Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OLhBWFYwH1wLVsfOfkavCdfsZXI.roa
File:                     OLhBWFYwH1wLVsfOfkavCdfsZXI.roa (raw, json)
Hash identifier:          qO8miYS6g2GDJ9PEzMV8k9Nxup0vhXCTbXyS7nLWPRU=
Subject key identifier:   38:B8:41:58:56:30:1F:5C:0B:56:C7:CE:7E:46:AF:09:D7:EC:65:72
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD1C8A7B2D6E0A7923D5D786E736A7
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OLhBWFYwH1wLVsfOfkavCdfsZXI.roa
Signing time:             Tue 02 Jan 2024 10:34:23 +0000
ROA not before:           Tue 02 Jan 2024 10:34:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209294
IP address blocks:        2a0e:b107:110::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:1c:8a:7b:2d:6e:0a:79:23:d5:d7:86:e7:36:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38b8415856301f5c0b56c7ce7e46af09d7ec6572
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ce:f2:cb:d2:35:b1:ee:8e:a9:40:3d:9b:88:
                    35:d0:02:f2:62:1b:37:51:1c:21:a9:c4:c4:c5:02:
                    00:df:23:e8:c1:cc:5a:10:fe:af:b6:cf:70:cc:96:
                    93:a7:e7:c5:d3:b4:0d:62:00:11:10:3c:3b:49:66:
                    73:d2:e2:bb:b6:de:93:55:1f:5e:48:c0:eb:99:31:
                    3f:d1:14:1a:05:57:37:99:d6:c7:0d:24:f8:cb:5a:
                    0c:84:78:1d:d6:a5:68:9d:d2:25:d4:ab:5c:bc:ed:
                    41:ec:e4:e0:88:97:a6:3d:a9:b7:a4:96:61:ea:b2:
                    09:c2:b6:5d:54:18:d5:6f:e5:f3:65:7d:23:ae:53:
                    43:95:8d:52:6f:ca:68:19:d9:4b:ec:2a:53:45:3e:
                    95:fb:2a:d2:9b:b6:b4:da:65:f9:16:01:4f:39:58:
                    33:6a:88:0d:10:06:8a:a7:d2:15:32:de:54:3c:26:
                    00:c1:c5:10:49:96:66:2f:e5:8f:78:a0:d1:b6:ef:
                    02:72:d7:78:93:10:fa:ed:1f:f0:c4:e7:b5:27:49:
                    a0:78:77:e5:9c:b4:c1:a0:7a:c0:46:16:dd:89:bf:
                    d2:bc:ab:7e:c1:4e:ae:ef:f5:be:06:34:50:f5:ff:
                    ea:07:1f:98:e1:17:e5:ad:9f:81:37:c0:ac:c7:9f:
                    ce:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:B8:41:58:56:30:1F:5C:0B:56:C7:CE:7E:46:AF:09:D7:EC:65:72
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OLhBWFYwH1wLVsfOfkavCdfsZXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:110::/44

    Signature Algorithm: sha256WithRSAEncryption
         a8:fb:17:dd:bb:44:09:15:69:3a:76:fd:a8:f0:e2:99:cc:79:
         be:0e:d6:0c:cf:f4:56:03:8e:13:c8:bb:d0:f7:1b:f3:aa:ad:
         95:04:42:3f:11:c7:27:b4:c0:be:4b:db:4e:2b:ba:83:e0:c3:
         0f:57:bd:26:94:6f:4d:83:fe:e8:0e:c2:10:15:27:93:cc:04:
         a7:19:9c:52:06:5a:ee:13:b3:1b:6a:3d:20:42:c2:6f:35:1c:
         dc:68:ab:d6:2a:3a:dd:8c:e7:ac:8c:57:ab:85:1b:8e:85:df:
         2e:53:af:ce:68:40:9e:0c:9b:33:4f:f1:30:06:f8:7a:9e:3c:
         67:ec:5c:cd:cd:4d:61:8a:99:9e:5a:26:14:fb:2a:cd:76:03:
         e1:ae:32:fd:24:cd:e7:fc:0c:f3:ab:80:19:c0:97:40:78:da:
         01:4f:b6:97:91:4c:10:0f:6a:0b:98:8d:25:1c:4a:c6:66:7c:
         1b:09:ec:aa:cd:7f:cc:51:82:2d:4e:35:62:8a:4a:82:1e:b4:
         44:4c:94:6f:5e:e4:df:bb:42:68:b8:6e:9f:fc:58:06:48:8d:
         b1:f7:f2:8c:01:7f:bc:74:b1:bb:b9:6d:2a:0f:d9:11:40:76:
         b9:81:54:6d:34:59:e0:e3:1f:2e:db:00:ad:21:c7:07:5e:77:
         4a:76:f8:61
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvRyKey1uCnkj1deG5zanMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGI4NDE1ODU2MzAxZjVjMGI1NmM3Y2U3ZTQ2YWYwOWQ3ZWM2NTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxM7yy9I1se6OqUA9m4g10ALyYhs3
URwhqcTExQIA3yPowcxaEP6vts9wzJaTp+fF07QNYgAREDw7SWZz0uK7tt6TVR9e
SMDrmTE/0RQaBVc3mdbHDST4y1oMhHgd1qVondIl1KtcvO1B7OTgiJemPam3pJZh
6rIJwrZdVBjVb+XzZX0jrlNDlY1Sb8poGdlL7CpTRT6V+yrSm7a02mX5FgFPOVgz
aogNEAaKp9IVMt5UPCYAwcUQSZZmL+WPeKDRtu8Cctd4kxD67R/wxOe1J0mgeHfl
nLTBoHrARhbdib/SvKt+wU6u7/W+BjRQ9f/qBx+Y4RflrZ+BN8Csx5/OpQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDi4QVhWMB9cC1bHzn5GrwnX7GVyMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvT0xoQldGWXdIMXdMVnNmT2ZrYXZDZGZzWlhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBwEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCo+xfdu0QJFWk6dv2o8OKZzHm+DtYMz/RWA44T
yLvQ9xvzqq2VBEI/EccntMC+S9tOK7qD4MMPV70mlG9Ng/7oDsIQFSeTzASnGZxS
BlruE7Mbaj0gQsJvNRzcaKvWKjrdjOesjFerhRuOhd8uU6/OaECeDJszT/EwBvh6
njxn7FzNzU1hipmeWiYU+yrNdgPhrjL9JM3n/Azzq4AZwJdAeNoBT7aXkUwQD2oL
mI0lHErGZnwbCeyqzX/MUYItTjViikqCHrRETJRvXuTfu0JouG6f/FgGSI2x9/KM
AX+8dLG7uW0qD9kRQHa5gVRtNFng4x8u2wCtIccHXndKdvhh
-----END CERTIFICATE-----