Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/QpIMChsOvCovU6ZhdE5JQaEcuBQ.roa
File:                     QpIMChsOvCovU6ZhdE5JQaEcuBQ.roa (raw, json)
Hash identifier:          Q0/4DNWTvJEvLzFcxlb1uJdsb691+qyA5+8Jl+3U1mE=
Subject key identifier:   42:92:0C:0A:1B:0E:BC:2A:2F:53:A6:61:74:4E:49:41:A1:1C:B8:14
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCF787FE0601A89DF5B92E25F2F8F2
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/QpIMChsOvCovU6ZhdE5JQaEcuBQ.roa
Signing time:             Tue 02 Jan 2024 10:34:13 +0000
ROA not before:           Tue 02 Jan 2024 10:34:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200730
IP address blocks:        2a0e:b107:1fc0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:f7:87:fe:06:01:a8:9d:f5:b9:2e:25:f2:f8:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42920c0a1b0ebc2a2f53a661744e4941a11cb814
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:db:4c:01:cc:bc:56:18:ad:b8:8b:6d:36:88:
                    e4:38:c5:3d:71:a8:68:0c:d8:bf:e7:d2:cc:70:6c:
                    f6:17:15:f9:70:9c:83:34:a6:92:86:df:15:9e:ba:
                    42:8f:1a:56:57:7a:32:b0:fe:e4:78:ff:81:3f:f6:
                    3b:57:73:75:24:00:8f:1b:3d:4c:98:34:31:84:7d:
                    19:39:dc:7a:95:35:5d:e4:da:b7:42:89:27:4d:7d:
                    dd:96:2a:03:39:a8:90:30:df:0b:fd:98:be:db:6c:
                    16:15:91:c7:19:ab:3a:f3:1f:f4:58:42:82:6c:de:
                    be:d2:56:ed:b5:5d:4b:95:7e:46:4c:5d:01:e7:82:
                    12:c6:58:04:ad:be:14:9a:e7:b2:06:25:92:c6:90:
                    75:0d:05:00:61:d7:19:b8:a5:88:b0:99:15:ad:cb:
                    9b:4a:a4:58:2d:48:20:f1:2a:52:4b:f7:ad:c1:61:
                    44:c1:8a:7f:b0:a9:99:cf:86:4c:ba:be:5b:cf:e1:
                    5d:cb:01:06:4a:be:78:d6:f7:d5:31:4c:e8:35:b9:
                    cb:9a:64:dc:86:89:5f:3c:ca:c5:69:e5:65:02:83:
                    db:b1:06:06:2d:57:3e:63:91:b4:fa:00:84:ea:53:
                    24:41:1f:b5:52:ef:88:3e:19:b3:d9:d7:55:57:25:
                    48:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:92:0C:0A:1B:0E:BC:2A:2F:53:A6:61:74:4E:49:41:A1:1C:B8:14
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/QpIMChsOvCovU6ZhdE5JQaEcuBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1fc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         37:81:f3:77:d6:05:2f:fb:5f:e7:49:47:98:41:8d:3f:f3:72:
         69:29:d2:46:35:d6:93:c5:85:e6:4a:5e:5d:57:29:67:29:fe:
         e4:34:75:61:30:3f:34:5b:2a:87:0a:c9:ee:cb:1b:77:45:f0:
         cc:d2:dc:03:cb:0a:f5:7e:4a:82:e4:9c:50:2a:87:d2:65:c3:
         c7:3d:4f:0e:3a:e1:b1:d0:37:d7:c7:02:da:fb:72:93:cb:a7:
         61:92:74:94:f6:36:af:f0:1e:f5:3c:51:11:6d:72:bd:da:66:
         fc:0d:49:05:dd:ee:be:f0:4b:f4:3d:fc:87:0e:8d:1a:ea:67:
         eb:33:88:c7:b8:27:11:c3:75:7d:04:01:3b:88:4b:bc:7c:5d:
         de:cd:ac:00:fd:b2:c4:2b:7c:01:ca:99:49:14:a2:d1:7e:1a:
         23:65:71:fd:25:45:33:e8:42:70:b8:a3:09:48:fb:50:76:2c:
         af:4b:67:e0:1a:eb:3d:d7:52:ca:e4:6d:f4:69:57:a6:b8:cf:
         5d:41:33:a9:e9:54:1e:65:17:3a:87:34:62:fb:5f:74:1f:2c:
         c9:00:4b:e4:b7:e9:30:07:51:eb:59:35:18:ea:d5:fc:99:d7:
         49:f9:a7:25:0e:03:a7:72:b7:e9:5d:54:20:cf:65:ba:d5:d7:
         b9:40:57:63
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvPeH/gYBqJ31uS4l8vjyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjkyMGMwYTFiMGViYzJhMmY1M2E2NjE3NDRlNDk0MWExMWNiODE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNtMAcy8VhituIttNojkOMU9caho
DNi/59LMcGz2FxX5cJyDNKaSht8VnrpCjxpWV3oysP7keP+BP/Y7V3N1JACPGz1M
mDQxhH0ZOdx6lTVd5Nq3QoknTX3dlioDOaiQMN8L/Zi+22wWFZHHGas68x/0WEKC
bN6+0lbttV1LlX5GTF0B54ISxlgErb4UmueyBiWSxpB1DQUAYdcZuKWIsJkVrcub
SqRYLUgg8SpSS/etwWFEwYp/sKmZz4ZMur5bz+FdywEGSr541vfVMUzoNbnLmmTc
holfPMrFaeVlAoPbsQYGLVc+Y5G0+gCE6lMkQR+1Uu+IPhmz2ddVVyVI+wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEKSDAobDrwqL1OmYXROSUGhHLgUMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUXBJTUNoc092Q292VTZaaGRFNUpRYUVjdUJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBx/A
MA0GCSqGSIb3DQEBCwUAA4IBAQA3gfN31gUv+1/nSUeYQY0/83JpKdJGNdaTxYXm
Sl5dVylnKf7kNHVhMD80WyqHCsnuyxt3RfDM0twDywr1fkqC5JxQKofSZcPHPU8O
OuGx0DfXxwLa+3KTy6dhknSU9jav8B71PFERbXK92mb8DUkF3e6+8Ev0PfyHDo0a
6mfrM4jHuCcRw3V9BAE7iEu8fF3ezawA/bLEK3wByplJFKLRfhojZXH9JUUz6EJw
uKMJSPtQdiyvS2fgGus911LK5G30aVemuM9dQTOp6VQeZRc6hzRi+190HyzJAEvk
t+kwB1HrWTUY6tX8mddJ+aclDgOncrfpXVQgz2W61de5QFdj
-----END CERTIFICATE-----