Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/NhFhgs5EFjGnJH1XIPXC6lG8cBw.roa
File:                     NhFhgs5EFjGnJH1XIPXC6lG8cBw.roa (raw, json)
Hash identifier:          chqsQJ9ZemqvDnJKTiBSFDyU7zbby11klE9qGMqIgj8=
Subject key identifier:   36:11:61:82:CE:44:16:31:A7:24:7D:57:20:F5:C2:EA:51:BC:70:1C
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD0CBDE9ABF0CF379B5DEB6889139E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/NhFhgs5EFjGnJH1XIPXC6lG8cBw.roa
Signing time:             Tue 02 Jan 2024 10:34:19 +0000
ROA not before:           Tue 02 Jan 2024 10:34:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205121
IP address blocks:        2a0e:97c0:ad0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:0c:bd:e9:ab:f0:cf:37:9b:5d:eb:68:89:13:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36116182ce441631a7247d5720f5c2ea51bc701c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:5f:ff:3a:34:4b:43:bb:b7:c0:a5:e6:67:a3:
                    e6:95:ac:1f:a5:eb:ac:24:1e:6d:c8:ed:59:6b:10:
                    90:d3:d8:b9:e5:5b:4d:f0:09:77:b0:25:b4:25:a5:
                    f8:97:cf:6d:7c:73:1f:8a:06:a9:42:20:05:d7:e4:
                    0b:fc:9d:85:a0:20:65:e3:b4:a9:e9:9b:8b:d6:20:
                    d6:a9:bf:32:91:05:e1:c7:cc:cb:3a:a7:a2:f5:eb:
                    b9:7a:be:b7:c3:76:bf:57:6b:e3:68:1c:0a:f4:98:
                    eb:8d:fc:a0:7b:1f:84:3c:eb:c8:ac:e9:ec:a2:f5:
                    4f:92:c7:53:0b:84:98:ad:e4:af:cf:48:24:a2:57:
                    eb:9c:1c:0f:fa:f2:50:68:bc:b6:b8:a9:e2:f8:28:
                    79:86:d2:b7:8b:40:73:ad:6d:0f:a2:77:22:c1:19:
                    d8:5d:d7:dd:e4:09:d7:d1:fe:b3:1f:7e:aa:1d:04:
                    e6:5b:51:5f:d5:67:7e:71:e2:5f:ce:da:8e:dd:f3:
                    ea:27:b5:52:80:a5:7a:9f:7d:d8:ea:2f:70:ba:be:
                    52:84:33:c8:9f:45:2f:50:00:39:d7:8f:94:03:36:
                    98:96:2c:e7:19:71:ba:a6:6d:9b:d7:9e:8c:d4:96:
                    50:f8:c0:2f:4a:18:82:d0:ac:7e:d4:fe:70:67:74:
                    bf:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:11:61:82:CE:44:16:31:A7:24:7D:57:20:F5:C2:EA:51:BC:70:1C
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/NhFhgs5EFjGnJH1XIPXC6lG8cBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:ad0::/44

    Signature Algorithm: sha256WithRSAEncryption
         66:7c:54:1a:79:1f:de:1b:27:ff:7c:4f:a2:df:b3:34:37:4b:
         b3:85:4b:2c:52:09:4c:ec:b3:01:96:f9:f1:f8:92:c1:30:80:
         dc:e6:49:83:93:07:d4:6b:ef:43:a5:82:54:61:4a:b3:11:90:
         d8:95:32:a3:31:55:f0:ad:ae:c6:f1:92:76:2a:d0:a7:37:4c:
         a7:c3:9e:b2:eb:d5:68:ff:2e:62:00:1b:63:ce:b3:0a:8e:a3:
         0e:59:56:c5:f3:78:e0:55:3e:df:b1:9c:d4:34:6f:7b:51:73:
         1d:41:14:d0:3c:c0:36:e8:a6:5d:53:57:09:6f:d1:f4:3d:9a:
         df:ba:96:9f:2f:60:50:60:ac:30:25:0c:e2:d5:af:63:07:49:
         8c:27:02:bf:10:b4:39:06:af:22:4a:0c:3b:4b:5c:fc:3f:60:
         9f:01:49:6a:5e:c8:86:b0:42:b0:1a:08:95:b8:47:81:9d:49:
         67:f6:2f:a7:64:3f:11:bd:7a:9d:64:2f:cb:e2:de:61:f8:d5:
         9c:9b:14:a6:ab:e7:e4:83:69:51:59:56:c8:74:3a:80:96:80:
         3c:2c:68:4d:ef:34:43:9e:ea:f4:f8:62:7d:6d:84:b5:51:01:
         76:d5:7d:cd:82:a5:99:f8:35:19:8e:cf:b7:76:6e:55:0d:73:
         0d:3e:a1:60
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvQy96avwzzebXetoiROeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjExNjE4MmNlNDQxNjMxYTcyNDdkNTcyMGY1YzJlYTUxYmM3MDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjV//OjRLQ7u3wKXmZ6Pmlawfpeus
JB5tyO1ZaxCQ09i55VtN8Al3sCW0JaX4l89tfHMfigapQiAF1+QL/J2FoCBl47Sp
6ZuL1iDWqb8ykQXhx8zLOqei9eu5er63w3a/V2vjaBwK9Jjrjfygex+EPOvIrOns
ovVPksdTC4SYreSvz0gkolfrnBwP+vJQaLy2uKni+Ch5htK3i0BzrW0PonciwRnY
Xdfd5AnX0f6zH36qHQTmW1Ff1Wd+ceJfztqO3fPqJ7VSgKV6n33Y6i9wur5ShDPI
n0UvUAA514+UAzaYliznGXG6pm2b156M1JZQ+MAvShiC0Kx+1P5wZ3S/lQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDYRYYLORBYxpyR9VyD1wupRvHAcMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTmhGaGdzNUVGakduSkgxWElQWEM2bEc4Y0J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwArQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBmfFQaeR/eGyf/fE+i37M0N0uzhUssUglM7LMB
lvnx+JLBMIDc5kmDkwfUa+9DpYJUYUqzEZDYlTKjMVXwra7G8ZJ2KtCnN0ynw56y
69Vo/y5iABtjzrMKjqMOWVbF83jgVT7fsZzUNG97UXMdQRTQPMA26KZdU1cJb9H0
PZrfupafL2BQYKwwJQzi1a9jB0mMJwK/ELQ5Bq8iSgw7S1z8P2CfAUlqXsiGsEKw
GgiVuEeBnUln9i+nZD8RvXqdZC/L4t5h+NWcmxSmq+fkg2lRWVbIdDqAloA8LGhN
7zRDnur0+GJ9bYS1UQF21X3NgqWZ+DUZjs+3dm5VDXMNPqFg
-----END CERTIFICATE-----