Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Pk7RFZv4stmgI0z3d4ec5UpY5BQ.roa
File:                     Pk7RFZv4stmgI0z3d4ec5UpY5BQ.roa (raw, json)
Hash identifier:          EMjib3kJ+lOI1EKzaTQ155sHL2Hiyd5HjZVn3zATtLA=
Subject key identifier:   3E:4E:D1:15:9B:F8:B2:D9:A0:23:4C:F7:77:87:9C:E5:4A:58:E4:14
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018DFA7C574C9361EF7CA7D4178F90F4CCCB
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Pk7RFZv4stmgI0z3d4ec5UpY5BQ.roa
Signing time:             Fri 01 Mar 2024 14:47:49 +0000
ROA not before:           Fri 01 Mar 2024 14:47:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26737
IP address blocks:        194.50.111.0/24 maxlen: 24
                          2a10:ccc0:110::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:fa:7c:57:4c:93:61:ef:7c:a7:d4:17:8f:90:f4:cc:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Mar  1 14:47:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e4ed1159bf8b2d9a0234cf777879ce54a58e414
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a5:a7:b1:b2:c8:df:d4:f0:63:d5:9e:00:fe:
                    2e:d9:e0:1d:76:eb:01:a0:94:e3:4b:73:92:1b:25:
                    5c:4d:91:7d:50:1f:e0:b0:be:25:ad:dd:dd:8b:d8:
                    b9:6c:e0:a9:5d:77:7b:94:89:f1:b5:09:8d:1e:ea:
                    e6:23:de:c3:10:7a:df:2e:69:41:78:b4:e0:b6:a2:
                    5b:40:38:e4:dd:aa:19:ee:78:2c:1f:f8:62:38:ff:
                    0b:40:e1:f8:36:e2:63:ff:17:a2:3f:75:d7:5d:2e:
                    a6:8d:fc:ea:25:7b:95:ad:02:f7:8c:ba:b1:27:4f:
                    f6:2f:89:ba:35:75:6e:29:d5:5a:dc:14:ce:1a:89:
                    79:9e:f5:c2:05:aa:67:e0:51:41:46:5b:00:35:64:
                    70:97:d2:37:e1:54:11:ab:32:eb:ac:75:ef:1e:eb:
                    35:08:ef:cb:d2:89:09:9c:b7:cc:83:d9:50:6d:e4:
                    8a:60:84:1b:41:c6:32:cf:6f:67:76:d7:e0:07:66:
                    1d:3e:96:60:fa:f5:a7:fa:f4:57:07:6f:47:ec:0b:
                    48:8b:20:04:d4:28:fa:44:62:e9:5c:d9:ff:b3:50:
                    b8:9f:0e:26:62:f4:ca:9b:48:0a:57:78:93:36:bb:
                    a1:b2:34:72:00:14:f1:85:1b:11:8e:c4:5c:12:9b:
                    35:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:4E:D1:15:9B:F8:B2:D9:A0:23:4C:F7:77:87:9C:E5:4A:58:E4:14
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Pk7RFZv4stmgI0z3d4ec5UpY5BQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.111.0/24
                IPv6:
                  2a10:ccc0:110::/44

    Signature Algorithm: sha256WithRSAEncryption
         1d:f0:a5:82:b1:38:b7:ff:c6:33:db:c1:51:ea:78:f6:65:09:
         51:05:bb:65:87:28:90:ed:db:a7:57:34:97:d3:d5:cb:4f:b8:
         92:7e:84:ed:ba:12:ed:b3:ac:88:75:dd:a8:15:f5:59:ec:c0:
         13:4f:80:67:41:23:5a:b0:13:25:50:e3:d9:cd:6b:53:cc:a0:
         5f:7a:63:cf:49:42:40:82:ad:6c:82:57:e9:b0:6d:ac:c4:1c:
         26:ad:a7:2c:e8:c2:c2:28:39:aa:69:f1:a6:03:c4:d2:b3:6b:
         06:74:51:91:1a:ad:dd:94:5d:a1:c9:07:54:d3:da:b9:fe:a2:
         51:d4:11:15:5f:ac:66:9c:76:3a:f5:3a:34:32:3e:71:4e:e5:
         35:86:26:9f:24:af:f1:db:f1:46:a6:d8:3a:d1:64:dc:4c:07:
         ef:6b:98:2e:7a:cf:82:39:8a:d0:18:bf:20:b5:4f:62:4d:74:
         c8:7c:74:49:d5:12:c2:6b:2e:b0:3b:a2:70:74:9b:a8:84:e5:
         6c:31:62:46:fa:34:41:f3:ba:49:66:61:8b:5c:41:fe:53:44:
         05:fb:5e:2f:b9:0c:63:8a:b0:2e:b2:b9:16:7a:f0:f6:e4:79:
         d7:58:85:7f:ac:bc:7d:88:b7:fb:54:08:de:82:a0:31:b0:b4:
         f1:4c:95:d9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY36fFdMk2HvfKfUF4+Q9MzLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMzAxMTQ0NzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTRlZDExNTliZjhiMmQ5YTAyMzRjZjc3Nzg3OWNlNTRhNThlNDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6WnsbLI39TwY9WeAP4u2eAddusB
oJTjS3OSGyVcTZF9UB/gsL4lrd3di9i5bOCpXXd7lInxtQmNHurmI97DEHrfLmlB
eLTgtqJbQDjk3aoZ7ngsH/hiOP8LQOH4NuJj/xeiP3XXXS6mjfzqJXuVrQL3jLqx
J0/2L4m6NXVuKdVa3BTOGol5nvXCBapn4FFBRlsANWRwl9I34VQRqzLrrHXvHus1
CO/L0okJnLfMg9lQbeSKYIQbQcYyz29ndtfgB2YdPpZg+vWn+vRXB29H7AtIiyAE
1Cj6RGLpXNn/s1C4nw4mYvTKm0gKV3iTNruhsjRyABTxhRsRjsRcEps1PQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD5O0RWb+LLZoCNM93eHnOVKWOQUMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUGs3UkZadjRzdG1nSTB6M2Q0ZWM1VXBZNUJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwjJvMA8E
AgACMAkDBwQqEMzAARAwDQYJKoZIhvcNAQELBQADggEBAB3wpYKxOLf/xjPbwVHq
ePZlCVEFu2WHKJDt26dXNJfT1ctPuJJ+hO26Eu2zrIh13agV9VnswBNPgGdBI1qw
EyVQ49nNa1PMoF96Y89JQkCCrWyCV+mwbazEHCatpyzowsIoOapp8aYDxNKzawZ0
UZEard2UXaHJB1TT2rn+olHUERVfrGacdjr1OjQyPnFO5TWGJp8kr/Hb8Uam2DrR
ZNxMB+9rmC56z4I5itAYvyC1T2JNdMh8dEnVEsJrLrA7onB0m6iE5WwxYkb6NEHz
uklmYYtcQf5TRAX7Xi+5DGOKsC6yuRZ68PbkeddYhX+svH2It/tUCN6CoDGwtPFM
ldk=
-----END CERTIFICATE-----