Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/TUy7AExu22GAy0V7-IGXQJkmDPY.roa
File:                     TUy7AExu22GAy0V7-IGXQJkmDPY.roa (raw, json)
Hash identifier:          KzjX/SlHys0KcnSPfzJRJv4gmWYAcn831+evts/XsN0=
Subject key identifier:   4D:4C:BB:00:4C:6E:DB:61:80:CB:45:7B:F8:81:97:40:99:26:0C:F6
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018D32D1E38D517B058010954EA967E19784
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/TUy7AExu22GAy0V7-IGXQJkmDPY.roa
Signing time:             Mon 22 Jan 2024 20:17:12 +0000
ROA not before:           Mon 22 Jan 2024 20:17:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211169
IP address blocks:        2a0e:b107:15b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:32:d1:e3:8d:51:7b:05:80:10:95:4e:a9:67:e1:97:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan 22 20:17:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d4cbb004c6edb6180cb457bf881974099260cf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:87:69:71:1a:db:7c:82:61:61:e4:60:7e:07:
                    63:02:3c:8f:d4:f5:de:4f:a6:57:06:a0:ac:57:97:
                    db:6b:72:9e:37:e9:a3:94:58:88:28:8d:f0:51:00:
                    5e:94:1c:80:e2:a5:99:b1:36:d2:cb:23:14:cb:84:
                    fe:69:ad:d7:ff:30:59:04:d0:76:54:3c:ee:bc:e2:
                    db:1d:e6:77:70:38:30:33:70:3c:3a:52:46:a0:69:
                    5e:eb:07:18:3a:a9:17:cd:17:3d:5a:0e:dd:e8:d6:
                    70:13:57:03:df:40:83:a3:bc:5e:4d:07:33:6c:6b:
                    d0:b7:8d:56:f8:48:34:fb:48:45:eb:c2:57:03:4e:
                    2b:42:06:76:cd:ae:d5:0c:49:22:c1:ff:1b:cb:9b:
                    b6:d8:ce:d4:59:0b:3b:17:78:d4:ed:4a:84:ea:64:
                    1c:33:67:87:a8:f2:e5:3a:f3:6b:dc:7d:d0:ae:64:
                    cc:d0:59:82:e2:8c:44:89:d1:f0:4b:9b:18:1a:cb:
                    49:8d:00:25:70:f5:d7:d7:c1:c1:d4:3d:9f:28:42:
                    9d:30:4a:7a:22:21:1e:80:fb:dd:56:82:59:67:12:
                    31:bd:0b:91:99:40:55:0c:3f:06:a5:62:eb:c9:7e:
                    8e:d3:7f:6e:86:a2:a1:83:7b:de:3a:dc:f0:99:6e:
                    9f:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:4C:BB:00:4C:6E:DB:61:80:CB:45:7B:F8:81:97:40:99:26:0C:F6
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/TUy7AExu22GAy0V7-IGXQJkmDPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:15b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         bf:ec:0d:c4:ec:fd:f8:06:b5:c1:8e:a0:d4:ac:00:9a:f3:22:
         60:3d:c6:42:cc:39:40:d0:51:f3:26:4b:55:3c:0d:08:b9:35:
         34:fb:50:b1:05:f1:fa:44:71:74:19:0b:ab:1b:97:0a:7c:5f:
         cc:b2:c8:77:51:43:aa:09:9d:0b:9b:fa:6c:b4:36:ff:ba:a8:
         37:0c:bb:ae:f4:4d:48:28:d1:42:86:df:db:3c:b3:7c:77:89:
         0b:28:ff:bc:01:ce:37:c2:49:52:80:b8:cf:dc:d9:25:54:42:
         61:00:01:57:d1:0c:6c:1e:e5:c2:47:46:3a:02:2b:a7:d4:56:
         57:6c:5b:e5:5b:43:cf:d6:19:fb:0a:99:2e:44:fc:f8:82:14:
         4b:b2:07:6c:fe:46:e4:a1:a6:6a:21:5a:7a:a2:e3:f4:9f:0a:
         9d:64:2b:58:9f:59:fb:ad:42:5b:52:c8:4a:bc:70:b6:a1:8f:
         e1:a9:d1:68:6f:27:ca:22:bd:9c:01:11:17:ed:74:c0:b9:ad:
         83:37:fb:c9:7d:53:70:ec:53:e3:04:f3:06:a3:6d:4b:c9:90:
         ab:d5:dd:4e:a4:15:e6:88:83:bb:90:89:b3:e0:74:11:13:e1:
         3c:d8:88:11:41:91:5d:24:7a:05:45:46:fb:f1:eb:15:89:da:
         99:f5:e5:55
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY0y0eONUXsFgBCVTqln4ZeEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTIyMjAxNzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDRjYmIwMDRjNmVkYjYxODBjYjQ1N2JmODgxOTc0MDk5MjYwY2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54dpcRrbfIJhYeRgfgdjAjyP1PXe
T6ZXBqCsV5fba3KeN+mjlFiIKI3wUQBelByA4qWZsTbSyyMUy4T+aa3X/zBZBNB2
VDzuvOLbHeZ3cDgwM3A8OlJGoGle6wcYOqkXzRc9Wg7d6NZwE1cD30CDo7xeTQcz
bGvQt41W+Eg0+0hF68JXA04rQgZ2za7VDEkiwf8by5u22M7UWQs7F3jU7UqE6mQc
M2eHqPLlOvNr3H3QrmTM0FmC4oxEidHwS5sYGstJjQAlcPXX18HB1D2fKEKdMEp6
IiEegPvdVoJZZxIxvQuRmUBVDD8GpWLryX6O039uhqKhg3veOtzwmW6fqQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE1MuwBMbtthgMtFe/iBl0CZJgz2MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVFV5N0FFeHUyMkdBeTBWNy1JR1hRSmttRFBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxWw
MA0GCSqGSIb3DQEBCwUAA4IBAQC/7A3E7P34BrXBjqDUrACa8yJgPcZCzDlA0FHz
JktVPA0IuTU0+1CxBfH6RHF0GQurG5cKfF/Mssh3UUOqCZ0Lm/pstDb/uqg3DLuu
9E1IKNFCht/bPLN8d4kLKP+8Ac43wklSgLjP3NklVEJhAAFX0QxsHuXCR0Y6Aiun
1FZXbFvlW0PP1hn7CpkuRPz4ghRLsgds/kbkoaZqIVp6ouP0nwqdZCtYn1n7rUJb
UshKvHC2oY/hqdFobyfKIr2cAREX7XTAua2DN/vJfVNw7FPjBPMGo21LyZCr1d1O
pBXmiIO7kImz4HQRE+E82IgRQZFdJHoFRUb78esVidqZ9eVV
-----END CERTIFICATE-----