Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OVrg0Htf-g3vLyBIuygEq1WkUDM.roa
File:                     OVrg0Htf-g3vLyBIuygEq1WkUDM.roa (raw, json)
Hash identifier:          fT6c7mDjLLdTwt6pHaNEIS4qcmzX1uC/YGjf/1xtgBE=
Subject key identifier:   39:5A:E0:D0:7B:5F:FA:0D:EF:2F:20:48:BB:28:04:AB:55:A4:50:33
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCE469A4632BB797D12D3982EA0CFD
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OVrg0Htf-g3vLyBIuygEq1WkUDM.roa
Signing time:             Tue 02 Jan 2024 10:34:08 +0000
ROA not before:           Tue 02 Jan 2024 10:34:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151194
IP address blocks:        2a10:ccc0:ccc0::/44 maxlen: 48
                          2a10:ccc0:ccc0::/46 maxlen: 48
                          2a06:de00:de00::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e4:69:a4:63:2b:b7:97:d1:2d:39:82:ea:0c:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=395ae0d07b5ffa0def2f2048bb2804ab55a45033
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:0d:92:85:99:47:76:9d:2b:34:94:87:fe:02:
                    71:91:77:aa:46:ee:8c:85:44:07:bd:10:01:6c:11:
                    29:e1:8d:8f:5f:40:7e:64:85:57:b1:d7:7c:ef:a0:
                    41:a9:c2:49:29:29:ab:ae:38:f8:fc:5e:23:38:4b:
                    00:b4:7d:b4:f8:80:06:14:96:9a:e4:ae:ad:f3:62:
                    a0:a1:76:20:72:98:6b:92:b0:52:73:3b:dd:c3:23:
                    73:b7:3f:a3:55:39:09:2f:a0:9f:47:a2:87:b9:c7:
                    9e:1d:97:9e:00:9e:dc:54:f0:68:16:c2:a8:56:87:
                    65:65:7b:3f:43:5a:74:c2:96:39:8a:4e:43:9b:1c:
                    ff:75:c4:96:97:2f:1a:54:a4:32:06:0d:d6:0e:9a:
                    82:f0:f9:da:e6:b5:09:cc:c5:59:5b:eb:5b:40:86:
                    f9:f0:81:8e:c7:a1:e8:3c:e1:43:38:bc:8d:40:26:
                    0a:da:e5:ab:14:3f:e3:7a:65:c3:c5:28:b8:ab:ff:
                    e4:78:84:f1:c6:fe:a9:d1:2d:de:17:e7:55:c6:ae:
                    44:d1:39:52:c6:bb:3d:6d:5d:b9:c7:26:b4:a2:ee:
                    63:74:5d:b7:2b:a7:81:a9:54:e8:81:62:92:86:3d:
                    18:e0:e7:7f:4a:ea:e6:be:e3:80:ac:aa:11:17:63:
                    31:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:5A:E0:D0:7B:5F:FA:0D:EF:2F:20:48:BB:28:04:AB:55:A4:50:33
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OVrg0Htf-g3vLyBIuygEq1WkUDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de00:de00::/44
                  2a10:ccc0:ccc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         9d:36:47:71:e6:c7:3e:2e:74:4b:25:a6:00:cb:e5:19:f4:23:
         3f:ee:18:f5:ef:bb:d5:0a:b4:f3:8f:b4:25:d1:14:b5:32:97:
         af:fd:4a:21:b1:55:0b:1a:0c:01:4e:0e:be:c1:1e:b0:33:a5:
         3e:00:40:80:bb:46:cb:7c:f7:10:83:0b:2a:52:e5:2b:ca:e8:
         6f:aa:f4:7d:e2:0a:0c:1d:30:cc:5e:42:90:c9:48:67:46:e0:
         a1:6f:16:52:53:d2:d8:a3:32:d1:76:12:7f:75:bb:32:c3:fb:
         f6:2d:fd:35:61:e3:32:a0:44:a9:09:77:b7:9e:1a:10:4b:f1:
         b1:e5:02:99:86:3d:0b:b7:28:d5:f1:9c:31:7d:20:d9:88:66:
         78:8c:0f:e0:14:99:65:e0:03:90:e8:b9:e4:cc:e2:bf:4b:d4:
         f6:a8:c2:dd:68:69:49:8e:5d:e9:bc:09:79:5b:a8:dc:89:6f:
         99:35:2d:4d:ac:94:6b:10:e2:14:c5:1e:60:01:70:58:fb:a5:
         6f:6c:b2:fa:bb:04:bc:1b:2e:e4:b6:43:da:ce:cf:1f:51:dc:
         b9:a8:78:f0:c1:f9:de:f0:51:6a:46:a2:d9:69:12:b7:ee:97:
         e6:29:39:11:8f:d6:4c:da:cd:81:85:21:5a:12:ed:ca:8d:fc:
         3c:44:31:5c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvORppGMrt5fRLTmC6gz9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTVhZTBkMDdiNWZmYTBkZWYyZjIwNDhiYjI4MDRhYjU1YTQ1MDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiw2ShZlHdp0rNJSH/gJxkXeqRu6M
hUQHvRABbBEp4Y2PX0B+ZIVXsdd876BBqcJJKSmrrjj4/F4jOEsAtH20+IAGFJaa
5K6t82KgoXYgcphrkrBSczvdwyNztz+jVTkJL6CfR6KHuceeHZeeAJ7cVPBoFsKo
VodlZXs/Q1p0wpY5ik5Dmxz/dcSWly8aVKQyBg3WDpqC8Pna5rUJzMVZW+tbQIb5
8IGOx6HoPOFDOLyNQCYK2uWrFD/jemXDxSi4q//keITxxv6p0S3eF+dVxq5E0TlS
xrs9bV25xya0ou5jdF23K6eBqVTogWKShj0Y4Od/SurmvuOArKoRF2MxqQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDla4NB7X/oN7y8gSLsoBKtVpFAzMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvT1ZyZzBIdGYtZzN2THlCSXV5Z0VxMVdrVURNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKgbeAN4A
AwcEKhDMwMzAMA0GCSqGSIb3DQEBCwUAA4IBAQCdNkdx5sc+LnRLJaYAy+UZ9CM/
7hj177vVCrTzj7Ql0RS1Mpev/UohsVULGgwBTg6+wR6wM6U+AECAu0bLfPcQgwsq
UuUryuhvqvR94goMHTDMXkKQyUhnRuChbxZSU9LYozLRdhJ/dbsyw/v2Lf01YeMy
oESpCXe3nhoQS/Gx5QKZhj0LtyjV8ZwxfSDZiGZ4jA/gFJll4AOQ6LnkzOK/S9T2
qMLdaGlJjl3pvAl5W6jciW+ZNS1NrJRrEOIUxR5gAXBY+6VvbLL6uwS8Gy7ktkPa
zs8fUdy5qHjwwfne8FFqRqLZaRK37pfmKTkRj9ZM2s2BhSFaEu3Kjfw8RDFc
-----END CERTIFICATE-----