Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VQOMCXGyXyEHkkbnktObQYVtdxU.roa
File:                     VQOMCXGyXyEHkkbnktObQYVtdxU.roa (raw, json)
Hash identifier:          9nGYnOK85Z8ni1SRGa16iKkq/SFzM9CHlRFM0/ROiHs=
Subject key identifier:   55:03:8C:09:71:B2:5F:21:07:92:46:E7:92:D3:9B:41:85:6D:77:15
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018E11112CA3C645718CEEC2D5E316714DFB
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VQOMCXGyXyEHkkbnktObQYVtdxU.roa
Signing time:             Wed 06 Mar 2024 00:02:01 +0000
ROA not before:           Wed 06 Mar 2024 00:02:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212332
IP address blocks:        2a0e:b107:27b0::/45 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:11:11:2c:a3:c6:45:71:8c:ee:c2:d5:e3:16:71:4d:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Mar  6 00:02:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55038c0971b25f21079246e792d39b41856d7715
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7f:06:b6:d9:f1:1f:6e:b3:65:e8:41:40:35:
                    f6:6d:35:c4:2f:ba:77:8c:43:65:b1:1a:cb:9b:b4:
                    33:65:f9:e3:4f:42:ab:18:0e:60:46:86:12:26:4b:
                    71:d5:d6:76:5e:99:72:99:97:d5:98:a9:ac:46:60:
                    d2:0c:7b:82:cf:f6:00:ee:b0:0a:12:d1:60:f8:bb:
                    05:4e:b4:25:ae:8f:0f:31:b9:83:af:d5:76:e9:3f:
                    40:4d:21:f4:70:94:f9:d0:4d:f8:f6:78:e2:75:fd:
                    ad:c9:71:b9:2f:da:57:56:98:58:9d:8e:a9:af:4d:
                    3b:30:47:7b:8b:31:38:0d:99:8a:92:b2:58:9d:d8:
                    87:83:67:1f:ad:3d:30:37:63:a5:9c:ce:35:13:d2:
                    42:eb:e9:09:ad:d0:7c:40:cd:8d:6d:4c:78:33:6c:
                    f0:75:7c:4c:16:46:0a:cb:93:92:57:06:10:e9:71:
                    94:8a:31:1a:b2:e3:95:22:14:7f:05:ca:33:ab:06:
                    c7:5f:11:20:82:39:c3:3b:ae:fd:06:54:29:6d:ac:
                    53:9d:ff:c9:22:43:32:1a:71:6e:69:1a:ae:2e:2f:
                    88:63:84:bd:57:55:8f:4c:6f:44:68:b6:f4:6f:c9:
                    8d:0e:68:e4:4e:4b:8a:ed:6e:e6:b2:ad:18:c9:d3:
                    14:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:03:8C:09:71:B2:5F:21:07:92:46:E7:92:D3:9B:41:85:6D:77:15
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VQOMCXGyXyEHkkbnktObQYVtdxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:27b0::/45

    Signature Algorithm: sha256WithRSAEncryption
         c8:8b:65:86:52:6d:51:b5:77:a8:28:2d:37:60:ac:44:a3:33:
         fe:87:8e:db:6d:4f:c2:05:0f:1e:11:16:24:d3:80:09:10:ef:
         10:f3:46:aa:f6:cb:75:3b:89:87:df:d3:35:e5:47:d6:83:9a:
         ff:90:dc:0a:f3:c7:72:9b:77:c4:bf:49:b5:1a:a0:d9:0d:aa:
         6a:ef:9c:23:f8:b8:b9:bb:e1:d9:b3:80:e6:9f:11:d2:7c:18:
         8f:33:42:d0:25:1e:c1:b2:21:f1:8c:97:07:66:92:57:5e:5b:
         24:f2:0e:da:28:ac:c2:d3:b8:bd:87:f3:d1:b9:69:a1:fa:6c:
         5b:18:2d:47:47:9b:aa:ad:59:91:9d:ad:0d:97:22:50:68:8c:
         4f:12:b6:10:d7:48:73:8e:f8:1c:4a:c9:e0:a0:a8:95:bd:db:
         48:a4:fc:3f:bf:ea:70:a1:a9:21:d6:fe:ce:26:6e:f9:ae:c5:
         10:dd:fc:01:92:83:7f:57:6f:23:a5:f6:cf:aa:be:51:ee:76:
         3b:c9:2a:d4:fd:5d:f2:e6:1f:77:df:65:aa:3b:60:bc:26:28:
         13:68:b9:96:70:8f:7b:02:0f:c1:27:60:e0:58:a4:69:c6:cb:
         0e:85:9f:9d:61:08:7c:9f:c9:cb:37:22:6d:62:23:66:14:16:
         05:01:ea:2a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY4RESyjxkVxjO7C1eMWcU37MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMzA2MDAwMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTAzOGMwOTcxYjI1ZjIxMDc5MjQ2ZTc5MmQzOWI0MTg1NmQ3NzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApn8GttnxH26zZehBQDX2bTXEL7p3
jENlsRrLm7QzZfnjT0KrGA5gRoYSJktx1dZ2XplymZfVmKmsRmDSDHuCz/YA7rAK
EtFg+LsFTrQlro8PMbmDr9V26T9ATSH0cJT50E349njidf2tyXG5L9pXVphYnY6p
r007MEd7izE4DZmKkrJYndiHg2cfrT0wN2OlnM41E9JC6+kJrdB8QM2NbUx4M2zw
dXxMFkYKy5OSVwYQ6XGUijEasuOVIhR/BcozqwbHXxEggjnDO679BlQpbaxTnf/J
IkMyGnFuaRquLi+IY4S9V1WPTG9EaLb0b8mNDmjkTkuK7W7msq0YydMUoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFUDjAlxsl8hB5JG55LTm0GFbXcVMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVlFPTUNYR3lYeUVIa2tibmt0T2JRWVZ0ZHhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcDKg6xByew
MA0GCSqGSIb3DQEBCwUAA4IBAQDIi2WGUm1RtXeoKC03YKxEozP+h47bbU/CBQ8e
ERYk04AJEO8Q80aq9st1O4mH39M15UfWg5r/kNwK88dym3fEv0m1GqDZDapq75wj
+Li5u+HZs4DmnxHSfBiPM0LQJR7BsiHxjJcHZpJXXlsk8g7aKKzC07i9h/PRuWmh
+mxbGC1HR5uqrVmRna0NlyJQaIxPErYQ10hzjvgcSsngoKiVvdtIpPw/v+pwoakh
1v7OJm75rsUQ3fwBkoN/V28jpfbPqr5R7nY7ySrU/V3y5h9332WqO2C8JigTaLmW
cI97Ag/BJ2DgWKRpxssOhZ+dYQh8n8nLNyJtYiNmFBYFAeoq
-----END CERTIFICATE-----