Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/PM7lFmQOBu4d14RQlSroscSocA8.roa
File:                     PM7lFmQOBu4d14RQlSroscSocA8.roa (raw, json)
Hash identifier:          XUKEwYT+KggnoKGIoLgPenEtIJ013Bdmi8nwHInSAuA=
Subject key identifier:   3C:CE:E5:16:64:0E:06:EE:1D:D7:84:50:95:2A:E8:B1:C4:A8:70:0F
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD0BFB974EACAE02D856820195C7B7
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/PM7lFmQOBu4d14RQlSroscSocA8.roa
Signing time:             Tue 02 Jan 2024 10:34:18 +0000
ROA not before:           Tue 02 Jan 2024 10:34:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205043
IP address blocks:        2a0e:97c0:b10::/44 maxlen: 48
                          2a0e:97c7::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:38:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:0b:fb:97:4e:ac:ae:02:d8:56:82:01:95:c7:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ccee516640e06ee1dd78450952ae8b1c4a8700f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:73:7c:8b:2d:75:e2:02:86:2d:37:78:96:0c:
                    14:61:64:69:2d:db:d5:88:2f:92:82:3c:9e:69:e8:
                    f6:d6:6c:23:1c:97:44:16:f1:ed:7c:a3:44:47:0d:
                    a3:26:86:ec:86:4a:e4:57:3a:bc:9a:7d:62:86:0a:
                    59:47:e5:f3:74:fb:98:17:83:07:d3:0a:e3:40:af:
                    b7:ed:31:0e:49:da:40:08:e0:74:97:08:8c:f1:c1:
                    99:05:70:5e:40:f2:8b:90:7c:48:72:d0:c2:38:33:
                    91:e6:0e:f0:cd:1f:53:2e:e3:53:50:72:df:95:d2:
                    5c:86:ef:35:5a:ba:f1:68:7c:b0:9a:12:01:ec:4b:
                    2e:53:11:47:6a:b8:51:4c:36:db:81:63:a0:1b:17:
                    c6:39:c9:76:b2:05:88:4f:6f:66:17:f5:b5:e3:c4:
                    72:ff:57:51:e5:72:61:4f:46:bc:34:aa:a5:20:42:
                    83:3b:1b:93:56:e0:13:47:6a:a4:35:38:d0:1e:41:
                    04:c6:9e:f4:3d:cb:c9:46:35:ed:8a:a5:50:1b:26:
                    7e:af:34:dd:6d:eb:d4:62:0a:65:fd:9e:87:bd:21:
                    1b:be:d8:01:37:ee:13:88:25:c7:a9:c0:d1:6d:65:
                    e6:d8:ea:aa:13:2b:6b:2b:60:fd:97:49:c4:32:89:
                    50:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:CE:E5:16:64:0E:06:EE:1D:D7:84:50:95:2A:E8:B1:C4:A8:70:0F
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/PM7lFmQOBu4d14RQlSroscSocA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:b10::/44
                  2a0e:97c7::/40

    Signature Algorithm: sha256WithRSAEncryption
         98:36:35:4c:d8:18:c4:34:f4:87:b1:fa:62:eb:f1:4a:fc:d2:
         e5:e5:ae:4f:7c:cc:12:c0:4e:14:ff:c2:6f:f9:e0:7a:8f:6a:
         fd:e0:e2:8a:26:6c:fc:d2:bc:0e:93:c2:c7:2f:83:92:c4:f4:
         5e:84:17:7d:c3:fc:95:bb:ce:06:5c:09:43:15:51:77:58:a3:
         ac:76:40:53:c1:33:a9:1d:37:d8:0b:e4:9c:c3:68:51:b3:cb:
         23:02:e1:0b:97:4c:7b:aa:c8:97:5a:05:83:d4:14:69:86:32:
         9d:d7:e4:b4:ae:98:08:a6:f7:86:4d:38:d2:a6:10:88:79:5c:
         06:ea:87:03:fd:e8:5e:1d:87:e5:2e:f0:42:1b:08:fd:69:b0:
         68:0f:ff:57:79:ff:db:3e:61:02:b3:77:f2:b5:cb:ff:82:22:
         ef:ea:ec:7a:6e:39:49:e5:06:45:5d:85:e8:f5:0f:f7:63:7c:
         62:31:12:dc:cd:14:40:4f:21:0d:9b:6b:ac:0b:13:ab:0d:c0:
         4c:07:69:39:48:0b:4f:80:1f:cd:9a:fe:f2:20:6a:b0:fb:74:
         42:5f:c3:3d:89:d1:8f:b0:3f:44:d3:0e:22:e7:35:30:36:fa:
         55:29:b3:7e:37:4d:28:ef:44:af:07:86:e1:63:81:a9:fe:d1:
         1a:d9:ab:9c
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYzJvQv7l06srgLYVoIBlce3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2NlZTUxNjY0MGUwNmVlMWRkNzg0NTA5NTJhZThiMWM0YTg3MDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnN8iy114gKGLTd4lgwUYWRpLdvV
iC+Sgjyeaej21mwjHJdEFvHtfKNERw2jJobshkrkVzq8mn1ihgpZR+XzdPuYF4MH
0wrjQK+37TEOSdpACOB0lwiM8cGZBXBeQPKLkHxIctDCODOR5g7wzR9TLuNTUHLf
ldJchu81WrrxaHywmhIB7EsuUxFHarhRTDbbgWOgGxfGOcl2sgWIT29mF/W148Ry
/1dR5XJhT0a8NKqlIEKDOxuTVuATR2qkNTjQHkEExp70PcvJRjXtiqVQGyZ+rzTd
bevUYgpl/Z6HvSEbvtgBN+4TiCXHqcDRbWXm2OqqEytrK2D9l0nEMolQ2QIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFDzO5RZkDgbuHdeEUJUq6LHEqHAPMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUE03bEZtUU9CdTRkMTRSUWxTcm9zY1NvY0E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcEKg6XwAsQ
AwYAKg6XxwAwDQYJKoZIhvcNAQELBQADggEBAJg2NUzYGMQ09Iex+mLr8Ur80uXl
rk98zBLAThT/wm/54HqPav3g4oombPzSvA6Twscvg5LE9F6EF33D/JW7zgZcCUMV
UXdYo6x2QFPBM6kdN9gL5JzDaFGzyyMC4QuXTHuqyJdaBYPUFGmGMp3X5LSumAim
94ZNONKmEIh5XAbqhwP96F4dh+Uu8EIbCP1psGgP/1d5/9s+YQKzd/K1y/+CIu/q
7HpuOUnlBkVdhej1D/djfGIxEtzNFEBPIQ2ba6wLE6sNwEwHaTlIC0+AH82a/vIg
arD7dEJfwz2J0Y+wP0TTDiLnNTA2+lUps343TSjvRK8HhuFjgan+0RrZq5w=
-----END CERTIFICATE-----