Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/N2l6EaAOR6hzdE30TFOG_jTLvQw.roa
File:                     N2l6EaAOR6hzdE30TFOG_jTLvQw.roa (raw, json)
Hash identifier:          Dt3aAL9W2whtEHzXtULbJOGXxd6zPQ3XmPSdj1rb0AE=
Subject key identifier:   37:69:7A:11:A0:0E:47:A8:73:74:4D:F4:4C:53:86:FE:34:CB:BD:0C
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCCE5752146F976A9C54D0B04328A7
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/N2l6EaAOR6hzdE30TFOG_jTLvQw.roa
Signing time:             Tue 02 Jan 2024 10:34:03 +0000
ROA not before:           Tue 02 Jan 2024 10:34:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48987
IP address blocks:        2a0e:97c0:700::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ce:57:52:14:6f:97:6a:9c:54:d0:b0:43:28:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37697a11a00e47a873744df44c5386fe34cbbd0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:aa:b9:6a:58:91:45:82:c3:59:99:d9:b3:da:
                    d0:30:33:fb:d0:f1:93:03:8e:f1:3a:49:b5:47:ba:
                    c7:ab:57:80:ac:0a:e9:08:ca:65:70:57:0b:58:56:
                    e1:d9:0e:14:0b:3d:ce:06:fc:0d:8d:42:47:1a:89:
                    c1:fa:c8:ba:33:0c:38:ed:b4:36:2a:91:c4:e1:b8:
                    49:e6:2e:c7:30:2b:4e:d0:a8:c6:8b:f1:4b:2a:9c:
                    71:80:5f:fd:9d:66:95:57:07:92:7f:ad:b8:31:a7:
                    5c:ac:e6:5c:56:00:7e:b7:98:61:0a:bb:1f:1c:07:
                    2d:68:58:64:c8:f7:ef:9e:19:74:ab:0b:4d:b6:fa:
                    1c:08:1b:f9:e6:9b:fe:65:35:1c:94:b1:6f:44:e1:
                    71:99:ba:2c:0b:52:79:d6:05:f8:35:87:6f:c1:f8:
                    50:93:8b:93:66:66:41:7d:56:ce:f3:0c:14:7d:98:
                    85:f7:ac:a9:54:70:ad:5d:0c:8e:ae:c2:4d:6a:30:
                    27:e3:a0:a0:90:d8:4b:8c:00:72:5d:88:67:59:24:
                    a2:8d:84:e2:b2:3c:85:35:06:1a:42:72:93:2e:8f:
                    27:4f:ac:ab:f6:7d:a1:7f:83:1f:f0:6f:19:d6:72:
                    b6:82:de:52:9e:09:90:42:db:68:78:9a:a7:52:36:
                    51:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:69:7A:11:A0:0E:47:A8:73:74:4D:F4:4C:53:86:FE:34:CB:BD:0C
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/N2l6EaAOR6hzdE30TFOG_jTLvQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:700::/44

    Signature Algorithm: sha256WithRSAEncryption
         2c:da:aa:ca:23:f8:97:d6:24:d5:61:0d:c3:8e:af:20:05:4d:
         7a:6b:67:03:b9:40:96:13:8c:3a:fb:65:55:c1:f8:96:ec:46:
         56:c8:47:66:ec:fb:9b:15:d2:c8:31:e8:87:b4:e9:d6:08:fd:
         d9:f4:56:48:34:10:dc:c9:54:76:c5:77:20:70:ca:3a:cd:de:
         e2:9a:3d:91:a8:9f:74:52:dc:fc:e8:d6:ed:6e:82:89:53:bb:
         df:9d:97:b1:1c:b3:cf:ff:42:05:95:aa:20:b7:2c:b6:27:2f:
         67:29:f3:45:b3:a3:07:c9:99:23:6d:a0:1a:41:67:6a:ae:7d:
         6c:30:69:88:f1:27:02:e9:95:1d:51:7f:47:04:ce:38:cb:4a:
         81:6c:36:bd:fa:c2:27:5f:11:c9:26:29:07:41:e7:ce:c9:75:
         35:d6:a5:ad:78:ee:b9:7c:19:85:95:9a:03:a9:b3:0e:e2:22:
         05:f7:0d:9a:6b:71:6c:d0:e1:6b:89:c1:6f:80:46:76:db:29:
         9d:af:d5:b9:bd:ef:d6:01:8b:1c:d7:68:ed:c6:a0:c9:98:b7:
         9e:fe:55:29:7d:6a:2a:3f:11:3a:e4:5d:68:44:63:24:51:41:
         9b:55:71:ae:03:bf:21:bd:79:a8:3e:fe:bf:53:cc:cc:c7:75:
         37:20:2f:c1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvM5XUhRvl2qcVNCwQyinMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzY5N2ExMWEwMGU0N2E4NzM3NDRkZjQ0YzUzODZmZTM0Y2JiZDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6q5aliRRYLDWZnZs9rQMDP70PGT
A47xOkm1R7rHq1eArArpCMplcFcLWFbh2Q4UCz3OBvwNjUJHGonB+si6Mww47bQ2
KpHE4bhJ5i7HMCtO0KjGi/FLKpxxgF/9nWaVVweSf624MadcrOZcVgB+t5hhCrsf
HActaFhkyPfvnhl0qwtNtvocCBv55pv+ZTUclLFvROFxmbosC1J51gX4NYdvwfhQ
k4uTZmZBfVbO8wwUfZiF96ypVHCtXQyOrsJNajAn46CgkNhLjAByXYhnWSSijYTi
sjyFNQYaQnKTLo8nT6yr9n2hf4Mf8G8Z1nK2gt5SngmQQttoeJqnUjZRXwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDdpehGgDkeoc3RN9ExThv40y70MMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTjJsNkVhQU9SNmh6ZEUzMFRGT0dfalRMdlF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAcA
MA0GCSqGSIb3DQEBCwUAA4IBAQAs2qrKI/iX1iTVYQ3Djq8gBU16a2cDuUCWE4w6
+2VVwfiW7EZWyEdm7PubFdLIMeiHtOnWCP3Z9FZINBDcyVR2xXcgcMo6zd7imj2R
qJ90Utz86NbtboKJU7vfnZexHLPP/0IFlaogtyy2Jy9nKfNFs6MHyZkjbaAaQWdq
rn1sMGmI8ScC6ZUdUX9HBM44y0qBbDa9+sInXxHJJikHQefOyXU11qWteO65fBmF
lZoDqbMO4iIF9w2aa3Fs0OFricFvgEZ22ymdr9W5ve/WAYsc12jtxqDJmLee/lUp
fWoqPxE65F1oRGMkUUGbVXGuA78hvXmoPv6/U8zMx3U3IC/B
-----END CERTIFICATE-----