Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_NyfomIdI4Fhf5OSCc1HHsyetYk.roa
File:                     _NyfomIdI4Fhf5OSCc1HHsyetYk.roa (raw, json)
Hash identifier:          IoXo99QfS+Ua8FwItiJjLggqILHlfL6xsvW0sqE7RD8=
Subject key identifier:   FC:DC:9F:A2:62:1D:23:81:61:7F:93:92:09:CD:47:1E:CC:9E:B5:89
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD025AC1B2D5B7E0783DC8A07E126F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_NyfomIdI4Fhf5OSCc1HHsyetYk.roa
Signing time:             Tue 02 Jan 2024 10:34:16 +0000
ROA not before:           Tue 02 Jan 2024 10:34:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203074
IP address blocks:        2a0e:97c0:4b0::/48 maxlen: 48
                          2a0e:97c0:4b3::/48 maxlen: 48
                          2a0e:97c0:4b1::/48 maxlen: 48
                          2a0e:97c0:4b2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:02:5a:c1:b2:d5:b7:e0:78:3d:c8:a0:7e:12:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcdc9fa2621d2381617f939209cd471ecc9eb589
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:66:d1:c1:69:24:03:21:0e:c7:1c:fe:1a:03:
                    2f:09:9a:04:7a:6e:bb:95:32:9c:4b:ef:ab:78:0a:
                    30:96:8f:90:1e:02:ad:a4:9f:55:ba:c7:ad:66:65:
                    33:ce:21:30:be:34:ba:5b:60:94:1c:d5:21:d8:d9:
                    02:31:c1:c7:4e:50:a5:0b:ee:86:69:cc:a7:84:ae:
                    4a:4f:47:05:77:78:b9:f0:d2:47:18:c1:99:86:46:
                    6f:27:28:76:39:80:67:3e:8b:6b:99:8c:c8:5f:0d:
                    92:60:a9:ba:25:ec:d0:db:9c:f8:0d:9e:86:68:29:
                    96:59:c4:49:14:fa:80:69:ea:cf:1a:a0:34:c3:2f:
                    87:25:89:12:93:e3:0d:4b:06:b1:64:88:5c:d4:79:
                    a1:1b:f9:99:8b:3c:8e:fa:f1:9e:f2:3b:44:0f:18:
                    a2:9e:a5:8c:86:83:9d:09:3b:a5:42:40:25:03:50:
                    bb:9b:93:03:7c:4a:6f:18:bf:df:81:d8:3b:99:9b:
                    96:c8:ed:09:e9:58:7c:27:7a:0e:39:40:f6:f7:04:
                    d4:0c:22:bb:29:e8:77:a5:77:47:90:97:e9:6a:26:
                    35:83:47:35:84:7f:cf:95:7a:e2:d9:24:3c:e3:54:
                    fd:9d:39:bf:e9:18:fd:ce:23:24:40:39:76:04:e6:
                    d5:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:DC:9F:A2:62:1D:23:81:61:7F:93:92:09:CD:47:1E:CC:9E:B5:89
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_NyfomIdI4Fhf5OSCc1HHsyetYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:4b0::/46

    Signature Algorithm: sha256WithRSAEncryption
         18:cc:02:6a:aa:2d:4b:e0:77:a9:eb:92:86:39:e1:4a:37:62:
         58:7c:2c:82:54:9a:36:9a:64:d4:72:d2:4c:6d:54:ee:a6:3d:
         5b:87:9e:0b:c3:9f:5a:44:7d:da:32:71:fd:ed:76:57:12:76:
         ac:ab:7e:09:9d:0f:1e:6c:10:26:69:74:e9:00:02:ed:c6:a7:
         be:68:8f:f0:cc:b0:de:8f:b2:e1:5e:1a:e4:ed:a6:6e:a1:61:
         0d:55:f4:88:47:34:08:58:ce:45:29:dd:45:2d:4f:e4:bb:a7:
         5e:9b:11:a3:91:af:4e:82:b0:17:a3:4a:99:9c:3a:4a:e3:f2:
         90:0e:26:81:b7:e3:84:9a:b4:30:06:54:7d:40:f8:67:75:66:
         5a:d5:79:67:1a:a9:bb:27:f7:a9:b9:cf:36:ca:14:6c:d0:48:
         f9:ce:4e:55:fc:4b:2d:82:1c:85:df:47:c4:b9:f2:37:82:76:
         0b:df:3c:5a:69:9c:8a:14:74:5c:d4:86:fd:35:ef:00:09:fc:
         d9:ab:46:f4:cd:07:10:42:4e:89:58:34:4b:44:ad:7a:6c:6c:
         5f:df:4b:ca:1c:ed:69:c0:7c:66:1e:a6:a8:75:39:fa:ae:af:
         74:45:28:1b:7e:5d:14:6d:c1:6e:c1:24:6f:47:1b:b8:42:77:
         b3:d6:fe:f2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvQJawbLVt+B4PcigfhJvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2RjOWZhMjYyMWQyMzgxNjE3ZjkzOTIwOWNkNDcxZWNjOWViNTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2bRwWkkAyEOxxz+GgMvCZoEem67
lTKcS++reAowlo+QHgKtpJ9VusetZmUzziEwvjS6W2CUHNUh2NkCMcHHTlClC+6G
acynhK5KT0cFd3i58NJHGMGZhkZvJyh2OYBnPotrmYzIXw2SYKm6JezQ25z4DZ6G
aCmWWcRJFPqAaerPGqA0wy+HJYkSk+MNSwaxZIhc1HmhG/mZizyO+vGe8jtEDxii
nqWMhoOdCTulQkAlA1C7m5MDfEpvGL/fgdg7mZuWyO0J6Vh8J3oOOUD29wTUDCK7
Keh3pXdHkJfpaiY1g0c1hH/PlXri2SQ841T9nTm/6Rj9ziMkQDl2BObVLQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPzcn6JiHSOBYX+TkgnNRx7MnrWJMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvX055Zm9tSWRJNEZoZjVPU0NjMUhIc3lldFlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKg6XwASw
MA0GCSqGSIb3DQEBCwUAA4IBAQAYzAJqqi1L4Hep65KGOeFKN2JYfCyCVJo2mmTU
ctJMbVTupj1bh54Lw59aRH3aMnH97XZXEnasq34JnQ8ebBAmaXTpAALtxqe+aI/w
zLDej7LhXhrk7aZuoWENVfSIRzQIWM5FKd1FLU/ku6demxGjka9OgrAXo0qZnDpK
4/KQDiaBt+OEmrQwBlR9QPhndWZa1XlnGqm7J/epuc82yhRs0Ej5zk5V/EstghyF
30fEufI3gnYL3zxaaZyKFHRc1Ib9Ne8ACfzZq0b0zQcQQk6JWDRLRK16bGxf30vK
HO1pwHxmHqaodTn6rq90RSgbfl0UbcFuwSRvRxu4Qnez1v7y
-----END CERTIFICATE-----