Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/LxpGs0u6DrZ_Z5wAQh5EkPblF4o.roa
File:                     LxpGs0u6DrZ_Z5wAQh5EkPblF4o.roa (raw, json)
Hash identifier:          Fybqc35WQUxeayCpiH0qANuU/TXeG7sD6Z1qKUhFQrg=
Subject key identifier:   2F:1A:46:B3:4B:BA:0E:B6:7F:67:9C:00:42:1E:44:90:F6:E5:17:8A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD20AA224E72BBC12847212B0F5DB5
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/LxpGs0u6DrZ_Z5wAQh5EkPblF4o.roa
Signing time:             Tue 02 Jan 2024 10:34:24 +0000
ROA not before:           Tue 02 Jan 2024 10:34:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209949
IP address blocks:        2a0e:97c0:d20::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:20:aa:22:4e:72:bb:c1:28:47:21:2b:0f:5d:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f1a46b34bba0eb67f679c00421e4490f6e5178a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c8:0c:36:0d:82:3a:9f:71:d1:ba:9f:ac:e6:
                    5c:88:9b:b2:fd:bc:52:bd:5d:15:07:4b:f9:75:6d:
                    52:0a:36:84:de:97:8a:69:8d:c3:54:5f:71:83:92:
                    d1:1d:21:56:ca:fe:cd:4c:c3:76:18:98:3b:bd:fe:
                    d8:7a:ce:c0:21:a7:a0:e1:98:18:77:03:a6:1b:52:
                    b9:33:33:3a:e3:9f:46:20:a3:fb:57:44:db:bd:54:
                    43:5e:f6:8b:87:a4:7e:3d:47:67:49:f9:00:b5:0c:
                    80:b9:85:a3:4d:84:86:0f:1e:57:9d:cd:15:ae:00:
                    10:a0:d0:2a:3d:77:d7:58:f5:ee:57:df:dd:1d:0e:
                    72:ac:96:52:f6:57:f0:55:37:2f:95:a0:19:05:9c:
                    2f:54:ac:b8:99:39:f2:7b:90:e7:9e:92:ea:1b:cb:
                    92:2c:ea:31:55:6b:e2:93:9b:2d:5a:87:50:e6:0a:
                    2e:b0:bc:54:76:65:d2:30:08:45:be:14:cb:b5:c2:
                    d1:f0:81:06:92:99:ea:f7:81:f0:76:da:58:48:dc:
                    27:fd:51:dd:46:f6:17:27:7c:10:4d:d4:0e:02:7b:
                    fa:eb:89:25:0f:43:e7:5c:ee:25:28:73:ea:4b:7a:
                    00:87:cf:55:37:d7:2a:c2:20:b8:5a:d8:d8:03:cb:
                    35:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:1A:46:B3:4B:BA:0E:B6:7F:67:9C:00:42:1E:44:90:F6:E5:17:8A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/LxpGs0u6DrZ_Z5wAQh5EkPblF4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:d20::/44

    Signature Algorithm: sha256WithRSAEncryption
         5b:3f:9d:6a:f8:c7:9f:5b:7e:04:15:05:0c:7b:f4:2b:fc:b3:
         58:78:70:ad:ce:55:c0:30:48:ad:d2:76:b8:c0:9b:22:75:12:
         62:db:f6:2d:7e:4c:9d:60:6f:eb:a2:37:a9:8a:4d:6f:1b:de:
         2a:c6:a6:55:ea:d1:5e:bf:37:34:74:49:78:64:c0:d1:4e:88:
         3b:94:a4:bc:66:9c:22:78:0a:8b:83:ce:88:7b:7e:af:f0:6c:
         3a:c0:e1:bd:e1:cc:3f:a4:35:98:3e:05:96:f2:61:87:bc:8c:
         8b:28:08:eb:16:bd:1b:32:7c:8f:65:9c:b2:dc:28:4d:44:05:
         8f:0e:d3:c2:87:0a:1b:dc:5b:44:e7:fd:3b:8e:5f:d0:24:d0:
         60:d0:19:b9:59:e4:f6:80:f8:a5:f1:08:6a:fa:c1:e2:d4:0b:
         fb:a2:a6:ba:95:09:3c:6f:62:c1:a7:e0:a4:be:b9:36:5a:b0:
         1a:12:23:47:ea:ca:38:04:56:84:2c:81:74:e4:17:40:b9:a2:
         03:dd:ac:6b:65:d2:0a:df:53:1c:a7:a9:7c:81:98:0b:92:9f:
         de:c9:96:cb:cf:49:33:46:3f:db:60:5a:90:67:dc:12:83:b1:
         81:f4:6c:6c:07:08:9c:13:d0:9c:c9:0e:32:4f:bf:66:a8:8b:
         a0:b8:bd:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvSCqIk5yu8EoRyErD121MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjFhNDZiMzRiYmEwZWI2N2Y2NzljMDA0MjFlNDQ5MGY2ZTUxNzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAisgMNg2COp9x0bqfrOZciJuy/bxS
vV0VB0v5dW1SCjaE3peKaY3DVF9xg5LRHSFWyv7NTMN2GJg7vf7Yes7AIaeg4ZgY
dwOmG1K5MzM6459GIKP7V0TbvVRDXvaLh6R+PUdnSfkAtQyAuYWjTYSGDx5Xnc0V
rgAQoNAqPXfXWPXuV9/dHQ5yrJZS9lfwVTcvlaAZBZwvVKy4mTnye5DnnpLqG8uS
LOoxVWvik5stWodQ5gousLxUdmXSMAhFvhTLtcLR8IEGkpnq94HwdtpYSNwn/VHd
RvYXJ3wQTdQOAnv664klD0PnXO4lKHPqS3oAh89VN9cqwiC4WtjYA8s1KwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC8aRrNLug62f2ecAEIeRJD25ReKMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTHhwR3MwdTZEclpfWjV3QVFoNUVrUGJsRjRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwA0g
MA0GCSqGSIb3DQEBCwUAA4IBAQBbP51q+MefW34EFQUMe/Qr/LNYeHCtzlXAMEit
0na4wJsidRJi2/YtfkydYG/rojepik1vG94qxqZV6tFevzc0dEl4ZMDRTog7lKS8
ZpwieAqLg86Ie36v8Gw6wOG94cw/pDWYPgWW8mGHvIyLKAjrFr0bMnyPZZyy3ChN
RAWPDtPChwob3FtE5/07jl/QJNBg0Bm5WeT2gPil8Qhq+sHi1Av7oqa6lQk8b2LB
p+Ckvrk2WrAaEiNH6so4BFaELIF05BdAuaID3axrZdIK31Mcp6l8gZgLkp/eyZbL
z0kzRj/bYFqQZ9wSg7GB9GxsBwicE9CcyQ4yT79mqIuguL1y
-----END CERTIFICATE-----