Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/YdRqwjCmZB7WAuzhl4QedmM5iIc.roa
File:                     YdRqwjCmZB7WAuzhl4QedmM5iIc.roa (raw, json)
Hash identifier:          x5MNl7fzFpqXld0ancLeaCY6Pj92mWGEOkfzfYanfT0=
Subject key identifier:   61:D4:6A:C2:30:A6:64:1E:D6:02:EC:E1:97:84:1E:76:63:39:88:87
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCE837B118479AE16229BFC00C3B60
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/YdRqwjCmZB7WAuzhl4QedmM5iIc.roa
Signing time:             Tue 02 Jan 2024 10:34:09 +0000
ROA not before:           Tue 02 Jan 2024 10:34:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198016
IP address blocks:        2a0e:97c0:d00::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e8:37:b1:18:47:9a:e1:62:29:bf:c0:0c:3b:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61d46ac230a6641ed602ece197841e7663398887
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:68:ea:27:b5:31:81:1b:47:65:15:e5:5b:76:
                    0c:86:a0:14:8c:c4:82:e5:00:52:45:6e:8b:65:9e:
                    03:57:15:c4:f3:e3:0e:5e:48:43:25:8a:45:64:8d:
                    9e:bb:cd:35:e8:ab:26:aa:73:bf:cd:06:b3:c8:1d:
                    d3:7d:13:f6:21:70:30:19:fb:a7:6c:99:09:a8:b9:
                    2e:e7:6d:62:1b:29:08:cf:66:8b:4f:61:1c:85:1b:
                    b6:43:43:5d:d7:de:10:78:c5:ac:b2:17:fe:bf:c6:
                    03:3e:ea:6c:2f:27:76:e3:0b:4c:3d:7e:b8:b5:d3:
                    de:12:37:0c:8b:e7:d5:ff:82:e5:e4:ae:a6:b7:bd:
                    56:78:43:eb:9d:80:a9:44:44:48:59:6a:f3:f5:32:
                    96:8a:84:b0:8d:0a:60:11:cf:83:31:28:61:f9:16:
                    97:3a:f3:02:71:e6:9d:98:34:e9:ed:3a:53:31:54:
                    47:c9:f2:7b:6c:61:2a:47:89:8a:fc:f5:d2:96:99:
                    7d:1d:a3:27:86:a0:26:b5:b0:4e:74:7b:a4:82:f5:
                    57:94:99:6d:0b:86:7b:3b:76:98:0e:94:27:2f:63:
                    6e:d8:78:9b:c9:79:3d:5f:fb:b9:56:9e:8c:d4:f3:
                    71:a6:6d:3f:e8:23:5b:db:53:52:0e:81:05:27:c8:
                    e0:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:D4:6A:C2:30:A6:64:1E:D6:02:EC:E1:97:84:1E:76:63:39:88:87
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/YdRqwjCmZB7WAuzhl4QedmM5iIc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:d00::/44

    Signature Algorithm: sha256WithRSAEncryption
         cb:eb:88:f4:43:72:a6:a1:b7:6b:87:9f:ef:2c:94:df:4e:a3:
         c8:6d:d1:37:5f:5c:72:72:b4:b7:7e:05:e0:ee:46:18:7f:9e:
         7a:9a:40:f0:25:df:21:f6:90:78:12:67:52:2e:90:74:52:f3:
         ce:d4:0e:2c:ed:a8:fe:64:ca:66:80:97:ee:05:39:4e:73:a6:
         62:72:85:41:e9:94:29:4f:c7:e4:ab:b8:08:4b:af:e9:2f:25:
         ae:1b:a0:6d:12:08:f8:ef:5c:11:f6:41:be:9f:b7:91:a8:29:
         84:7e:3a:c2:3c:33:b3:bd:44:17:07:9c:85:ef:a4:a1:c5:c5:
         dd:45:d1:2e:29:b7:8e:a8:37:e3:34:b7:39:74:63:ab:2c:71:
         ac:9d:bf:b4:69:a9:d8:66:f9:0f:93:70:48:f0:8c:bb:db:4e:
         50:05:87:05:51:9b:30:98:e0:8a:51:ad:78:79:45:68:3d:f7:
         26:67:0c:0f:c8:08:7f:87:1e:bd:1e:91:60:98:9a:9b:9d:03:
         ac:a4:1f:de:04:f0:5f:b3:37:b5:90:38:4d:a4:4d:2b:2a:2b:
         6a:0c:0c:44:6a:88:0d:5a:dc:65:82:33:88:ca:00:f3:ad:bb:
         10:2e:75:8d:5d:b4:78:1d:db:2f:2b:a4:25:c9:c2:ce:4a:0f:
         17:64:70:fd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvOg3sRhHmuFiKb/ADDtgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWQ0NmFjMjMwYTY2NDFlZDYwMmVjZTE5Nzg0MWU3NjYzMzk4ODg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3GjqJ7UxgRtHZRXlW3YMhqAUjMSC
5QBSRW6LZZ4DVxXE8+MOXkhDJYpFZI2eu8016KsmqnO/zQazyB3TfRP2IXAwGfun
bJkJqLku521iGykIz2aLT2EchRu2Q0Nd194QeMWsshf+v8YDPupsLyd24wtMPX64
tdPeEjcMi+fV/4Ll5K6mt71WeEPrnYCpRERIWWrz9TKWioSwjQpgEc+DMShh+RaX
OvMCceadmDTp7TpTMVRHyfJ7bGEqR4mK/PXSlpl9HaMnhqAmtbBOdHukgvVXlJlt
C4Z7O3aYDpQnL2Nu2HibyXk9X/u5Vp6M1PNxpm0/6CNb21NSDoEFJ8jg8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGHUasIwpmQe1gLs4ZeEHnZjOYiHMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWWRScXdqQ21aQjdXQXV6aGw0UWVkbU01aUljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwA0A
MA0GCSqGSIb3DQEBCwUAA4IBAQDL64j0Q3Kmobdrh5/vLJTfTqPIbdE3X1xycrS3
fgXg7kYYf556mkDwJd8h9pB4EmdSLpB0UvPO1A4s7aj+ZMpmgJfuBTlOc6ZicoVB
6ZQpT8fkq7gIS6/pLyWuG6BtEgj471wR9kG+n7eRqCmEfjrCPDOzvUQXB5yF76Sh
xcXdRdEuKbeOqDfjNLc5dGOrLHGsnb+0aanYZvkPk3BI8Iy7205QBYcFUZswmOCK
Ua14eUVoPfcmZwwPyAh/hx69HpFgmJqbnQOspB/eBPBfsze1kDhNpE0rKitqDAxE
aogNWtxlgjOIygDzrbsQLnWNXbR4HdsvK6QlycLOSg8XZHD9
-----END CERTIFICATE-----