Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_unS654WhCTbOUG4albyGAr-a0A.roa
File:                     _unS654WhCTbOUG4albyGAr-a0A.roa (raw, json)
Hash identifier:          96mMnABACzPTxG903wieQ4Hrjds/yIy5pxHR+F0ddq4=
Subject key identifier:   FE:E9:D2:EB:9E:16:84:24:DB:39:41:B8:6A:56:F2:18:0A:FE:6B:40
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD288F69F6C477C1AFE2CAC938C26A
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_unS654WhCTbOUG4albyGAr-a0A.roa
Signing time:             Tue 02 Jan 2024 10:34:26 +0000
ROA not before:           Tue 02 Jan 2024 10:34:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210667
IP address blocks:        2a0e:b107:1788::/48 maxlen: 48
                          2a0e:97c0:a40::/44 maxlen: 48
                          2a0e:97c0:a44::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:28:8f:69:f6:c4:77:c1:af:e2:ca:c9:38:c2:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fee9d2eb9e168424db3941b86a56f2180afe6b40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:15:ba:70:2f:af:61:7e:72:09:6b:e9:57:f3:
                    70:43:5a:51:7c:8d:52:63:7f:0a:19:d4:21:e0:90:
                    05:67:1c:df:b2:0d:8c:35:9c:4a:06:7e:c5:15:8a:
                    e3:54:0b:8d:57:28:5b:04:86:5f:52:7b:be:81:3e:
                    36:d4:63:1b:8e:ae:81:e8:a8:b1:8d:41:92:3b:3f:
                    bd:d8:90:7e:ee:4a:be:f1:b3:3d:93:40:26:8e:ff:
                    66:e5:4a:b2:e6:27:ef:61:d7:1d:7e:18:38:b8:dd:
                    8a:4f:1e:ae:62:93:01:7b:16:f7:39:2e:e5:9b:e9:
                    aa:c3:cb:ac:ca:fa:87:34:8f:8b:2b:c9:92:45:b9:
                    39:c0:1c:c7:2b:5a:53:72:1b:39:c1:bc:89:3f:21:
                    2c:df:a2:32:13:c2:52:e2:cc:37:07:36:b6:db:3e:
                    79:bf:ba:c2:bc:28:0a:c0:96:75:a9:9b:b7:0c:e6:
                    41:9b:58:49:50:c3:77:f3:85:eb:12:66:f9:27:05:
                    a2:38:67:e5:32:1b:12:0e:82:f7:6f:ac:f3:46:d4:
                    2c:13:ef:53:f6:4d:60:32:5a:71:22:cc:a3:8b:11:
                    f1:34:40:95:aa:f9:c2:5a:2f:99:f5:23:c2:23:c3:
                    a8:6b:32:a7:c0:f2:fa:98:b7:ca:84:b8:1a:27:21:
                    d9:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:E9:D2:EB:9E:16:84:24:DB:39:41:B8:6A:56:F2:18:0A:FE:6B:40
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_unS654WhCTbOUG4albyGAr-a0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:a40::/44
                  2a0e:b107:1788::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:9f:84:f0:cb:e6:a6:79:b3:b8:b1:bf:07:de:65:4a:5a:f9:
         b8:d1:86:5c:bd:b5:50:92:fa:7c:44:04:97:0b:fa:32:2a:e7:
         30:e5:a6:22:9b:da:85:26:90:af:dd:e4:3d:7f:5c:1c:e1:f6:
         4a:24:28:82:65:03:8f:5f:f3:f0:a0:52:78:18:36:80:fc:4e:
         03:f8:8e:eb:1b:76:41:f8:63:23:ef:6d:e4:d4:41:0a:40:6f:
         7e:77:ad:17:f7:62:91:bd:63:b0:0e:c3:d3:3a:8d:d6:8e:93:
         f9:e5:47:e1:53:87:d5:ba:ae:1e:aa:95:b0:e2:74:d5:87:ae:
         eb:f0:2a:94:46:94:30:5e:36:90:25:db:52:81:08:db:45:8e:
         ce:46:a2:63:92:cd:e9:53:6c:97:fc:b6:8b:32:76:8f:d5:6e:
         76:7b:4e:45:57:8a:76:25:6e:16:1b:58:5c:6a:05:de:64:38:
         19:fd:19:33:4f:1d:ea:1d:4e:0b:bc:33:eb:1d:6f:c5:ca:40:
         63:07:d0:91:64:4d:05:ac:c3:d3:e4:11:ec:33:22:c6:ba:b3:
         2e:15:e9:3b:49:7b:06:9f:70:11:1e:c5:89:18:a0:db:da:9e:
         6d:8b:b8:09:f9:9e:f4:e8:e9:65:c7:b2:2d:f5:cf:f4:96:36:
         6c:da:ef:bc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvSiPafbEd8Gv4srJOMJqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWU5ZDJlYjllMTY4NDI0ZGIzOTQxYjg2YTU2ZjIxODBhZmU2YjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBW6cC+vYX5yCWvpV/NwQ1pRfI1S
Y38KGdQh4JAFZxzfsg2MNZxKBn7FFYrjVAuNVyhbBIZfUnu+gT421GMbjq6B6Kix
jUGSOz+92JB+7kq+8bM9k0Amjv9m5Uqy5ifvYdcdfhg4uN2KTx6uYpMBexb3OS7l
m+mqw8usyvqHNI+LK8mSRbk5wBzHK1pTchs5wbyJPyEs36IyE8JS4sw3Bza22z55
v7rCvCgKwJZ1qZu3DOZBm1hJUMN384XrEmb5JwWiOGflMhsSDoL3b6zzRtQsE+9T
9k1gMlpxIsyjixHxNECVqvnCWi+Z9SPCI8OoazKnwPL6mLfKhLgaJyHZzwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP7p0uueFoQk2zlBuGpW8hgK/mtAMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvX3VuUzY1NFdoQ1RiT1VHNGFsYnlHQXItYTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6XwApA
AwcAKg6xBxeIMA0GCSqGSIb3DQEBCwUAA4IBAQBHn4Twy+amebO4sb8H3mVKWvm4
0YZcvbVQkvp8RASXC/oyKucw5aYim9qFJpCv3eQ9f1wc4fZKJCiCZQOPX/PwoFJ4
GDaA/E4D+I7rG3ZB+GMj723k1EEKQG9+d60X92KRvWOwDsPTOo3WjpP55UfhU4fV
uq4eqpWw4nTVh67r8CqURpQwXjaQJdtSgQjbRY7ORqJjks3pU2yX/LaLMnaP1W52
e05FV4p2JW4WG1hcagXeZDgZ/RkzTx3qHU4LvDPrHW/FykBjB9CRZE0FrMPT5BHs
MyLGurMuFek7SXsGn3ARHsWJGKDb2p5ti7gJ+Z706Ollx7It9c/0ljZs2u+8
-----END CERTIFICATE-----