Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/MFGs1l6lXlq0plaezEMOj9VZcfc.roa
File:                     MFGs1l6lXlq0plaezEMOj9VZcfc.roa (raw, json)
Hash identifier:          bMfAgERcMnb6Gz3vpSyzENT8IAnr1HmnJ6v2h3bCt3w=
Subject key identifier:   30:51:AC:D6:5E:A5:5E:5A:B4:A6:56:9E:CC:43:0E:8F:D5:59:71:F7
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD1AAF2044614EFEABC40072E59011
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/MFGs1l6lXlq0plaezEMOj9VZcfc.roa
Signing time:             Tue 02 Jan 2024 10:34:22 +0000
ROA not before:           Tue 02 Jan 2024 10:34:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209025
IP address blocks:        2a0e:b107:9b0::/44 maxlen: 48
                          2a0e:b107:800::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 08:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:1a:af:20:44:61:4e:fe:ab:c4:00:72:e5:90:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3051acd65ea55e5ab4a6569ecc430e8fd55971f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:44:e7:9d:aa:09:a4:1d:0c:13:ff:3e:f0:59:
                    60:3b:77:57:53:cd:0c:ea:d5:f8:ca:ec:23:04:9c:
                    cf:07:d3:a0:94:1a:b3:f4:cb:a2:15:1c:b1:b1:30:
                    91:dc:64:bd:d1:ec:ce:58:4c:4c:46:34:ff:4b:1d:
                    9a:6e:3d:81:a3:dc:65:02:97:99:7e:3c:bb:c2:c7:
                    12:25:61:e5:47:1f:f9:fe:07:55:c5:2e:92:a4:82:
                    11:50:c3:03:77:1c:59:48:10:2c:67:74:76:7c:1b:
                    52:2f:66:a2:50:64:ae:35:7c:5f:22:9b:41:ee:d3:
                    7a:ce:74:99:e1:4f:f8:bf:32:38:95:6e:5d:50:60:
                    cd:df:de:2c:d4:c4:9f:f8:90:8d:7c:cb:a9:70:1b:
                    3d:e1:61:bc:ba:ae:5a:5b:a3:45:a2:5e:d8:bf:83:
                    12:46:39:17:47:97:38:cf:5b:eb:77:c8:cf:5e:7a:
                    1c:9b:68:68:c8:78:26:d6:38:f1:3d:ff:40:0b:83:
                    38:92:72:51:85:ac:b1:b8:e6:98:16:52:16:93:71:
                    19:41:2f:b5:f5:94:53:ba:0b:01:79:7a:14:0c:42:
                    26:33:fa:6a:cf:e2:88:7f:a6:da:15:b2:90:12:62:
                    85:c5:b8:d3:fd:c2:de:9d:ce:34:f4:63:0b:6d:11:
                    10:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:51:AC:D6:5E:A5:5E:5A:B4:A6:56:9E:CC:43:0E:8F:D5:59:71:F7
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/MFGs1l6lXlq0plaezEMOj9VZcfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:800::/44
                  2a0e:b107:9b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a4:53:dc:3e:e9:3f:14:a7:92:54:e3:03:26:4e:a0:77:22:5b:
         6d:1a:ff:c9:be:24:51:78:1a:4f:42:3d:e3:f7:bd:4e:36:d4:
         67:f3:5e:0c:64:2b:16:81:a7:f3:cf:52:cb:fa:8d:b2:c2:f6:
         12:0f:76:9a:67:bf:1c:4b:00:4f:ed:ad:1d:51:92:c1:2a:39:
         c6:36:d3:61:17:f8:b0:35:f2:74:2e:d9:ef:bf:2e:66:6d:d7:
         c6:db:78:86:b4:45:f6:26:19:21:46:27:68:4e:03:4f:54:ee:
         76:77:74:f3:f0:ab:11:9c:aa:34:5a:3a:a0:cb:99:f8:31:33:
         f2:dd:6a:da:18:9f:ca:31:c7:78:8c:8d:50:1b:5b:1c:dc:2a:
         85:31:d5:41:15:ec:04:4d:9b:f4:fb:21:5e:aa:44:f9:d9:ee:
         07:b3:12:c0:ea:78:c9:3f:4b:55:56:77:fe:d6:4f:4f:fb:60:
         d5:04:53:25:66:7a:8a:01:98:17:9b:5c:5c:a0:44:de:f8:3a:
         7b:88:8b:bb:e7:60:ce:cc:2c:11:5e:7f:8d:df:7c:fc:1c:6e:
         93:1f:4c:f8:d3:d5:f8:0a:8e:5a:88:e2:3b:d8:50:37:1c:ca:
         11:d2:26:67:42:8f:ef:73:f6:ef:bb:58:7f:0d:07:72:d3:01:
         96:c5:f2:33
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvRqvIERhTv6rxABy5ZARMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDUxYWNkNjVlYTU1ZTVhYjRhNjU2OWVjYzQzMGU4ZmQ1NTk3MWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA60TnnaoJpB0ME/8+8FlgO3dXU80M
6tX4yuwjBJzPB9OglBqz9MuiFRyxsTCR3GS90ezOWExMRjT/Sx2abj2Bo9xlApeZ
fjy7wscSJWHlRx/5/gdVxS6SpIIRUMMDdxxZSBAsZ3R2fBtSL2aiUGSuNXxfIptB
7tN6znSZ4U/4vzI4lW5dUGDN394s1MSf+JCNfMupcBs94WG8uq5aW6NFol7Yv4MS
RjkXR5c4z1vrd8jPXnocm2hoyHgm1jjxPf9AC4M4knJRhayxuOaYFlIWk3EZQS+1
9ZRTugsBeXoUDEImM/pqz+KIf6baFbKQEmKFxbjT/cLenc409GMLbREQsQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDBRrNZepV5atKZWnsxDDo/VWXH3MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTUZHczFsNmxYbHEwcGxhZXpFTU9qOVZaY2ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6xBwgA
AwcEKg6xBwmwMA0GCSqGSIb3DQEBCwUAA4IBAQCkU9w+6T8Up5JU4wMmTqB3Iltt
Gv/JviRReBpPQj3j971ONtRn814MZCsWgafzz1LL+o2ywvYSD3aaZ78cSwBP7a0d
UZLBKjnGNtNhF/iwNfJ0Ltnvvy5mbdfG23iGtEX2JhkhRidoTgNPVO52d3Tz8KsR
nKo0Wjqgy5n4MTPy3WraGJ/KMcd4jI1QG1sc3CqFMdVBFewETZv0+yFeqkT52e4H
sxLA6njJP0tVVnf+1k9P+2DVBFMlZnqKAZgXm1xcoETe+Dp7iIu752DOzCwRXn+N
33z8HG6TH0z409X4Co5aiOI72FA3HMoR0iZnQo/vc/bvu1h/DQdy0wGWxfIz
-----END CERTIFICATE-----