Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RvZGKdhMZLZ6jNFXrYZw9rIhZcI.roa
File:                     RvZGKdhMZLZ6jNFXrYZw9rIhZcI.roa (raw, json)
Hash identifier:          2xNhI39bxRyEw1W32ixGNN87UhMYhJOB2y55Jgxdq4E=
Subject key identifier:   46:F6:46:29:D8:4C:64:B6:7A:8C:D1:57:AD:86:70:F6:B2:21:65:C2
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CF05E845879C4F780F96BFA93B9066E4E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RvZGKdhMZLZ6jNFXrYZw9rIhZcI.roa
Signing time:             Tue 09 Jan 2024 22:36:15 +0000
ROA not before:           Tue 09 Jan 2024 22:36:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212184
IP address blocks:        2a0e:b107:20b0::/48 maxlen: 48
                          2a10:2f00:192::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f0:5e:84:58:79:c4:f7:80:f9:6b:fa:93:b9:06:6e:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  9 22:36:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46f64629d84c64b67a8cd157ad8670f6b22165c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:8a:03:3d:2c:9c:28:54:84:ec:70:fb:ef:f0:
                    ec:90:15:3f:02:db:9a:38:4d:02:7a:e8:71:81:cd:
                    6c:57:1c:d4:2e:71:a8:b2:35:fd:73:59:9c:1e:83:
                    ad:d1:8d:1d:17:a8:32:6d:d1:d6:f7:79:20:11:bd:
                    92:13:64:bf:e2:dd:ff:63:3e:b7:00:ba:03:f2:d5:
                    f5:2f:95:47:68:03:b4:8f:e3:36:99:c7:7e:83:33:
                    91:18:4f:d1:1e:81:3d:aa:c6:35:23:a2:ed:59:49:
                    08:ad:b9:58:e2:a4:ec:22:31:44:be:a0:13:37:ee:
                    c4:29:26:d6:61:a5:69:cb:8c:14:be:de:7b:a3:d8:
                    d6:3b:12:1d:a8:d3:5b:4e:ab:db:59:05:b7:40:8a:
                    60:7f:fd:5e:02:53:c5:6c:33:39:69:71:14:a6:27:
                    93:02:ca:b5:c5:65:72:cf:ca:20:5f:c3:ed:a6:39:
                    55:0f:b2:68:d3:75:8f:b2:34:20:40:86:16:84:f8:
                    7f:5c:ab:65:d0:3c:05:95:a3:a1:f7:e2:a2:bd:3e:
                    2e:97:28:90:48:06:01:af:9d:da:3a:87:d6:7d:5c:
                    f1:8d:d3:94:3e:86:26:aa:91:b3:6f:a8:de:2d:f5:
                    e3:47:25:59:ba:fa:c0:07:b9:c9:f4:37:ff:82:2f:
                    fb:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:F6:46:29:D8:4C:64:B6:7A:8C:D1:57:AD:86:70:F6:B2:21:65:C2
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RvZGKdhMZLZ6jNFXrYZw9rIhZcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:20b0::/48
                  2a10:2f00:192::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:ab:af:3b:fe:75:3f:80:67:a2:5d:a2:bd:e9:5f:ea:73:78:
         ea:d1:b2:e1:99:d9:bd:86:d1:a4:c1:18:30:0f:8f:87:52:3f:
         9c:67:78:a8:30:e0:f2:cf:03:f8:ff:82:8c:b1:8a:3c:ae:a2:
         54:8f:77:a5:f9:24:53:a9:43:9c:fe:51:b0:d2:ee:af:93:de:
         2b:ca:ca:85:36:1b:ad:38:5b:89:0b:c7:86:ed:f4:1b:03:d7:
         ce:70:ec:c9:29:e1:de:b5:b7:21:79:99:90:8a:fb:ff:b9:21:
         d4:a1:6e:52:ae:4a:8b:83:29:d1:66:e4:a1:e3:ef:76:b2:c4:
         51:a2:31:38:bf:e0:57:60:ed:16:d7:ca:54:0f:e7:e9:06:e2:
         c9:bf:9f:66:4a:37:52:91:3d:a5:15:af:3c:db:c5:bd:98:e4:
         46:37:fb:ed:7b:b7:db:2f:64:0d:92:fa:a5:4a:a7:05:93:86:
         82:c1:d3:88:c5:48:a8:75:2b:54:5c:32:2d:f3:22:69:17:c0:
         ad:86:5f:b5:a0:8b:55:28:00:b4:26:a1:1a:0c:8b:2c:b2:49:
         28:98:43:17:5f:e1:6b:0c:64:5e:c1:c8:be:59:b0:74:b8:e9:
         12:a8:0d:8a:85:0f:ef:bd:82:2a:39:e7:eb:49:27:d8:9b:ec:
         1b:52:96:82
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzwXoRYecT3gPlr+pO5Bm5OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTA5MjIzNjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmY2NDYyOWQ4NGM2NGI2N2E4Y2QxNTdhZDg2NzBmNmIyMjE2NWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIoDPSycKFSE7HD77/DskBU/Atua
OE0Ceuhxgc1sVxzULnGosjX9c1mcHoOt0Y0dF6gybdHW93kgEb2SE2S/4t3/Yz63
ALoD8tX1L5VHaAO0j+M2mcd+gzORGE/RHoE9qsY1I6LtWUkIrblY4qTsIjFEvqAT
N+7EKSbWYaVpy4wUvt57o9jWOxIdqNNbTqvbWQW3QIpgf/1eAlPFbDM5aXEUpieT
Asq1xWVyz8ogX8PtpjlVD7Jo03WPsjQgQIYWhPh/XKtl0DwFlaOh9+KivT4ulyiQ
SAYBr53aOofWfVzxjdOUPoYmqpGzb6jeLfXjRyVZuvrAB7nJ9Df/gi/73QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEb2RinYTGS2eozRV62GcPayIWXCMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUnZaR0tkaE1aTFo2ak5GWHJZWnc5ckloWmNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6xByCw
AwcAKhAvAAGSMA0GCSqGSIb3DQEBCwUAA4IBAQBPq687/nU/gGeiXaK96V/qc3jq
0bLhmdm9htGkwRgwD4+HUj+cZ3ioMODyzwP4/4KMsYo8rqJUj3el+SRTqUOc/lGw
0u6vk94rysqFNhutOFuJC8eG7fQbA9fOcOzJKeHetbcheZmQivv/uSHUoW5SrkqL
gynRZuSh4+92ssRRojE4v+BXYO0W18pUD+fpBuLJv59mSjdSkT2lFa8828W9mORG
N/vte7fbL2QNkvqlSqcFk4aCwdOIxUiodStUXDIt8yJpF8Cthl+1oItVKAC0JqEa
DIssskkomEMXX+FrDGRewci+WbB0uOkSqA2KhQ/vvYIqOefrSSfYm+wbUpaC
-----END CERTIFICATE-----