Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Mkj45y47MRVrwqWeKcH2t3nn7Vc.roa
File:                     Mkj45y47MRVrwqWeKcH2t3nn7Vc.roa (raw, json)
Hash identifier:          5J1sxmmtEJfb1zkRAKbw4ZsYfRO0MVFq6AB52iQWLqA=
Subject key identifier:   32:48:F8:E7:2E:3B:31:15:6B:C2:A5:9E:29:C1:F6:B7:79:E7:ED:57
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD197EA785FA508A60A5FB653207DD
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Mkj45y47MRVrwqWeKcH2t3nn7Vc.roa
Signing time:             Tue 02 Jan 2024 10:34:22 +0000
ROA not before:           Tue 02 Jan 2024 10:34:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208755
IP address blocks:        2a0e:b107:3a7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:19:7e:a7:85:fa:50:8a:60:a5:fb:65:32:07:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3248f8e72e3b31156bc2a59e29c1f6b779e7ed57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d8:64:22:ff:e6:31:51:42:5a:8d:0c:4f:05:
                    fe:0e:c6:ac:da:26:05:6d:e6:9f:5d:09:ff:f6:cf:
                    ed:96:30:97:c1:81:c4:e8:d0:b4:a7:01:b0:af:5e:
                    af:93:44:32:83:07:d2:28:c2:b2:81:c5:d3:14:e0:
                    ff:b1:cb:ac:e6:24:cb:a8:3f:1e:20:48:07:3b:ab:
                    94:92:38:c0:8f:c2:ae:ab:b5:ed:aa:34:d1:4d:8b:
                    0e:5b:4d:95:31:be:01:5a:29:3d:db:2e:71:9a:1a:
                    61:bd:6c:b6:b0:f2:65:69:f3:bb:31:9f:2c:42:e6:
                    71:24:07:ac:42:cf:f1:ba:26:4e:3b:1f:cc:5e:fa:
                    4a:b7:2c:89:08:cf:17:a2:1a:ef:25:b5:90:a5:a2:
                    2b:94:49:2d:72:b1:7e:65:eb:31:1c:f9:ac:17:25:
                    59:3e:39:7b:a7:ba:b6:55:83:33:b3:92:0b:f1:fe:
                    68:7d:10:d4:a9:44:78:e6:a2:21:13:18:81:23:54:
                    b3:a7:3e:a1:37:a0:82:06:f8:56:23:58:96:1a:01:
                    6d:ec:77:2e:b6:84:78:40:ec:34:e8:e2:12:62:03:
                    aa:4a:f4:65:67:88:c5:98:12:f1:19:48:d5:c6:85:
                    bf:f7:96:c1:7a:ba:b9:ea:82:65:b2:a5:82:54:d2:
                    8d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:48:F8:E7:2E:3B:31:15:6B:C2:A5:9E:29:C1:F6:B7:79:E7:ED:57
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Mkj45y47MRVrwqWeKcH2t3nn7Vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:3a7::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:47:09:29:4d:91:83:87:21:1b:2f:f0:0f:67:9d:10:38:30:
         c0:7b:4c:fd:62:49:03:aa:9c:10:14:85:1a:f9:9f:25:af:30:
         61:e6:7f:7b:6d:d5:e8:8a:f6:22:7e:71:be:e9:2e:47:fd:ca:
         19:7a:d2:ef:70:05:c8:ce:0f:ba:aa:60:c7:97:c1:92:26:64:
         ef:82:e0:99:68:b5:6c:32:7a:60:2e:cc:22:e4:64:39:16:6b:
         d0:68:69:98:ca:c7:a1:64:9e:8e:65:55:1c:84:9a:b5:23:5a:
         72:1a:a3:a5:a6:0f:71:49:6f:fa:b1:b8:10:9c:3e:2e:8d:45:
         69:1f:05:65:5b:71:12:60:9e:d4:eb:ad:77:6e:0f:4b:34:a6:
         b4:9e:36:96:dc:08:05:01:90:93:ff:92:0c:f0:44:8a:6b:25:
         ba:42:ad:b2:8e:08:91:22:8a:28:7c:36:49:3c:3f:cb:75:20:
         5a:b4:2b:6c:fa:73:dc:43:e3:b4:2d:b3:c3:69:ac:44:69:dd:
         3e:7e:db:14:0d:19:17:7c:8f:ac:3e:ee:ee:a5:9b:34:d3:1f:
         d4:05:7b:85:a2:f6:af:d5:ec:e9:40:ba:cf:b4:ba:f4:07:a7:
         69:3a:6b:5d:fd:e3:a5:22:61:1c:1e:4e:d4:db:f1:ea:70:3d:
         c7:7a:70:d8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvRl+p4X6UIpgpftlMgfdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjQ4ZjhlNzJlM2IzMTE1NmJjMmE1OWUyOWMxZjZiNzc5ZTdlZDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9hkIv/mMVFCWo0MTwX+Dsas2iYF
beafXQn/9s/tljCXwYHE6NC0pwGwr16vk0QygwfSKMKygcXTFOD/scus5iTLqD8e
IEgHO6uUkjjAj8Kuq7XtqjTRTYsOW02VMb4BWik92y5xmhphvWy2sPJlafO7MZ8s
QuZxJAesQs/xuiZOOx/MXvpKtyyJCM8XohrvJbWQpaIrlEktcrF+ZesxHPmsFyVZ
Pjl7p7q2VYMzs5IL8f5ofRDUqUR45qIhExiBI1Szpz6hN6CCBvhWI1iWGgFt7Hcu
toR4QOw06OISYgOqSvRlZ4jFmBLxGUjVxoW/95bBerq56oJlsqWCVNKNgQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDJI+OcuOzEVa8KlninB9rd55+1XMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTWtqNDV5NDdNUlZyd3FXZUtjSDJ0M25uN1ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBwOn
MA0GCSqGSIb3DQEBCwUAA4IBAQCiRwkpTZGDhyEbL/APZ50QODDAe0z9YkkDqpwQ
FIUa+Z8lrzBh5n97bdXoivYifnG+6S5H/coZetLvcAXIzg+6qmDHl8GSJmTvguCZ
aLVsMnpgLswi5GQ5FmvQaGmYysehZJ6OZVUchJq1I1pyGqOlpg9xSW/6sbgQnD4u
jUVpHwVlW3ESYJ7U6613bg9LNKa0njaW3AgFAZCT/5IM8ESKayW6Qq2yjgiRIooo
fDZJPD/LdSBatCts+nPcQ+O0LbPDaaxEad0+ftsUDRkXfI+sPu7upZs00x/UBXuF
ovav1ezpQLrPtLr0B6dpOmtd/eOlImEcHk7U2/HqcD3HenDY
-----END CERTIFICATE-----