Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VDedJ8WNccC-Y8G-TfDw2QjcI10.roa
File:                     VDedJ8WNccC-Y8G-TfDw2QjcI10.roa (raw, json)
Hash identifier:          tUHbT4gXOre0ecVm/H6jH/aCeNocAtgmszTLD4BsdUk=
Subject key identifier:   54:37:9D:27:C5:8D:71:C0:BE:63:C1:BE:4D:F0:F0:D9:08:DC:23:5D
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018EBD6540784FC37E83B8CE2EDF0789A52E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VDedJ8WNccC-Y8G-TfDw2QjcI10.roa
Signing time:             Mon 08 Apr 2024 11:08:33 +0000
ROA not before:           Mon 08 Apr 2024 11:08:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215192
IP address blocks:        2a0e:b107:28c0::/45 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:65:40:78:4f:c3:7e:83:b8:ce:2e:df:07:89:a5:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr  8 11:08:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=54379d27c58d71c0be63c1be4df0f0d908dc235d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:69:b3:e8:d1:b2:7b:2a:3d:c6:00:8b:4a:a1:
                    85:5f:9b:70:2b:e9:bc:90:61:2b:f6:be:ee:6a:1d:
                    7c:2d:a7:2c:fb:42:84:27:9c:76:8f:6d:4a:21:8a:
                    b9:52:cb:15:8d:75:aa:c7:d8:de:62:9c:d4:ca:c0:
                    f6:23:2d:7b:1d:a1:66:93:50:eb:31:36:b9:af:26:
                    90:fb:14:22:f5:8a:5d:78:a1:6a:8e:b1:f7:48:f1:
                    11:7a:19:cc:51:41:91:c0:98:42:f2:cb:ef:9b:fa:
                    8d:68:b3:bc:fa:26:7b:04:7e:75:f1:22:fb:44:ad:
                    ca:3f:1d:66:25:72:da:52:75:22:1e:9a:53:3f:a2:
                    1c:8a:8f:ce:6b:4b:e2:6e:3e:96:df:b5:51:30:dc:
                    10:f7:16:d4:fb:10:3c:01:6b:dc:db:8a:7f:50:86:
                    01:37:4f:e0:69:62:3a:4b:b5:7d:04:4c:4d:54:5f:
                    85:86:0e:44:b4:b4:aa:23:2e:66:df:09:23:c6:86:
                    4e:d6:78:76:76:01:c1:a0:e2:9b:76:84:20:a0:e8:
                    6b:dc:aa:fe:c5:73:75:d5:df:be:67:f2:bb:28:7b:
                    1d:33:8e:1d:6e:73:aa:23:f3:67:b5:06:61:72:e7:
                    1d:e2:c8:4e:1f:eb:38:5a:a6:5e:90:5e:d5:eb:cf:
                    d9:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:37:9D:27:C5:8D:71:C0:BE:63:C1:BE:4D:F0:F0:D9:08:DC:23:5D
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VDedJ8WNccC-Y8G-TfDw2QjcI10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:28c0::/45

    Signature Algorithm: sha256WithRSAEncryption
         3f:a7:87:77:f8:a9:92:80:d2:e7:b5:03:73:57:6c:00:e0:b9:
         8d:74:e4:37:2c:dc:8b:ca:a8:81:c3:fd:1a:95:ef:e6:e9:53:
         21:0e:92:dc:c8:34:67:f0:57:05:ac:54:4f:bb:27:e9:ff:1c:
         e6:b5:61:b4:1c:b2:6e:ab:81:9f:9a:b6:eb:46:44:37:c9:0d:
         0b:41:06:f8:2b:8b:8c:22:06:ae:2d:b1:fe:5c:12:07:3f:92:
         f6:35:77:e1:59:ba:18:b0:56:8c:3a:ff:89:ac:33:86:99:0f:
         b6:c8:16:e3:4c:7d:50:d0:51:0c:5c:51:d9:f6:6f:32:5b:9b:
         15:78:a3:51:77:47:26:89:b5:37:7a:09:a2:07:f5:87:b0:15:
         83:74:a0:fe:fb:47:04:47:37:31:5c:21:28:06:1a:06:26:d9:
         eb:92:e7:e4:1e:59:6e:b5:21:41:9a:97:86:d4:47:9c:6d:48:
         7f:9c:d4:48:74:08:21:c2:89:e3:51:5e:93:e7:bd:37:43:48:
         89:d6:a4:21:fc:ef:8f:4c:97:0f:c1:6d:0a:5b:1f:ae:80:75:
         de:0a:9b:f8:f0:d3:df:a4:61:15:ff:20:b9:4c:bf:29:36:8a:
         7b:d5:44:e3:13:87:9e:53:86:52:38:10:bd:ee:05:73:12:47:
         0f:5e:e1:fd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY69ZUB4T8N+g7jOLt8HiaUuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNDA4MTEwODMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDM3OWQyN2M1OGQ3MWMwYmU2M2MxYmU0ZGYwZjBkOTA4ZGMyMzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmmz6NGyeyo9xgCLSqGFX5twK+m8
kGEr9r7uah18Lacs+0KEJ5x2j21KIYq5UssVjXWqx9jeYpzUysD2Iy17HaFmk1Dr
MTa5ryaQ+xQi9YpdeKFqjrH3SPERehnMUUGRwJhC8svvm/qNaLO8+iZ7BH518SL7
RK3KPx1mJXLaUnUiHppTP6Icio/Oa0vibj6W37VRMNwQ9xbU+xA8AWvc24p/UIYB
N0/gaWI6S7V9BExNVF+Fhg5EtLSqIy5m3wkjxoZO1nh2dgHBoOKbdoQgoOhr3Kr+
xXN11d++Z/K7KHsdM44dbnOqI/NntQZhcucd4shOH+s4WqZekF7V68/ZgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFQ3nSfFjXHAvmPBvk3w8NkI3CNdMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVkRlZEo4V05jY0MtWThHLVRmRHcyUWpjSTEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcDKg6xByjA
MA0GCSqGSIb3DQEBCwUAA4IBAQA/p4d3+KmSgNLntQNzV2wA4LmNdOQ3LNyLyqiB
w/0ale/m6VMhDpLcyDRn8FcFrFRPuyfp/xzmtWG0HLJuq4GfmrbrRkQ3yQ0LQQb4
K4uMIgauLbH+XBIHP5L2NXfhWboYsFaMOv+JrDOGmQ+2yBbjTH1Q0FEMXFHZ9m8y
W5sVeKNRd0cmibU3egmiB/WHsBWDdKD++0cERzcxXCEoBhoGJtnrkufkHllutSFB
mpeG1EecbUh/nNRIdAghwonjUV6T5703Q0iJ1qQh/O+PTJcPwW0KWx+ugHXeCpv4
8NPfpGEV/yC5TL8pNop71UTjE4eeU4ZSOBC97gVzEkcPXuH9
-----END CERTIFICATE-----