83:e8:e7:6b:d6:c1:de:b1:df:1a:2f:5a:d3:f9:bb:e8:
         fd:0e:a1:c8:f4:ec:2b:13:a7:0e:33:56:8b:f9:6c:7d:f6:0d:
         90:6d:53:e8:66:5d:de:0b:8f:3c:84:14:3d:9e:eb:19:05:d2:
         37:de:e3:38:e3:50:89:50:5b:a9:cf:5a:02:1c:d0:b8:17:f5:
         9d:8a:83:bc:22:8f:6a:0d:38:a7:51:26:33:6c:1e:7a:ba:bb:
         b7:bd:f6:1f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvVA+TuG4W9Tz3Ds69mdTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTY4ZjE5YTcxM2IxMzM3MjU1YjI4NTBiM2MxMmZjNzEwNThiZTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4TC4p0oiqQnpfIp/qpIytgC1SDQS
t42GnVMGUClcAH7Pesg/LdL2vuKPRGVw+GGmk8f5ixruxs2lqxZQWEjrOcg2z9J6
MY9cERE9Uw7We0z1Fd36zodtPPTe+G3T4EV1sg6EEHxxMjX8Jqcx/5ribQpK17oA
n0it9kaXlj3ew9odT2kDMgfWhUWXeJJmrZamrg/Mse4M+NYLlp+M1im7CqL97s5T
Q5ys9omECFXWpSFCmdtqMzUGNxpqJlkh8SerEPyL0wf88G1mMnAzsBNB0RLcbP6D
pQosK2F2ZTg3kZJ0QykqJDBaBMseZSI1c/e3zmptD2ol47EXXCOQ/MJc2QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFC5o8ZpxOxM3JVsoULPBL8cQWL5uMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTG1qeG1uRTdFemNsV3loUXM4RXZ4eEJZdm00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6XwAbg
AwcBKg6XwAbuMA0GCSqGSIb3DQEBCwUAA4IBAQA+YMDqIAsOUFAXmwJhpMegIilL
m+n1i/S2IpioqBP9Wzsg95O8W0K17VJKvZNEJylx/l3xXfImbPxLay/0r9Aw19gW
JUduX2mUNLT5ghpiXfc8LgztQ3WAkvE26cA1kq6FSgy+JyjigmjWT5V+2NqxZfhM
yqIXDXYWUOY+yIWDLyq00vpCgW+N3IXruP5j8+Z4bUdVdrib+eeLH4kIqzTZ1DsF
C4Po52vWwd6x3xovWtP5u+j9DqHI9OwrE6cOM1aL+Wx99g2QbVPoZl3eC488hBQ9
nusZBdI33uM441CJUFupz1oCHNC4F/WdioO8Io9qDTinUSYzbB56uru3vfYf
-----END CERTIFICATE-----