Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/UoDQ-lhF0ZUUtpWfFOMELj78qgE.roa
File:                     UoDQ-lhF0ZUUtpWfFOMELj78qgE.roa (raw, json)
Hash identifier:          kOO9v/tgkGX57Qh1PgCLFVtsdOh+XvSD765++jengiA=
Subject key identifier:   52:80:D0:FA:58:45:D1:95:14:B6:95:9F:14:E3:04:2E:3E:FC:AA:01
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD4B25B86BCE8B26A11ED141109E55
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/UoDQ-lhF0ZUUtpWfFOMELj78qgE.roa
Signing time:             Tue 02 Jan 2024 10:34:35 +0000
ROA not before:           Tue 02 Jan 2024 10:34:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213064
IP address blocks:        2a0e:b107:b50::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:4b:25:b8:6b:ce:8b:26:a1:1e:d1:41:10:9e:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5280d0fa5845d19514b6959f14e3042e3efcaa01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:69:d4:d0:95:ca:1e:b8:7e:cf:f7:cf:46:b5:
                    a5:fb:98:59:b7:b6:ea:2d:38:93:58:77:e6:bd:20:
                    87:c2:7a:77:4f:4b:17:cc:f8:e8:d6:06:82:fe:0a:
                    0b:28:b3:53:ae:f2:30:47:58:58:3d:49:23:90:f4:
                    83:7a:0d:49:a2:37:82:49:ab:5c:a2:77:73:d3:a3:
                    b8:e4:87:e2:60:ae:e8:84:07:a5:54:07:e3:4c:75:
                    06:5a:2b:7e:82:4a:fd:57:18:59:6f:76:e7:a5:dc:
                    82:91:27:81:73:69:13:a8:5e:f3:3c:e9:71:aa:4b:
                    18:f4:06:23:e5:53:74:74:e0:40:0c:19:5f:06:fa:
                    d8:5e:ba:e4:33:0b:94:5c:32:d2:02:99:3a:b2:61:
                    e7:90:53:74:10:f7:a8:8b:43:71:0e:47:1d:e9:1d:
                    15:21:d1:a7:dc:fa:e4:41:ad:d3:25:4d:42:7d:54:
                    33:dd:95:2b:e0:7b:70:d3:ee:61:bf:91:6b:99:b6:
                    7d:8a:34:0a:a3:ed:73:3c:ee:24:38:6c:a0:ae:f0:
                    df:0a:50:ed:7e:c4:8b:53:c8:99:4a:30:9a:3e:7a:
                    b9:4c:c6:c8:d4:4a:f6:66:78:18:cf:de:12:57:75:
                    9f:a5:1a:59:59:65:93:aa:0f:21:32:76:7b:8f:f6:
                    bf:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:80:D0:FA:58:45:D1:95:14:B6:95:9F:14:E3:04:2E:3E:FC:AA:01
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/UoDQ-lhF0ZUUtpWfFOMELj78qgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:b50::/44

    Signature Algorithm: sha256WithRSAEncryption
         78:fd:5a:c7:de:a6:a1:de:06:e0:58:7e:f1:1d:4d:5a:d6:97:
         f5:05:f0:4e:52:23:c5:62:f8:b2:e7:39:f6:c2:d4:99:41:b0:
         ba:2c:e8:e4:a5:71:0e:6b:40:48:df:79:a6:cd:4f:01:28:95:
         ba:2d:47:5d:8c:63:d2:11:b0:8c:4e:57:c4:9c:ec:59:42:21:
         bb:63:a9:26:21:46:70:25:0d:6f:28:1a:aa:42:5a:9e:05:47:
         78:c5:0e:26:d9:39:04:68:c5:b0:c3:2d:dc:79:20:d7:90:40:
         1c:9d:1b:40:14:3e:cb:1a:bc:3c:a3:2d:34:b8:36:12:7a:96:
         f6:c1:22:03:f0:8a:a8:59:82:5d:9b:07:be:6f:c7:b3:77:19:
         e4:96:53:71:d9:a0:ce:cd:a0:c2:c0:6f:7c:85:fa:ce:27:7c:
         ac:2d:7e:a6:7c:2b:40:25:19:04:7f:40:1d:dd:5e:5c:15:dd:
         35:58:be:1a:d9:38:02:88:25:72:a4:3a:df:64:72:60:93:d3:
         68:e5:80:24:92:1c:b2:28:16:ed:51:78:ea:b9:73:b5:26:ab:
         69:f6:8f:f9:b2:fa:8e:51:b4:10:03:37:01:aa:96:4b:f2:87:
         c9:30:ee:b3:17:d1:3b:9c:ad:4a:e4:49:a6:d5:cd:c5:de:52:
         f7:3c:22:1d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvUsluGvOiyahHtFBEJ5VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjgwZDBmYTU4NDVkMTk1MTRiNjk1OWYxNGUzMDQyZTNlZmNhYTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjmnU0JXKHrh+z/fPRrWl+5hZt7bq
LTiTWHfmvSCHwnp3T0sXzPjo1gaC/goLKLNTrvIwR1hYPUkjkPSDeg1JojeCSatc
ondz06O45IfiYK7ohAelVAfjTHUGWit+gkr9VxhZb3bnpdyCkSeBc2kTqF7zPOlx
qksY9AYj5VN0dOBADBlfBvrYXrrkMwuUXDLSApk6smHnkFN0EPeoi0NxDkcd6R0V
IdGn3PrkQa3TJU1CfVQz3ZUr4Htw0+5hv5FrmbZ9ijQKo+1zPO4kOGygrvDfClDt
fsSLU8iZSjCaPnq5TMbI1Er2ZngYz94SV3WfpRpZWWWTqg8hMnZ7j/a/RQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFKA0PpYRdGVFLaVnxTjBC4+/KoBMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVW9EUS1saEYwWlVVdHBXZkZPTUVMajc4cWdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBwtQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB4/VrH3qah3gbgWH7xHU1a1pf1BfBOUiPFYviy
5zn2wtSZQbC6LOjkpXEOa0BI33mmzU8BKJW6LUddjGPSEbCMTlfEnOxZQiG7Y6km
IUZwJQ1vKBqqQlqeBUd4xQ4m2TkEaMWwwy3ceSDXkEAcnRtAFD7LGrw8oy00uDYS
epb2wSID8IqoWYJdmwe+b8ezdxnkllNx2aDOzaDCwG98hfrOJ3ysLX6mfCtAJRkE
f0Ad3V5cFd01WL4a2TgCiCVypDrfZHJgk9No5YAkkhyyKBbtUXjquXO1Jqtp9o/5
svqOUbQQAzcBqpZL8ofJMO6zF9E7nK1K5Emm1c3F3lL3PCId
-----END CERTIFICATE-----