Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XTSH5eSmrAf6gRZ25fGZ2SwKifs.roa
File:                     XTSH5eSmrAf6gRZ25fGZ2SwKifs.roa (raw, json)
Hash identifier:          sFtjOdCmzhQDBPbEPwCr+WiNWtPt7ut3xu43uL7/1Gk=
Subject key identifier:   5D:34:87:E5:E4:A6:AC:07:FA:81:16:76:E5:F1:99:D9:2C:0A:89:FB
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCBE432C75F33DBB448091DFDF0510
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XTSH5eSmrAf6gRZ25fGZ2SwKifs.roa
Signing time:             Tue 02 Jan 2024 10:33:59 +0000
ROA not before:           Tue 02 Jan 2024 10:33:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5687
IP address blocks:        2a0e:b107:2130::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:be:43:2c:75:f3:3d:bb:44:80:91:df:df:05:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:33:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d3487e5e4a6ac07fa811676e5f199d92c0a89fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b0:69:15:d3:8f:4f:a8:d6:5e:86:eb:8d:0f:
                    7a:56:f8:53:c6:76:da:05:22:21:52:9a:a2:56:0b:
                    e0:68:06:6c:74:c4:ee:09:6b:ab:43:84:6f:19:44:
                    2f:e2:4d:d6:2f:87:14:47:20:52:d9:2a:19:20:11:
                    87:b4:dd:05:34:87:2d:c2:f2:af:81:0c:13:f0:d6:
                    72:3b:7f:28:36:94:82:cf:97:b2:0e:bd:56:7b:09:
                    8d:84:cb:81:11:be:4d:40:d0:e6:ce:e3:13:cb:81:
                    8a:d9:6b:f8:cd:d8:73:23:e9:cb:82:6e:43:6e:8a:
                    bc:37:02:5e:07:12:43:db:9e:a9:e2:24:c4:a2:83:
                    60:53:72:d7:ce:6e:00:0f:10:71:95:a0:5f:e2:ba:
                    90:cf:8e:8b:7a:89:96:e1:92:37:a7:16:1c:66:d9:
                    8f:a8:6f:ed:ca:7b:45:4a:bb:e5:c7:93:ee:4c:2f:
                    5f:11:03:bd:b9:a5:a9:3c:6c:11:92:72:69:06:11:
                    58:2d:c4:3e:e0:10:92:c0:54:0b:42:88:b3:25:5d:
                    76:be:8f:04:3f:3d:93:01:07:65:84:63:76:e2:50:
                    a4:7f:7a:f9:f4:05:dc:5f:1c:03:5a:2f:20:13:2e:
                    3b:81:22:30:51:68:58:cc:4b:91:91:d0:eb:15:7a:
                    bf:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:34:87:E5:E4:A6:AC:07:FA:81:16:76:E5:F1:99:D9:2C:0A:89:FB
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XTSH5eSmrAf6gRZ25fGZ2SwKifs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:2130::/44

    Signature Algorithm: sha256WithRSAEncryption
         21:b4:b6:56:ee:e3:d0:d3:a9:4a:99:6e:a4:06:26:bf:3f:93:
         7b:b4:ee:2f:ba:f1:c6:88:81:8f:36:02:5a:a6:df:ff:28:08:
         ee:15:f3:00:f3:45:f9:26:21:20:05:ee:97:e9:81:6f:00:02:
         86:bc:e2:33:8d:dc:be:4f:14:d7:95:e1:7e:48:c6:ee:c2:a8:
         b4:86:58:83:17:dd:95:7d:d9:20:17:19:4f:9c:9b:01:d7:44:
         ce:f8:e8:39:99:73:40:4b:15:6c:4c:7e:7e:7f:a1:82:55:ef:
         ec:f3:90:cd:59:4a:12:9e:6f:38:1d:65:0d:99:9b:4b:d3:b5:
         35:5f:4a:cb:92:4a:88:53:6d:75:e3:51:11:d9:b7:46:22:a1:
         5e:48:00:88:b8:a5:ce:24:32:e6:85:34:63:b0:03:7b:ce:f3:
         40:2d:30:9e:de:ee:b2:2e:0d:85:67:27:bd:0c:8f:63:00:03:
         a5:94:6a:23:e4:5f:e6:dc:f2:91:cd:0e:4f:65:1a:36:42:6a:
         aa:c0:26:c0:4f:67:60:e5:5a:14:1a:40:a1:c5:d4:d1:24:a1:
         5c:f6:09:1f:54:5b:fe:fe:5e:cf:97:d8:01:d0:8c:16:ec:b7:
         1e:ee:01:56:ef:f4:42:89:4b:5e:f5:a4:1b:a5:22:72:ee:f2:
         ce:3c:da:99
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvL5DLHXzPbtEgJHf3wUQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDM0ODdlNWU0YTZhYzA3ZmE4MTE2NzZlNWYxOTlkOTJjMGE4OWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrBpFdOPT6jWXobrjQ96VvhTxnba
BSIhUpqiVgvgaAZsdMTuCWurQ4RvGUQv4k3WL4cURyBS2SoZIBGHtN0FNIctwvKv
gQwT8NZyO38oNpSCz5eyDr1WewmNhMuBEb5NQNDmzuMTy4GK2Wv4zdhzI+nLgm5D
boq8NwJeBxJD256p4iTEooNgU3LXzm4ADxBxlaBf4rqQz46LeomW4ZI3pxYcZtmP
qG/tyntFSrvlx5PuTC9fEQO9uaWpPGwRknJpBhFYLcQ+4BCSwFQLQoizJV12vo8E
Pz2TAQdlhGN24lCkf3r59AXcXxwDWi8gEy47gSIwUWhYzEuRkdDrFXq/ywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF00h+XkpqwH+oEWduXxmdksCon7MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWFRTSDVlU21yQWY2Z1JaMjVmR1oyU3dLaWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xByEw
MA0GCSqGSIb3DQEBCwUAA4IBAQAhtLZW7uPQ06lKmW6kBia/P5N7tO4vuvHGiIGP
NgJapt//KAjuFfMA80X5JiEgBe6X6YFvAAKGvOIzjdy+TxTXleF+SMbuwqi0hliD
F92VfdkgFxlPnJsB10TO+Og5mXNASxVsTH5+f6GCVe/s85DNWUoSnm84HWUNmZtL
07U1X0rLkkqIU21141ER2bdGIqFeSACIuKXOJDLmhTRjsAN7zvNALTCe3u6yLg2F
Zye9DI9jAAOllGoj5F/m3PKRzQ5PZRo2QmqqwCbAT2dg5VoUGkChxdTRJKFc9gkf
VFv+/l7Pl9gB0IwW7Lce7gFW7/RCiUte9aQbpSJy7vLOPNqZ
-----END CERTIFICATE-----