Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Wt6QenSD834VwgnSKuSYzVcjIk4.roa
File:                     Wt6QenSD834VwgnSKuSYzVcjIk4.roa (raw, json)
Hash identifier:          FFtmEdQdKfFSSu1FvqavPsNLOQ4Sn4GWGuIX0IDreeM=
Subject key identifier:   5A:DE:90:7A:74:83:F3:7E:15:C2:09:D2:2A:E4:98:CD:57:23:22:4E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD08D90DCAA3CA5BDAD578FD0F82B5
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Wt6QenSD834VwgnSKuSYzVcjIk4.roa
Signing time:             Tue 02 Jan 2024 10:34:18 +0000
ROA not before:           Tue 02 Jan 2024 10:34:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204446
IP address blocks:        2a0e:b107:938::/48 maxlen: 48
                          2a0e:b107:930::/44 maxlen: 48
                          2a0e:b107:93a::/48 maxlen: 48
                          2a0e:b107:934::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:08:d9:0d:ca:a3:ca:5b:da:d5:78:fd:0f:82:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5ade907a7483f37e15c209d22ae498cd5723224e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c6:d2:6d:b3:20:3a:6d:ed:e1:8e:b0:6d:22:
                    49:6f:69:56:e9:04:7c:16:23:ba:22:f1:ca:9f:c7:
                    39:51:3a:e6:f4:db:60:1b:2e:2d:4a:5a:48:36:f7:
                    9c:29:b9:da:e9:72:a2:b3:a9:29:e1:2e:c6:32:e0:
                    41:82:36:86:25:0d:c2:f8:60:c3:9d:a3:e9:89:d0:
                    59:a9:a2:cf:96:2f:c1:07:8c:b0:46:9c:a7:f0:f5:
                    1e:c5:a7:3d:6e:33:0b:ff:c5:6a:3f:28:79:fb:ba:
                    c5:66:dd:3b:da:ed:7e:fe:c6:b3:07:81:39:7b:5d:
                    85:80:81:5b:39:f0:05:4c:5f:9b:56:ea:d1:9d:7e:
                    dc:12:6b:81:4e:0a:b9:f2:a0:aa:0b:0b:50:f4:b3:
                    ff:ab:84:da:ac:70:8d:58:07:0e:b7:d5:1e:ac:39:
                    a0:d3:e7:0e:50:d5:c2:c8:ea:44:2b:0b:f2:e4:be:
                    f6:5c:8b:60:22:86:34:07:21:4e:5d:2d:56:77:7b:
                    52:17:b9:3a:aa:0f:d0:12:bd:19:9d:7b:07:e2:ba:
                    33:53:ab:10:cb:b0:4c:d2:f9:2b:01:51:b2:ea:5f:
                    6a:ff:05:ea:fe:d1:d1:ef:d0:9b:b8:d6:3e:8d:9f:
                    5f:1f:c8:f0:e5:7f:97:a6:91:af:12:ca:66:ad:60:
                    67:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:DE:90:7A:74:83:F3:7E:15:C2:09:D2:2A:E4:98:CD:57:23:22:4E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Wt6QenSD834VwgnSKuSYzVcjIk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:930::/44

    Signature Algorithm: sha256WithRSAEncryption
         11:bd:cf:64:e8:58:db:83:2b:31:fe:69:96:94:89:ec:0c:aa:
         ce:1b:d4:1d:ec:f7:75:8b:13:6e:4f:af:9f:58:2e:6c:3a:ed:
         82:a5:33:06:9a:1b:32:59:46:27:8c:8f:83:77:38:44:13:a2:
         65:a3:cf:fe:dd:e5:12:d1:c9:b6:a2:45:59:44:fc:b5:ff:8d:
         4a:61:36:95:f8:ba:02:23:fe:48:47:cd:81:35:16:06:07:fe:
         07:91:f4:37:5b:62:d2:80:48:bb:9f:ad:c7:09:32:ab:ab:7a:
         20:8e:a2:c1:ed:a9:82:16:64:b7:79:9d:56:bb:69:b8:86:d3:
         e1:9b:91:ab:4e:72:32:ca:64:23:4b:98:21:cb:84:53:b1:55:
         6a:b3:51:19:b1:a2:e5:0a:ea:6b:ea:f7:75:0c:ec:ea:1f:0d:
         d9:05:13:41:40:25:dd:a4:d0:37:33:cc:6e:4c:d5:5e:32:d3:
         27:a5:f4:b0:13:bc:60:e7:6a:8f:a0:6a:e7:a9:3d:41:93:41:
         77:14:96:d8:75:17:2b:2c:30:ce:37:dc:9e:ff:4e:39:31:93:
         f7:5d:2c:0b:9b:44:c0:f3:1f:7d:5d:12:8b:3c:19:be:9d:b3:
         9d:89:29:18:46:79:1f:75:39:be:7a:43:8f:44:2c:84:8b:7d:
         0e:3a:3a:f2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvQjZDcqjylva1Xj9D4K1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWRlOTA3YTc0ODNmMzdlMTVjMjA5ZDIyYWU0OThjZDU3MjMyMjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcbSbbMgOm3t4Y6wbSJJb2lW6QR8
FiO6IvHKn8c5UTrm9NtgGy4tSlpINvecKbna6XKis6kp4S7GMuBBgjaGJQ3C+GDD
naPpidBZqaLPli/BB4ywRpyn8PUexac9bjML/8VqPyh5+7rFZt072u1+/sazB4E5
e12FgIFbOfAFTF+bVurRnX7cEmuBTgq58qCqCwtQ9LP/q4TarHCNWAcOt9UerDmg
0+cOUNXCyOpEKwvy5L72XItgIoY0ByFOXS1Wd3tSF7k6qg/QEr0ZnXsH4rozU6sQ
y7BM0vkrAVGy6l9q/wXq/tHR79CbuNY+jZ9fH8jw5X+XppGvEspmrWBnFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFrekHp0g/N+FcIJ0irkmM1XIyJOMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvV3Q2UWVuU0Q4MzRWd2duU0t1U1l6VmNqSWs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBwkw
MA0GCSqGSIb3DQEBCwUAA4IBAQARvc9k6Fjbgysx/mmWlInsDKrOG9Qd7Pd1ixNu
T6+fWC5sOu2CpTMGmhsyWUYnjI+DdzhEE6Jlo8/+3eUS0cm2okVZRPy1/41KYTaV
+LoCI/5IR82BNRYGB/4HkfQ3W2LSgEi7n63HCTKrq3ogjqLB7amCFmS3eZ1Wu2m4
htPhm5GrTnIyymQjS5ghy4RTsVVqs1EZsaLlCupr6vd1DOzqHw3ZBRNBQCXdpNA3
M8xuTNVeMtMnpfSwE7xg52qPoGrnqT1Bk0F3FJbYdRcrLDDON9ye/045MZP3XSwL
m0TA8x99XRKLPBm+nbOdiSkYRnkfdTm+ekOPRCyEi30OOjry
-----END CERTIFICATE-----