Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/M2M85Vhkjoo8-nDMLDja7-hiPR4.roa
File:                     M2M85Vhkjoo8-nDMLDja7-hiPR4.roa (raw, json)
Hash identifier:          gF8s/kIFubU/2sRtyxufFW6tsvwREHtVzQT0oZWW7N4=
Subject key identifier:   33:63:3C:E5:58:64:8E:8A:3C:FA:70:CC:2C:38:DA:EF:E8:62:3D:1E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD156DFF8BD0D5995054BF805E42D4
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/M2M85Vhkjoo8-nDMLDja7-hiPR4.roa
Signing time:             Tue 02 Jan 2024 10:34:21 +0000
ROA not before:           Tue 02 Jan 2024 10:34:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207716
IP address blocks:        2a0e:97c0:7bd::/48 maxlen: 48
                          2a0e:97c0:7b0::/44 maxlen: 48
                          2a0e:97c0:7be::/48 maxlen: 48
                          2a0e:97c0:7bf::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:15:6d:ff:8b:d0:d5:99:50:54:bf:80:5e:42:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33633ce558648e8a3cfa70cc2c38daefe8623d1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:8f:45:1c:69:1c:68:75:fb:88:19:06:ae:43:
                    8b:a1:4a:cb:74:2f:ee:47:6a:3d:96:1d:8e:8f:24:
                    c7:63:f4:e6:aa:93:fb:db:4e:97:ec:d6:d0:5b:77:
                    c4:21:fc:08:f6:d4:ec:50:d7:10:df:15:1c:5c:5a:
                    09:ec:05:0f:3a:6c:1d:55:1a:9d:b0:10:6b:a6:69:
                    19:07:17:c3:87:35:4d:43:e6:37:86:77:1f:74:6c:
                    da:40:02:79:be:92:cf:82:7f:1a:ec:03:1d:ac:0f:
                    bf:e2:50:b2:76:56:6a:38:a0:bf:f3:97:f9:85:a7:
                    38:23:4c:e5:9f:d1:fb:5f:87:4b:d6:85:39:99:9b:
                    5a:02:ee:e1:e9:19:3c:ce:45:a3:31:e9:c7:60:0b:
                    d5:65:1e:cb:5a:95:43:73:a9:9d:71:ef:93:68:f0:
                    d6:d0:91:19:63:af:67:43:34:14:c7:4e:a8:44:fb:
                    f2:7b:0c:c2:d0:5b:ee:68:04:03:11:6b:71:42:53:
                    10:96:77:9c:10:bd:8e:03:a5:ac:ae:b2:05:88:78:
                    6f:2f:76:24:03:cd:aa:e9:77:13:d1:d2:73:f6:b7:
                    ea:86:18:60:e4:4f:b1:84:30:48:a4:cc:4b:77:c4:
                    20:48:71:d2:78:7a:c0:56:12:10:e7:07:10:a8:4f:
                    f8:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:63:3C:E5:58:64:8E:8A:3C:FA:70:CC:2C:38:DA:EF:E8:62:3D:1E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/M2M85Vhkjoo8-nDMLDja7-hiPR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:7b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         4e:ca:6f:66:b8:b3:b0:da:bf:d0:8e:87:ef:e2:fe:58:c3:ef:
         f2:ba:cc:59:50:f2:03:8e:4a:25:80:f3:be:c9:0a:d8:8a:3b:
         1c:27:81:72:b1:a4:24:af:df:80:ae:1e:aa:f2:39:b6:9d:e3:
         cc:bf:11:ea:6b:da:ee:36:a0:10:6c:fe:d4:f7:b5:c8:78:35:
         9b:d3:2d:71:70:8f:08:a8:9d:ed:b8:40:77:65:29:8a:4f:5c:
         08:d2:67:f5:fa:78:4a:62:a3:97:e6:15:e6:ee:f3:83:59:c0:
         03:f5:75:e0:f2:35:2b:ae:21:7d:9c:eb:50:25:d3:be:00:5f:
         8d:1a:75:5c:9c:59:8a:2d:02:4a:9b:09:b2:03:42:17:2f:07:
         c4:85:35:26:c8:42:58:ee:c3:55:24:7f:72:4f:5e:54:19:e0:
         76:10:e9:92:59:53:6c:98:c3:40:6f:1f:e1:e3:6d:19:2b:27:
         d8:8c:11:bc:dd:f3:f0:2a:fb:de:67:90:80:3f:ec:63:0a:fd:
         20:33:98:16:a6:18:97:9b:89:83:9b:36:e8:d1:68:bb:b8:bf:
         a0:c5:b5:25:7c:1d:ae:f8:eb:60:7e:21:76:86:43:0e:c8:52:
         87:4a:96:aa:6d:2d:74:0f:e6:01:4c:65:ab:6c:45:a3:ea:38:
         da:18:18:c7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvRVt/4vQ1ZlQVL+AXkLUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzYzM2NlNTU4NjQ4ZThhM2NmYTcwY2MyYzM4ZGFlZmU4NjIzZDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgY9FHGkcaHX7iBkGrkOLoUrLdC/u
R2o9lh2OjyTHY/TmqpP7206X7NbQW3fEIfwI9tTsUNcQ3xUcXFoJ7AUPOmwdVRqd
sBBrpmkZBxfDhzVNQ+Y3hncfdGzaQAJ5vpLPgn8a7AMdrA+/4lCydlZqOKC/85f5
hac4I0zln9H7X4dL1oU5mZtaAu7h6Rk8zkWjMenHYAvVZR7LWpVDc6mdce+TaPDW
0JEZY69nQzQUx06oRPvyewzC0FvuaAQDEWtxQlMQlnecEL2OA6WsrrIFiHhvL3Yk
A82q6XcT0dJz9rfqhhhg5E+xhDBIpMxLd8QgSHHSeHrAVhIQ5wcQqE/4jwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDNjPOVYZI6KPPpwzCw42u/oYj0eMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTTJNODVWaGtqb284LW5ETUxEamE3LWhpUFI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAew
MA0GCSqGSIb3DQEBCwUAA4IBAQBOym9muLOw2r/Qjofv4v5Yw+/yusxZUPIDjkol
gPO+yQrYijscJ4FysaQkr9+Arh6q8jm2nePMvxHqa9ruNqAQbP7U97XIeDWb0y1x
cI8IqJ3tuEB3ZSmKT1wI0mf1+nhKYqOX5hXm7vODWcAD9XXg8jUrriF9nOtQJdO+
AF+NGnVcnFmKLQJKmwmyA0IXLwfEhTUmyEJY7sNVJH9yT15UGeB2EOmSWVNsmMNA
bx/h420ZKyfYjBG83fPwKvveZ5CAP+xjCv0gM5gWphiXm4mDmzbo0Wi7uL+gxbUl
fB2u+OtgfiF2hkMOyFKHSpaqbS10D+YBTGWrbEWj6jjaGBjH
-----END CERTIFICATE-----