Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/P1W0ZkSuzOrh4ajDnI4hpl1hwT8.roa
File:                     P1W0ZkSuzOrh4ajDnI4hpl1hwT8.roa (raw, json)
Hash identifier:          TDQCBqPKXpYC3iiTiV3CRPSti7C0IosKA8Y+ix2aaPs=
Subject key identifier:   3F:55:B4:66:44:AE:CC:EA:E1:E1:A8:C3:9C:8E:21:A6:5D:61:C1:3F
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD1BB08FEF4F62754029693BAD8723
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/P1W0ZkSuzOrh4ajDnI4hpl1hwT8.roa
Signing time:             Tue 02 Jan 2024 10:34:22 +0000
ROA not before:           Tue 02 Jan 2024 10:34:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209209
IP address blocks:        2a0e:b107:1560::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:1b:b0:8f:ef:4f:62:75:40:29:69:3b:ad:87:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f55b46644aecceae1e1a8c39c8e21a65d61c13f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c7:a4:3c:3a:96:a0:68:65:09:03:0c:b0:17:
                    24:86:f8:84:53:12:e2:16:b7:c1:d9:a7:ff:03:31:
                    50:b9:9f:f9:9b:32:f5:f8:ef:e3:db:c3:a8:43:ae:
                    38:bf:f9:8d:ec:5c:8c:23:8f:07:42:26:16:cb:dc:
                    51:e2:e0:dd:85:35:24:46:0a:84:10:57:e6:ff:e9:
                    f9:a7:cf:16:5a:30:c6:2d:e5:f6:df:16:1c:27:8d:
                    88:7b:81:c5:ac:b3:70:f4:31:bb:bf:f2:47:a0:91:
                    a3:0a:f7:d6:d1:67:60:83:67:6e:9b:de:6e:a0:00:
                    3f:85:2d:7b:09:12:74:ca:46:d5:35:52:b8:a1:dd:
                    9a:cb:7c:fb:4f:75:f1:43:88:e0:f7:f2:fa:14:22:
                    f2:f5:79:d8:cd:4e:74:c2:7b:27:93:fa:34:21:3d:
                    2e:8a:11:08:c3:08:1f:51:57:45:03:5e:b4:99:d1:
                    0a:08:67:10:dc:02:68:a8:a5:4b:82:e9:d7:20:d9:
                    9e:60:79:77:8b:31:29:7b:bb:3b:8b:02:fa:0a:8b:
                    03:f3:14:1b:3b:fe:b6:29:82:53:03:8b:f1:bc:dc:
                    47:66:93:ed:a1:6e:60:90:d3:9e:91:a6:ff:20:0e:
                    09:6e:74:04:60:35:a6:33:ed:bc:a3:f7:1d:3c:5a:
                    6c:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:55:B4:66:44:AE:CC:EA:E1:E1:A8:C3:9C:8E:21:A6:5D:61:C1:3F
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/P1W0ZkSuzOrh4ajDnI4hpl1hwT8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1560::/44

    Signature Algorithm: sha256WithRSAEncryption
         a2:7b:4e:03:13:58:9b:b1:6b:3e:d2:a0:81:73:93:2c:32:74:
         f5:ca:1f:04:81:19:23:58:87:ed:2d:8d:9b:e7:41:2e:b8:5a:
         af:dd:d5:52:27:f8:f6:04:66:64:20:ab:2e:56:2c:c2:80:a6:
         53:c7:7e:37:3e:9f:ef:7b:31:1a:cf:cd:59:1e:0a:a8:a4:b1:
         26:d5:93:29:c4:33:d3:14:00:dd:0f:7a:de:1c:69:57:a6:22:
         af:39:99:6c:b1:fa:06:e0:d4:6e:95:01:aa:bf:a3:a7:e6:0d:
         23:1e:ee:10:ff:cc:19:fd:e9:b7:cc:6d:3d:38:a7:2c:7a:93:
         b4:37:aa:59:65:1a:8b:31:6b:80:97:f3:d4:63:26:5d:7e:68:
         17:31:42:3b:e4:6c:83:20:00:ef:73:79:cb:da:1c:1f:f1:50:
         03:42:44:ae:f4:75:ac:22:f8:50:dc:21:7b:57:2e:1b:ff:97:
         9e:52:19:2e:b1:94:b2:ec:4f:32:98:01:65:68:89:43:05:24:
         5e:df:ad:18:f8:aa:5e:62:6c:44:02:ae:fb:bb:0b:1d:28:b5:
         71:1f:9a:23:9a:0f:0d:19:76:82:80:c9:25:9c:00:43:10:c8:
         d3:50:19:7e:4b:8d:de:a3:e9:e0:04:42:38:fb:49:1f:72:3e:
         0a:cd:a5:f6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvRuwj+9PYnVAKWk7rYcjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjU1YjQ2NjQ0YWVjY2VhZTFlMWE4YzM5YzhlMjFhNjVkNjFjMTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMekPDqWoGhlCQMMsBckhviEUxLi
FrfB2af/AzFQuZ/5mzL1+O/j28OoQ644v/mN7FyMI48HQiYWy9xR4uDdhTUkRgqE
EFfm/+n5p88WWjDGLeX23xYcJ42Ie4HFrLNw9DG7v/JHoJGjCvfW0Wdgg2dum95u
oAA/hS17CRJ0ykbVNVK4od2ay3z7T3XxQ4jg9/L6FCLy9XnYzU50wnsnk/o0IT0u
ihEIwwgfUVdFA160mdEKCGcQ3AJoqKVLgunXINmeYHl3izEpe7s7iwL6CosD8xQb
O/62KYJTA4vxvNxHZpPtoW5gkNOekab/IA4JbnQEYDWmM+28o/cdPFpsUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD9VtGZErszq4eGow5yOIaZdYcE/MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUDFXMFprU3V6T3JoNGFqRG5JNGhwbDFod1Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxVg
MA0GCSqGSIb3DQEBCwUAA4IBAQCie04DE1ibsWs+0qCBc5MsMnT1yh8EgRkjWIft
LY2b50EuuFqv3dVSJ/j2BGZkIKsuVizCgKZTx343Pp/vezEaz81ZHgqopLEm1ZMp
xDPTFADdD3reHGlXpiKvOZlssfoG4NRulQGqv6On5g0jHu4Q/8wZ/em3zG09OKcs
epO0N6pZZRqLMWuAl/PUYyZdfmgXMUI75GyDIADvc3nL2hwf8VADQkSu9HWsIvhQ
3CF7Vy4b/5eeUhkusZSy7E8ymAFlaIlDBSRe360Y+KpeYmxEAq77uwsdKLVxH5oj
mg8NGXaCgMklnABDEMjTUBl+S43eo+ngBEI4+0kfcj4KzaX2
-----END CERTIFICATE-----