Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_WoFQ4TS6FhUggck7A541LeKB2k.roa
File:                     _WoFQ4TS6FhUggck7A541LeKB2k.roa (raw, json)
Hash identifier:          CJ2oBkRWEXwm/WPf8KbdX6nbaMed42ybOpWHeuqnt1s=
Subject key identifier:   FD:6A:05:43:84:D2:E8:58:54:82:07:24:EC:0E:78:D4:B7:8A:07:69
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD1B3B534A2A54D1B288D236735E65
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_WoFQ4TS6FhUggck7A541LeKB2k.roa
Signing time:             Tue 02 Jan 2024 10:34:22 +0000
ROA not before:           Tue 02 Jan 2024 10:34:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209105
IP address blocks:        2a10:2f00:17f::/48 maxlen: 48
                          2a0e:b102:170::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:1b:3b:53:4a:2a:54:d1:b2:88:d2:36:73:5e:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd6a054384d2e85854820724ec0e78d4b78a0769
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:4e:b4:1e:8b:6f:91:24:13:c8:5f:8f:1a:4d:
                    df:fe:19:c8:e0:10:6d:25:5d:83:ac:2d:d7:83:0a:
                    8e:f8:d8:3a:fe:0f:06:e7:39:78:24:3d:6e:c5:e0:
                    61:06:6f:9b:0a:20:30:19:d3:2d:18:b3:7d:15:78:
                    b1:59:be:04:ca:18:96:05:59:c7:f8:1d:b0:12:15:
                    fd:54:e9:3d:91:cd:a3:2b:60:7e:7f:89:46:77:77:
                    29:6c:c5:92:be:45:06:50:88:fb:4e:ee:18:14:75:
                    ba:5d:ce:d6:48:a5:ca:c8:9c:27:21:2d:86:2c:69:
                    0c:ba:e6:50:f1:4b:8c:b9:92:e3:a0:ee:ed:7c:75:
                    37:9f:b1:e3:f3:0d:e2:63:74:ec:b9:6f:41:74:6e:
                    c3:a9:fb:b9:fd:6a:b0:97:bf:27:69:ca:49:d9:7a:
                    21:6e:86:86:3f:da:da:db:77:c3:33:ff:2b:5b:7d:
                    9f:ae:81:97:02:d7:a6:33:38:f4:ff:af:f5:8e:37:
                    6f:1e:a1:43:24:ae:83:39:b6:06:11:b8:42:ca:12:
                    85:56:3f:95:ad:c9:b3:cb:bc:1c:36:95:b0:56:ee:
                    1a:d6:05:3c:a9:88:b7:a2:9f:d5:08:3e:c0:0d:89:
                    c5:3f:fe:09:cf:8b:ba:b6:e2:38:3e:cf:a0:44:82:
                    0f:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:6A:05:43:84:D2:E8:58:54:82:07:24:EC:0E:78:D4:B7:8A:07:69
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_WoFQ4TS6FhUggck7A541LeKB2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b102:170::/44
                  2a10:2f00:17f::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:1a:e3:91:99:40:6e:c7:c1:9d:1b:81:9d:4f:0a:68:ae:5e:
         62:03:23:41:f6:aa:fb:97:b8:f9:c7:6f:7e:e9:37:01:1f:49:
         f1:4c:09:c4:73:10:55:c7:a6:97:50:02:e3:53:02:6c:60:3a:
         02:2a:14:ca:93:23:f5:ef:1f:6f:25:32:24:98:f7:10:f8:0e:
         5a:d4:11:fc:50:de:27:1b:61:87:a8:5a:47:30:af:fa:5c:73:
         4d:1b:b9:0b:df:c9:d9:7c:58:27:06:a0:bc:9a:90:e5:83:c3:
         03:6a:e0:9c:14:d7:80:21:73:af:ea:16:7c:31:81:a1:a6:b5:
         1f:06:5a:ec:6d:e0:0e:ea:fc:a9:24:8e:a5:1c:e6:b5:60:2e:
         d3:97:62:5c:6c:03:11:e7:91:b1:01:45:47:a1:a0:ab:34:94:
         3e:92:e6:59:cb:e4:75:fd:f9:21:9d:19:3f:e8:b6:a6:0e:ec:
         db:35:0b:6f:74:9c:74:77:0b:71:15:a1:56:a5:49:d8:7b:b7:
         94:c5:c4:45:28:ae:37:1c:2c:de:2c:4b:38:20:bb:86:9f:8f:
         05:c2:fa:b8:81:1d:ef:8a:9d:55:6c:c1:87:c8:e8:1b:ea:84:
         69:5f:03:d8:75:cb:c3:5c:c5:67:10:4e:d4:c9:13:e1:14:c9:
         6e:e7:45:50
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvRs7U0oqVNGyiNI2c15lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDZhMDU0Mzg0ZDJlODU4NTQ4MjA3MjRlYzBlNzhkNGI3OGEwNzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjU60HotvkSQTyF+PGk3f/hnI4BBt
JV2DrC3XgwqO+Ng6/g8G5zl4JD1uxeBhBm+bCiAwGdMtGLN9FXixWb4EyhiWBVnH
+B2wEhX9VOk9kc2jK2B+f4lGd3cpbMWSvkUGUIj7Tu4YFHW6Xc7WSKXKyJwnIS2G
LGkMuuZQ8UuMuZLjoO7tfHU3n7Hj8w3iY3TsuW9BdG7Dqfu5/Wqwl78nacpJ2Xoh
boaGP9ra23fDM/8rW32froGXAtemMzj0/6/1jjdvHqFDJK6DObYGEbhCyhKFVj+V
rcmzy7wcNpWwVu4a1gU8qYi3op/VCD7ADYnFP/4Jz4u6tuI4Ps+gRIIPBwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP1qBUOE0uhYVIIHJOwOeNS3igdpMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvX1dvRlE0VFM2RmhVZ2djazdBNTQxTGVLQjJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6xAgFw
AwcAKhAvAAF/MA0GCSqGSIb3DQEBCwUAA4IBAQATGuORmUBux8GdG4GdTwporl5i
AyNB9qr7l7j5x29+6TcBH0nxTAnEcxBVx6aXUALjUwJsYDoCKhTKkyP17x9vJTIk
mPcQ+A5a1BH8UN4nG2GHqFpHMK/6XHNNG7kL38nZfFgnBqC8mpDlg8MDauCcFNeA
IXOv6hZ8MYGhprUfBlrsbeAO6vypJI6lHOa1YC7Tl2JcbAMR55GxAUVHoaCrNJQ+
kuZZy+R1/fkhnRk/6LamDuzbNQtvdJx0dwtxFaFWpUnYe7eUxcRFKK43HCzeLEs4
ILuGn48Fwvq4gR3vip1VbMGHyOgb6oRpXwPYdcvDXMVnEE7UyRPhFMlu50VQ
-----END CERTIFICATE-----