Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XpX6ffnUGQ72WRSRJAWnQ6LMvA4.roa
File:                     XpX6ffnUGQ72WRSRJAWnQ6LMvA4.roa (raw, json)
Hash identifier:          meLJOJ5hYR1k8CQBXwd95jRTKz+Jecj/ZSgf2Q7WYjY=
Subject key identifier:   5E:95:FA:7D:F9:D4:19:0E:F6:59:14:91:24:05:A7:43:A2:CC:BC:0E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD52751DE7106711F7CC589D74E609
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XpX6ffnUGQ72WRSRJAWnQ6LMvA4.roa
Signing time:             Tue 02 Jan 2024 10:34:36 +0000
ROA not before:           Tue 02 Jan 2024 10:34:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215852
IP address blocks:        2a0e:97c0:630::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:52:75:1d:e7:10:67:11:f7:cc:58:9d:74:e6:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e95fa7df9d4190ef65914912405a743a2ccbc0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b7:ea:4d:93:c4:a7:00:7e:35:4b:31:f0:8c:
                    de:ae:cc:ac:46:73:b0:1e:f1:ac:bd:b9:fb:5c:9f:
                    c2:0b:f9:74:be:a5:b4:ff:4e:84:f2:f8:9d:14:81:
                    bb:4f:30:07:66:f8:33:34:a8:7a:5a:5b:a8:45:4c:
                    c8:4f:45:0c:45:d6:58:d9:16:3b:c2:60:55:04:35:
                    8a:ea:52:e1:a0:c4:48:6d:90:9a:dd:d8:64:f5:a0:
                    d5:d9:8b:f9:20:26:31:fb:99:ca:cc:71:6f:21:2b:
                    bd:35:74:11:68:e6:67:85:07:79:d2:43:33:92:5f:
                    5c:08:ed:46:53:d0:0a:06:ad:75:fd:45:22:80:a5:
                    6e:a3:bb:6d:3b:c0:b8:47:ea:13:18:59:37:3e:a6:
                    eb:55:93:d8:ec:29:87:4d:12:00:95:b5:1d:1a:a0:
                    07:d9:4e:4c:fd:ff:e4:21:18:77:c0:eb:19:f2:70:
                    a4:1c:40:69:53:d4:38:9a:ca:11:d0:3f:03:cc:fc:
                    41:e4:96:ff:95:7d:97:d7:d9:bd:99:31:35:b7:ed:
                    8f:16:be:86:e3:1e:be:9f:8e:fd:4a:44:71:88:b6:
                    29:7a:92:87:db:fa:40:88:94:1c:e7:79:8d:df:5b:
                    63:1a:cd:61:d9:05:63:e7:42:df:97:f2:c4:29:7d:
                    de:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:95:FA:7D:F9:D4:19:0E:F6:59:14:91:24:05:A7:43:A2:CC:BC:0E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XpX6ffnUGQ72WRSRJAWnQ6LMvA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:630::/44

    Signature Algorithm: sha256WithRSAEncryption
         a4:8d:04:c2:cd:aa:1f:1a:cc:75:2a:f5:25:47:66:43:a9:b8:
         94:c2:66:3e:07:6c:b0:f1:6c:34:e1:ba:ae:8a:9d:dc:92:38:
         04:5e:2d:e9:66:0c:01:63:57:f7:de:61:d9:28:5b:ea:7e:ee:
         d5:d9:b8:bb:46:ff:ca:69:4f:07:4b:9a:6a:19:88:22:96:99:
         cf:ff:3c:5e:8a:b1:50:6e:f1:42:64:6f:e0:88:04:19:ec:cd:
         62:22:df:d8:53:f4:38:6a:22:74:6d:8a:46:76:b3:9d:44:7f:
         b6:de:7c:2a:f9:b5:ed:7b:33:ae:57:96:89:9b:da:21:1a:22:
         7f:6a:8f:b5:5a:69:a1:1d:36:08:66:d7:ab:ca:04:11:1d:93:
         f3:b1:3b:60:eb:5f:be:38:34:17:fd:7e:b8:6c:52:c3:aa:1e:
         ad:66:41:28:12:f5:7d:ef:a6:70:18:95:db:2b:c9:1b:a2:eb:
         16:13:45:f6:16:1a:76:8b:f9:9c:c2:45:fd:6b:27:35:83:d8:
         98:68:d6:f1:a3:f9:10:28:01:f3:db:a6:b1:a6:c2:2c:68:83:
         c6:22:5e:96:03:4b:ae:5c:c6:45:f8:72:93:2f:1a:5d:98:c4:
         c0:4e:7e:15:06:c0:4d:cc:3e:00:a9:85:d4:08:83:e5:12:d2:
         00:26:81:5f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvVJ1HecQZxH3zFiddOYJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTk1ZmE3ZGY5ZDQxOTBlZjY1OTE0OTEyNDA1YTc0M2EyY2NiYzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrfqTZPEpwB+NUsx8IzersysRnOw
HvGsvbn7XJ/CC/l0vqW0/06E8vidFIG7TzAHZvgzNKh6WluoRUzIT0UMRdZY2RY7
wmBVBDWK6lLhoMRIbZCa3dhk9aDV2Yv5ICYx+5nKzHFvISu9NXQRaOZnhQd50kMz
kl9cCO1GU9AKBq11/UUigKVuo7ttO8C4R+oTGFk3PqbrVZPY7CmHTRIAlbUdGqAH
2U5M/f/kIRh3wOsZ8nCkHEBpU9Q4msoR0D8DzPxB5Jb/lX2X19m9mTE1t+2PFr6G
4x6+n479SkRxiLYpepKH2/pAiJQc53mN31tjGs1h2QVj50Lfl/LEKX3eBwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF6V+n351BkO9lkUkSQFp0OizLwOMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWHBYNmZmblVHUTcyV1JTUkpBV25RNkxNdkE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAYw
MA0GCSqGSIb3DQEBCwUAA4IBAQCkjQTCzaofGsx1KvUlR2ZDqbiUwmY+B2yw8Ww0
4bquip3ckjgEXi3pZgwBY1f33mHZKFvqfu7V2bi7Rv/KaU8HS5pqGYgilpnP/zxe
irFQbvFCZG/giAQZ7M1iIt/YU/Q4aiJ0bYpGdrOdRH+23nwq+bXtezOuV5aJm9oh
GiJ/ao+1WmmhHTYIZterygQRHZPzsTtg61++ODQX/X64bFLDqh6tZkEoEvV976Zw
GJXbK8kbousWE0X2Fhp2i/mcwkX9ayc1g9iYaNbxo/kQKAHz26axpsIsaIPGIl6W
A0uuXMZF+HKTLxpdmMTATn4VBsBNzD4AqYXUCIPlEtIAJoFf
-----END CERTIFICATE-----