Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/R6jyR8Dy0sToTqrhM7ueBPpNz3M.roa
File:                     R6jyR8Dy0sToTqrhM7ueBPpNz3M.roa (raw, json)
Hash identifier:          EYTbOMjffi65s4N8OzSkJ8/+Et6mdvla7RPXUNBkpY4=
Subject key identifier:   47:A8:F2:47:C0:F2:D2:C4:E8:4E:AA:E1:33:BB:9E:04:FA:4D:CF:73
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD500D41444D8024BB332AF65C772F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/R6jyR8Dy0sToTqrhM7ueBPpNz3M.roa
Signing time:             Tue 02 Jan 2024 10:34:36 +0000
ROA not before:           Tue 02 Jan 2024 10:34:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213366
IP address blocks:        2a0e:b107:5c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:50:0d:41:44:4d:80:24:bb:33:2a:f6:5c:77:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47a8f247c0f2d2c4e84eaae133bb9e04fa4dcf73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:cc:ca:36:fd:26:a6:24:f0:3d:d9:e7:e1:10:
                    fd:57:25:a6:06:ab:ec:d3:1b:11:fc:61:c6:76:41:
                    a2:be:94:f4:6f:f8:5f:70:e3:11:aa:fe:63:9c:51:
                    fc:a0:71:b9:b0:11:25:f8:9e:8d:81:e9:14:42:35:
                    f1:b7:fb:bb:0c:ec:fb:10:6f:1b:52:68:dc:94:db:
                    f4:20:89:5e:b1:cf:ed:85:19:3c:bc:79:56:ad:0c:
                    7f:67:1b:f6:14:f2:15:cb:c8:f9:fe:1c:69:08:8e:
                    7f:25:7b:24:95:80:46:7c:93:aa:0c:f4:c1:62:95:
                    79:ae:4d:7e:52:fc:eb:f4:22:3c:5f:a6:09:e3:aa:
                    0c:f2:64:8a:de:ed:ef:b6:18:0e:3c:0c:a8:b7:2b:
                    99:de:3c:e0:57:3a:dc:bd:f1:56:78:5e:7f:3b:d7:
                    cf:c6:d8:19:66:eb:11:d2:81:38:44:91:40:30:2a:
                    48:cb:ab:42:79:3e:83:ae:a8:de:47:e9:7a:e3:50:
                    6c:04:07:e4:45:e7:a2:9e:b9:61:a7:ed:0f:01:27:
                    36:be:23:85:fe:4f:42:41:e0:c9:c5:44:e6:c4:c8:
                    dd:26:f3:92:df:0e:ba:98:e5:c7:88:58:2d:cf:fc:
                    50:d2:fe:be:dc:f2:e2:71:9c:db:22:3f:2f:67:d7:
                    f4:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:A8:F2:47:C0:F2:D2:C4:E8:4E:AA:E1:33:BB:9E:04:FA:4D:CF:73
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/R6jyR8Dy0sToTqrhM7ueBPpNz3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:5c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         ad:b4:76:37:11:2b:18:4f:52:fd:f5:76:64:0a:ca:4f:39:03:
         7d:b5:2b:67:a0:d7:17:35:c6:ea:44:85:ef:e5:5c:d2:fc:a1:
         03:2d:3a:b6:be:3f:cc:5b:2f:10:8a:c5:e6:36:37:3e:9e:86:
         53:2c:45:3a:3c:60:b0:6a:ca:42:ce:ff:e9:c2:d0:8f:0b:3b:
         b1:23:ce:8d:dc:7f:85:ac:5a:f4:59:b7:99:48:0b:88:60:e8:
         b9:d1:89:dd:f4:4a:30:56:2c:3d:80:0d:4e:4a:7b:af:ba:49:
         ab:ba:8d:0c:f6:7b:20:fd:5e:77:63:e1:62:4c:9b:e7:d5:5c:
         b9:10:aa:48:c3:10:eb:90:b0:a5:68:43:0d:73:be:bc:34:d1:
         9a:ec:a8:71:e7:3b:20:fa:48:48:53:11:15:4a:a5:d1:0f:22:
         dc:7e:e3:06:fd:32:6e:57:2a:06:3b:f4:c5:5f:02:06:43:be:
         9b:86:a1:e7:27:97:66:ae:19:72:3c:0f:cf:57:a6:18:ca:e5:
         4c:ca:a2:fe:3f:7f:7c:be:34:07:9d:32:8d:68:05:99:2a:b6:
         52:1d:ed:71:bc:5d:00:d5:32:e2:ca:de:bd:b1:f1:38:7f:3f:
         7d:76:2f:00:b3:92:78:15:04:50:fa:7a:5b:14:df:a5:ad:6b:
         b9:7f:58:d4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvVANQURNgCS7Myr2XHcvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2E4ZjI0N2MwZjJkMmM0ZTg0ZWFhZTEzM2JiOWUwNGZhNGRjZjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmczKNv0mpiTwPdnn4RD9VyWmBqvs
0xsR/GHGdkGivpT0b/hfcOMRqv5jnFH8oHG5sBEl+J6NgekUQjXxt/u7DOz7EG8b
UmjclNv0IIlesc/thRk8vHlWrQx/Zxv2FPIVy8j5/hxpCI5/JXsklYBGfJOqDPTB
YpV5rk1+Uvzr9CI8X6YJ46oM8mSK3u3vthgOPAyotyuZ3jzgVzrcvfFWeF5/O9fP
xtgZZusR0oE4RJFAMCpIy6tCeT6DrqjeR+l641BsBAfkReeinrlhp+0PASc2viOF
/k9CQeDJxUTmxMjdJvOS3w66mOXHiFgtz/xQ0v6+3PLicZzbIj8vZ9f0NwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEeo8kfA8tLE6E6q4TO7ngT6Tc9zMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUjZqeVI4RHkwc1RvVHFyaE03dWVCUHBOejNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBwXA
MA0GCSqGSIb3DQEBCwUAA4IBAQCttHY3ESsYT1L99XZkCspPOQN9tStnoNcXNcbq
RIXv5VzS/KEDLTq2vj/MWy8QisXmNjc+noZTLEU6PGCwaspCzv/pwtCPCzuxI86N
3H+FrFr0WbeZSAuIYOi50Ynd9EowViw9gA1OSnuvukmruo0M9nsg/V53Y+FiTJvn
1Vy5EKpIwxDrkLClaEMNc768NNGa7Khx5zsg+khIUxEVSqXRDyLcfuMG/TJuVyoG
O/TFXwIGQ76bhqHnJ5dmrhlyPA/PV6YYyuVMyqL+P398vjQHnTKNaAWZKrZSHe1x
vF0A1TLiyt69sfE4fz99di8As5J4FQRQ+npbFN+lrWu5f1jU
-----END CERTIFICATE-----