Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_g2Btfzl8MPlhkCd1R6EcXMePf0.roa
File:                     _g2Btfzl8MPlhkCd1R6EcXMePf0.roa (raw, json)
Hash identifier:          rEF5AT/iigRQUBFt5w3jVgeF4RqCfSzczOC6WR/5pMY=
Subject key identifier:   FE:0D:81:B5:FC:E5:F0:C3:E5:86:40:9D:D5:1E:84:71:73:1E:3D:FD
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD569398AB6033E099E792185F93D8
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_g2Btfzl8MPlhkCd1R6EcXMePf0.roa
Signing time:             Tue 02 Jan 2024 10:34:38 +0000
ROA not before:           Tue 02 Jan 2024 10:34:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216182
IP address blocks:        2a0e:97c0:dd0::/44 maxlen: 48
                          2a06:de01:80::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:56:93:98:ab:60:33:e0:99:e7:92:18:5f:93:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fe0d81b5fce5f0c3e586409dd51e8471731e3dfd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:dd:64:60:94:bd:3c:42:6a:94:de:09:92:3f:
                    0b:71:ff:ae:ba:5f:60:d7:7f:33:ea:0e:fc:00:dd:
                    7a:c7:17:e3:05:57:bd:7e:e9:c9:92:8a:9b:9d:8a:
                    fc:64:24:79:b7:2c:c4:3d:f9:55:e3:85:63:90:e2:
                    a1:7d:c3:1a:3a:27:db:e3:55:1e:45:71:67:50:c0:
                    8b:d7:af:86:2d:76:e4:c4:9f:09:10:6e:f5:4a:2b:
                    5a:bd:de:d4:b8:79:fa:f4:7b:1c:b1:c5:92:c2:d7:
                    f0:4e:63:44:84:21:e1:08:c9:b5:1b:28:68:98:36:
                    8a:99:1e:d6:08:a5:75:0e:05:3b:3d:10:34:28:e9:
                    d3:ae:15:dd:00:d5:53:73:d8:fb:68:40:6a:13:3b:
                    22:f8:fd:3c:26:72:0a:df:c3:9d:b2:04:c9:1a:c7:
                    d0:81:4f:7c:d5:90:2d:c5:56:78:c0:57:c4:5f:bf:
                    09:82:7c:bc:de:30:8e:61:4e:49:61:bb:7d:a1:53:
                    e1:bb:ce:29:17:3e:cf:0d:70:49:dd:b1:53:e3:98:
                    3a:5d:a2:bf:6f:ec:d2:30:a8:4e:7d:44:8e:96:c7:
                    e2:72:da:23:b0:ad:d4:34:59:55:05:f7:c5:a2:49:
                    e5:04:9a:e8:a8:14:75:85:7a:dd:94:02:5c:a5:f2:
                    0f:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:0D:81:B5:FC:E5:F0:C3:E5:86:40:9D:D5:1E:84:71:73:1E:3D:FD
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_g2Btfzl8MPlhkCd1R6EcXMePf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de01:80::/44
                  2a0e:97c0:dd0::/44

    Signature Algorithm: sha256WithRSAEncryption
         87:b6:1a:1b:bd:75:6c:dc:63:d1:4f:2b:f7:6b:18:7f:fc:76:
         da:01:fd:6d:ca:37:a3:32:46:60:7b:38:ce:c9:77:44:cc:e3:
         63:14:4b:3c:22:66:e5:f7:47:1b:ff:d1:24:6a:6e:a7:1a:46:
         72:9b:15:7d:e9:32:67:d1:1e:82:60:cf:7b:f0:d8:b1:42:53:
         a2:a6:ec:94:3e:de:22:4d:84:b3:83:43:2d:c2:5f:33:07:79:
         b6:1d:a3:c7:2f:af:a1:2f:ac:60:bd:5c:32:3c:41:5a:d6:91:
         55:35:2a:c3:d6:eb:34:1e:1b:98:01:a1:cd:bf:a0:51:9b:70:
         6b:43:72:c6:bf:0b:87:73:d0:cd:3e:4a:48:34:cf:45:29:45:
         93:74:ed:67:75:d0:51:47:3b:23:f2:b2:db:0f:9f:d4:b3:ea:
         dc:8b:29:27:ab:d8:c7:88:7d:65:51:10:10:5b:0c:07:ee:31:
         5d:ae:8e:99:a0:ab:5e:6c:7a:85:ab:59:d4:84:21:26:bf:6f:
         a8:8d:3d:85:b7:3c:3f:e0:83:4b:d9:23:da:68:30:3d:ba:b5:
         86:0b:de:ab:cc:a2:98:8c:b8:7f:87:59:2d:39:cf:08:38:8e:
         d4:6a:e2:d9:94:34:b6:79:ca:bc:be:07:f5:49:9c:ec:2b:e8:
         8e:c7:72:93
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvVaTmKtgM+CZ55IYX5PYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTBkODFiNWZjZTVmMGMzZTU4NjQwOWRkNTFlODQ3MTczMWUzZGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAot1kYJS9PEJqlN4Jkj8Lcf+uul9g
138z6g78AN16xxfjBVe9funJkoqbnYr8ZCR5tyzEPflV44VjkOKhfcMaOifb41Ue
RXFnUMCL16+GLXbkxJ8JEG71Sitavd7UuHn69HscscWSwtfwTmNEhCHhCMm1Gyho
mDaKmR7WCKV1DgU7PRA0KOnTrhXdANVTc9j7aEBqEzsi+P08JnIK38OdsgTJGsfQ
gU981ZAtxVZ4wFfEX78Jgny83jCOYU5JYbt9oVPhu84pFz7PDXBJ3bFT45g6XaK/
b+zSMKhOfUSOlsfictojsK3UNFlVBffFoknlBJroqBR1hXrdlAJcpfIPawIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP4NgbX85fDD5YZAndUehHFzHj39MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvX2cyQnRmemw4TVBsaGtDZDFSNkVjWE1lUGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKgbeAQCA
AwcEKg6XwA3QMA0GCSqGSIb3DQEBCwUAA4IBAQCHthobvXVs3GPRTyv3axh//Hba
Af1tyjejMkZgezjOyXdEzONjFEs8Imbl90cb/9Ekam6nGkZymxV96TJn0R6CYM97
8NixQlOipuyUPt4iTYSzg0Mtwl8zB3m2HaPHL6+hL6xgvVwyPEFa1pFVNSrD1us0
HhuYAaHNv6BRm3BrQ3LGvwuHc9DNPkpINM9FKUWTdO1nddBRRzsj8rLbD5/Us+rc
iyknq9jHiH1lURAQWwwH7jFdro6ZoKtebHqFq1nUhCEmv2+ojT2Ftzw/4INL2SPa
aDA9urWGC96rzKKYjLh/h1ktOc8IOI7UauLZlDS2ecq8vgf1SZzsK+iOx3KT
-----END CERTIFICATE-----