Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Mn8awRsP279FIB0qaRVZoY1eE9o.roa
File:                     Mn8awRsP279FIB0qaRVZoY1eE9o.roa (raw, json)
Hash identifier:          6DHbkFCTMFB40UBygiUgCygF9KzEWQcmJsHq3e8E1I4=
Subject key identifier:   32:7F:1A:C1:1B:0F:DB:BF:45:20:1D:2A:69:15:59:A1:8D:5E:13:DA
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CFF851782F813C3136B84340DFAEEA7F3
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Mn8awRsP279FIB0qaRVZoY1eE9o.roa
Signing time:             Fri 12 Jan 2024 21:12:41 +0000
ROA not before:           Fri 12 Jan 2024 21:12:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216084
IP address blocks:        2a0e:97c0:ee0::/44 maxlen: 48
                          2a0e:97c0::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ff:85:17:82:f8:13:c3:13:6b:84:34:0d:fa:ee:a7:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan 12 21:12:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=327f1ac11b0fdbbf45201d2a691559a18d5e13da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:36:7b:80:5f:7a:2d:96:48:e6:50:6f:5e:d8:
                    0e:85:c2:51:20:7c:b1:68:0d:ff:26:b8:e0:ed:a8:
                    0e:90:12:2c:5b:63:9b:aa:16:1d:02:f6:68:ee:1a:
                    8e:11:c5:f6:2f:46:8d:6a:e9:e5:cc:a3:b2:33:63:
                    e5:5d:2f:dc:93:f8:f1:f4:bb:68:a0:3b:5f:cf:9d:
                    94:92:2c:4e:66:fd:d8:9b:c5:cf:b0:89:b7:94:34:
                    1f:81:0c:1b:cc:ae:01:c3:b8:c5:89:11:9b:43:72:
                    0c:0f:45:91:1d:4b:b2:cb:6d:a8:bb:06:5d:b9:4a:
                    df:cb:17:ff:31:30:50:60:a1:bf:23:8d:f7:ed:9c:
                    c0:75:af:01:2f:84:f6:63:a0:d6:7a:85:01:b1:1f:
                    3f:51:33:df:f0:41:c5:98:e2:b7:93:7f:45:88:f9:
                    65:bd:a1:a4:d1:2e:71:d0:5f:c1:e2:b5:77:b8:ed:
                    ca:e0:0b:8e:0a:5b:e9:aa:eb:11:e5:79:01:93:3e:
                    60:64:d8:a1:eb:20:cd:ed:16:aa:85:e5:2b:93:a3:
                    70:9f:1a:cc:2a:61:10:91:81:d8:4e:22:4c:eb:7e:
                    e1:91:61:4c:f5:2e:51:ee:fe:b6:4d:c3:79:88:cc:
                    cb:aa:12:1e:85:04:c6:a8:fd:44:a1:3b:c9:21:c7:
                    e0:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:7F:1A:C1:1B:0F:DB:BF:45:20:1D:2A:69:15:59:A1:8D:5E:13:DA
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Mn8awRsP279FIB0qaRVZoY1eE9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0::/40
                  2a0e:97c0:ee0::/44

    Signature Algorithm: sha256WithRSAEncryption
         55:18:cb:39:ac:fb:3c:f0:58:b6:c4:fc:e5:4a:25:ae:66:78:
         36:c0:e3:61:3e:dc:ac:2b:18:c9:9a:98:bd:57:25:d0:e9:fc:
         6a:0d:88:48:ea:57:ba:ff:0c:f9:fc:84:c6:2e:a2:c8:42:59:
         f4:2c:de:7d:14:35:ec:3b:95:18:10:5b:b0:ca:57:26:75:f6:
         40:cd:a9:b8:56:1a:99:d8:fb:47:70:38:f2:a1:4c:23:21:54:
         ca:b1:28:ef:a2:f4:bd:aa:7a:ca:8b:4c:22:b9:6f:5d:a0:77:
         a8:5f:d3:7a:46:55:52:d4:d0:d6:32:2f:73:51:47:a0:22:6b:
         8b:ca:ff:a4:1e:34:4b:91:a9:02:8a:cf:44:6b:40:f3:d8:fc:
         18:90:b9:f2:94:15:4a:1b:22:f3:c5:42:db:31:87:14:c8:24:
         68:2d:ae:93:ea:48:82:78:b2:4d:f5:05:ca:a1:6b:2a:75:62:
         c6:6d:ee:51:bb:bb:ca:8d:13:ef:09:d4:32:61:31:12:ec:d3:
         1f:36:a1:47:12:d5:1b:79:bb:39:9c:88:b8:ee:89:91:6f:17:
         2d:ec:52:37:9c:e5:6c:c8:ec:01:6e:f4:16:7d:e1:a0:f6:80:
         74:f3:0d:2d:8d:9f:b4:6f:55:2a:b4:7a:2b:a1:e3:ac:5b:04:
         f8:59:28:f5
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYz/hReC+BPDE2uENA367qfzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTEyMjExMjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjdmMWFjMTFiMGZkYmJmNDUyMDFkMmE2OTE1NTlhMThkNWUxM2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDZ7gF96LZZI5lBvXtgOhcJRIHyx
aA3/Jrjg7agOkBIsW2ObqhYdAvZo7hqOEcX2L0aNaunlzKOyM2PlXS/ck/jx9Lto
oDtfz52UkixOZv3Ym8XPsIm3lDQfgQwbzK4Bw7jFiRGbQ3IMD0WRHUuyy22ouwZd
uUrfyxf/MTBQYKG/I4337ZzAda8BL4T2Y6DWeoUBsR8/UTPf8EHFmOK3k39FiPll
vaGk0S5x0F/B4rV3uO3K4AuOClvpqusR5XkBkz5gZNih6yDN7RaqheUrk6NwnxrM
KmEQkYHYTiJM637hkWFM9S5R7v62TcN5iMzLqhIehQTGqP1EoTvJIcfgBQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFDJ/GsEbD9u/RSAdKmkVWaGNXhPaMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTW44YXdSc1AyNzlGSUIwcWFSVlpvWTFlRTlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYAKg6XwAAD
BwQqDpfADuAwDQYJKoZIhvcNAQELBQADggEBAFUYyzms+zzwWLbE/OVKJa5meDbA
42E+3KwrGMmamL1XJdDp/GoNiEjqV7r/DPn8hMYuoshCWfQs3n0UNew7lRgQW7DK
VyZ19kDNqbhWGpnY+0dwOPKhTCMhVMqxKO+i9L2qesqLTCK5b12gd6hf03pGVVLU
0NYyL3NRR6Aia4vK/6QeNEuRqQKKz0RrQPPY/BiQufKUFUobIvPFQtsxhxTIJGgt
rpPqSIJ4sk31Bcqhayp1YsZt7lG7u8qNE+8J1DJhMRLs0x82oUcS1Rt5uzmciLju
iZFvFy3sUjec5WzI7AFu9BZ94aD2gHTzDS2Nn7RvVSq0eiuh46xbBPhZKPU=
-----END CERTIFICATE-----