Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ML7THU52uOqrRpLIv8E2RrAJzpo.roa
File:                     ML7THU52uOqrRpLIv8E2RrAJzpo.roa (raw, json)
Hash identifier:          TISydKstulQJrae7KR4pj6rrjwtXINxR1J/sajLY4Yo=
Subject key identifier:   30:BE:D3:1D:4E:76:B8:EA:AB:46:92:C8:BF:C1:36:46:B0:09:CE:9A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCF37A146E0F35C715D65C020E42B8
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ML7THU52uOqrRpLIv8E2RrAJzpo.roa
Signing time:             Tue 02 Jan 2024 10:34:12 +0000
ROA not before:           Tue 02 Jan 2024 10:34:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200237
IP address blocks:        2a06:de01:f0::/48 maxlen: 48
                          2a06:de01:f1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:f3:7a:14:6e:0f:35:c7:15:d6:5c:02:0e:42:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30bed31d4e76b8eaab4692c8bfc13646b009ce9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:37:3c:fb:9c:21:6e:80:f4:6a:9f:ed:35:39:
                    77:eb:c4:e0:14:f9:78:b6:66:5d:53:24:b4:9d:fd:
                    66:9e:0b:6a:3a:7c:32:2a:00:3a:5e:c3:68:38:44:
                    39:cd:e0:93:fc:82:d0:f8:0b:a8:20:ed:f5:05:0e:
                    e2:d5:c9:82:cc:f3:94:85:9e:0c:d6:dc:a8:ac:93:
                    aa:6b:d1:7a:b1:f3:42:c3:c5:e9:9a:aa:3a:c4:b0:
                    e9:d1:a9:0c:47:8e:94:0a:d5:26:57:19:2d:82:10:
                    f9:d1:53:26:93:e8:a4:55:4b:e8:17:6f:d2:8d:ce:
                    f5:1f:20:69:32:b0:f8:29:06:ba:bc:cf:86:18:a8:
                    59:22:56:05:3f:15:7a:1a:54:46:3d:7f:b2:d9:80:
                    05:cd:e1:1f:4d:10:85:8f:37:38:2d:14:96:b8:33:
                    50:39:25:f3:e4:84:20:05:03:29:34:c0:c8:ed:a1:
                    ad:b4:76:6d:a9:9c:d1:6f:23:4e:82:05:8c:81:07:
                    78:05:09:ae:58:dc:6b:4c:e4:b8:78:cb:87:cb:ca:
                    1e:75:f2:18:81:8f:b4:84:ac:09:14:63:a4:ea:7e:
                    d2:6f:dc:4d:ff:75:78:eb:df:05:60:29:49:da:e5:
                    5e:a9:ff:30:f1:69:38:48:fe:d1:fd:b2:a8:36:09:
                    bb:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:BE:D3:1D:4E:76:B8:EA:AB:46:92:C8:BF:C1:36:46:B0:09:CE:9A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ML7THU52uOqrRpLIv8E2RrAJzpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de01:f0::/47

    Signature Algorithm: sha256WithRSAEncryption
         bb:a5:da:92:6c:fc:ad:54:59:18:37:e7:84:ce:70:4a:e8:c0:
         94:8d:1a:4b:32:6c:00:35:5e:11:5c:7b:85:1c:5e:53:0f:6e:
         7d:2d:78:eb:3f:a3:77:2b:34:e5:61:4e:26:ac:f3:42:bf:e0:
         f3:c5:02:57:b1:4f:0d:62:28:93:3a:0c:1e:a9:02:4d:62:6c:
         77:a7:02:5e:04:91:d7:20:51:29:07:18:c1:be:d6:6e:ac:4d:
         a6:0f:74:7b:78:84:e7:9f:ee:ab:3d:40:d3:b8:d0:69:46:72:
         d4:95:ca:5a:34:f9:28:66:69:c7:92:73:01:af:33:73:8a:65:
         da:f1:a9:d7:78:12:76:2f:45:92:a0:30:a6:a9:7b:3f:71:ad:
         2e:1b:d5:c3:cb:d2:c4:a2:9b:81:f9:d0:2c:8b:b1:38:20:43:
         29:b3:63:a7:a4:8e:b6:42:b7:d6:bd:ec:d5:32:df:0b:02:5f:
         fd:91:80:fc:f4:9c:14:bf:0c:72:d1:b5:cc:31:cb:0f:6b:f8:
         9c:ac:86:cf:5f:e1:36:0d:75:24:4a:80:28:fc:f8:22:c2:e2:
         ed:ba:5e:c0:bb:00:7a:b2:27:a6:d0:02:95:b8:54:d0:eb:b0:
         62:db:a9:3e:db:d8:65:53:76:57:5c:eb:37:05:04:c2:f6:d5:
         bd:1f:89:b9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvPN6FG4PNccV1lwCDkK4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGJlZDMxZDRlNzZiOGVhYWI0NjkyYzhiZmMxMzY0NmIwMDljZTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjc8+5whboD0ap/tNTl368TgFPl4
tmZdUyS0nf1mngtqOnwyKgA6XsNoOEQ5zeCT/ILQ+AuoIO31BQ7i1cmCzPOUhZ4M
1tyorJOqa9F6sfNCw8Xpmqo6xLDp0akMR46UCtUmVxktghD50VMmk+ikVUvoF2/S
jc71HyBpMrD4KQa6vM+GGKhZIlYFPxV6GlRGPX+y2YAFzeEfTRCFjzc4LRSWuDNQ
OSXz5IQgBQMpNMDI7aGttHZtqZzRbyNOggWMgQd4BQmuWNxrTOS4eMuHy8oedfIY
gY+0hKwJFGOk6n7Sb9xN/3V4698FYClJ2uVeqf8w8Wk4SP7R/bKoNgm7awIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDC+0x1Odrjqq0aSyL/BNkawCc6aMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTUw3VEhVNTJ1T3FyUnBMSXY4RTJSckFKenBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgbeAQDw
MA0GCSqGSIb3DQEBCwUAA4IBAQC7pdqSbPytVFkYN+eEznBK6MCUjRpLMmwANV4R
XHuFHF5TD259LXjrP6N3KzTlYU4mrPNCv+DzxQJXsU8NYiiTOgweqQJNYmx3pwJe
BJHXIFEpBxjBvtZurE2mD3R7eITnn+6rPUDTuNBpRnLUlcpaNPkoZmnHknMBrzNz
imXa8anXeBJ2L0WSoDCmqXs/ca0uG9XDy9LEopuB+dAsi7E4IEMps2OnpI62QrfW
vezVMt8LAl/9kYD89JwUvwxy0bXMMcsPa/icrIbPX+E2DXUkSoAo/PgiwuLtul7A
uwB6siem0AKVuFTQ67Bi26k+29hlU3ZXXOs3BQTC9tW9H4m5
-----END CERTIFICATE-----