Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VYNrX0T2Vlg8FdGQHW6b0jtXgH0.roa
File:                     VYNrX0T2Vlg8FdGQHW6b0jtXgH0.roa (raw, json)
Hash identifier:          poOTV47ObjQPUCjLpt643IE6QuiXMB8X50P0r+rU7Gk=
Subject key identifier:   55:83:6B:5F:44:F6:56:58:3C:15:D1:90:1D:6E:9B:D2:3B:57:80:7D
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD15F75970DAE3262C9CA176E64050
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VYNrX0T2Vlg8FdGQHW6b0jtXgH0.roa
Signing time:             Tue 02 Jan 2024 10:34:21 +0000
ROA not before:           Tue 02 Jan 2024 10:34:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207740
IP address blocks:        2a0e:b107:198::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:15:f7:59:70:da:e3:26:2c:9c:a1:76:e6:40:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55836b5f44f656583c15d1901d6e9bd23b57807d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ae:ad:4a:cd:c4:c9:2a:93:e6:70:de:ed:9e:
                    19:7d:a1:83:fe:1c:d9:b1:6f:0f:3c:f6:3c:47:dd:
                    41:9b:52:19:6a:74:c5:94:39:a8:3e:5b:96:f6:7b:
                    06:19:4b:b1:85:c6:df:e3:ce:9a:ca:a5:f4:33:87:
                    1a:d3:7d:f9:e9:e0:8c:93:66:1c:03:46:ff:e4:2b:
                    e8:b8:04:b3:c9:e4:65:13:3a:c5:18:14:f4:4d:84:
                    c3:9c:28:cb:24:1f:0b:52:71:cc:5e:9a:e1:3a:43:
                    7f:9a:c6:ce:a6:86:8e:5a:93:57:63:4a:21:6b:2b:
                    41:62:98:9e:67:13:94:ed:87:45:03:a3:5c:28:d3:
                    9d:64:03:86:5c:70:81:02:c0:83:c9:05:f0:63:5f:
                    b0:1a:94:cf:cd:2c:b3:a3:fd:d1:e1:b4:0c:ea:01:
                    58:b6:9a:4f:5f:38:d4:ca:51:c2:91:98:b3:f1:04:
                    5c:74:92:5c:c1:1d:1f:ee:a9:eb:1b:69:d4:2d:98:
                    48:7b:c1:0e:51:98:4f:7b:97:de:0c:5e:9e:f6:15:
                    53:f6:f3:b3:87:34:0f:68:bc:70:b6:5e:ea:a4:e4:
                    9f:e6:a8:57:37:50:98:ae:ca:64:e7:2f:7d:1c:0b:
                    19:38:72:a1:04:34:98:b1:bc:c8:6e:c9:5a:2c:c0:
                    21:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:83:6B:5F:44:F6:56:58:3C:15:D1:90:1D:6E:9B:D2:3B:57:80:7D
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/VYNrX0T2Vlg8FdGQHW6b0jtXgH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:198::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:dd:45:f2:c1:40:45:f5:ea:9a:d8:b3:de:8c:97:10:c8:05:
         73:9d:8f:df:a3:cc:12:17:45:9d:48:8f:72:a5:db:08:9a:bf:
         73:3c:81:ae:81:d7:02:5c:7a:15:a2:ec:0e:32:4d:3d:0f:b1:
         05:5a:fe:72:8a:c2:2e:f0:ed:f7:a8:c9:d0:83:fc:1a:3d:73:
         26:18:df:5e:74:b0:fd:82:c7:de:ef:61:9f:0c:88:52:7b:2d:
         ff:c4:61:12:ac:c8:82:4a:95:f3:33:53:e4:21:b4:f6:70:c8:
         89:89:f8:40:32:25:51:69:cf:5d:74:4f:9e:fe:50:24:a5:5b:
         63:30:64:ef:6a:80:76:b0:a1:c7:34:cb:d8:73:ed:fc:79:80:
         bf:0c:29:c0:83:64:28:82:d7:44:39:37:4a:94:84:15:1d:04:
         4e:12:0f:e5:56:21:63:f9:85:00:08:3a:f5:d0:70:7d:e8:33:
         90:29:26:19:e1:18:03:d1:a0:43:d3:0f:82:00:e8:ee:11:eb:
         f6:5b:32:ff:13:67:3c:f0:eb:ed:fb:fc:f6:ea:9b:3d:62:24:
         12:09:8b:fd:05:30:2c:5f:b9:1a:00:c9:f9:13:b6:59:ef:04:
         23:17:d7:3f:19:dd:9e:d0:c6:55:31:cd:ae:14:26:ca:9f:d6:
         a2:25:72:a8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvRX3WXDa4yYsnKF25kBQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTgzNmI1ZjQ0ZjY1NjU4M2MxNWQxOTAxZDZlOWJkMjNiNTc4MDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAva6tSs3EySqT5nDe7Z4ZfaGD/hzZ
sW8PPPY8R91Bm1IZanTFlDmoPluW9nsGGUuxhcbf486ayqX0M4ca03356eCMk2Yc
A0b/5CvouASzyeRlEzrFGBT0TYTDnCjLJB8LUnHMXprhOkN/msbOpoaOWpNXY0oh
aytBYpieZxOU7YdFA6NcKNOdZAOGXHCBAsCDyQXwY1+wGpTPzSyzo/3R4bQM6gFY
tppPXzjUylHCkZiz8QRcdJJcwR0f7qnrG2nULZhIe8EOUZhPe5feDF6e9hVT9vOz
hzQPaLxwtl7qpOSf5qhXN1CYrspk5y99HAsZOHKhBDSYsbzIbslaLMAhxQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFWDa19E9lZYPBXRkB1um9I7V4B9MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVllOclgwVDJWbGc4RmRHUUhXNmIwanRYZ0gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBwGY
MA0GCSqGSIb3DQEBCwUAA4IBAQBY3UXywUBF9eqa2LPejJcQyAVznY/fo8wSF0Wd
SI9ypdsImr9zPIGugdcCXHoVouwOMk09D7EFWv5yisIu8O33qMnQg/waPXMmGN9e
dLD9gsfe72GfDIhSey3/xGESrMiCSpXzM1PkIbT2cMiJifhAMiVRac9ddE+e/lAk
pVtjMGTvaoB2sKHHNMvYc+38eYC/DCnAg2QogtdEOTdKlIQVHQROEg/lViFj+YUA
CDr10HB96DOQKSYZ4RgD0aBD0w+CAOjuEev2WzL/E2c88Ovt+/z26ps9YiQSCYv9
BTAsX7kaAMn5E7ZZ7wQjF9c/Gd2e0MZVMc2uFCbKn9aiJXKo
-----END CERTIFICATE-----