Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/asBpIDQ8YHn6rfyd-VnJZbEv6g0.roa
File:                     asBpIDQ8YHn6rfyd-VnJZbEv6g0.roa (raw, json)
Hash identifier:          /ucC6mNamY38o4dO+7CiK+PTzSidVDVO8b/OJJjV7uc=
Subject key identifier:   6A:C0:69:20:34:3C:60:79:FA:AD:FC:9D:F9:59:C9:65:B1:2F:EA:0D
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCF0F80718E8B99D06A1DA2966B435
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/asBpIDQ8YHn6rfyd-VnJZbEv6g0.roa
Signing time:             Tue 02 Jan 2024 10:34:11 +0000
ROA not before:           Tue 02 Jan 2024 10:34:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199962
IP address blocks:        2a0e:97c0:860::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:38:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:f0:f8:07:18:e8:b9:9d:06:a1:da:29:66:b4:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ac06920343c6079faadfc9df959c965b12fea0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:8e:cc:39:b9:08:89:29:7a:76:57:3f:1c:21:
                    35:f4:d2:4c:60:d0:7c:2d:7c:9c:cf:6f:7b:0c:03:
                    91:49:1e:8e:0f:f0:4b:0a:ec:d7:f2:f6:1c:82:ae:
                    f8:09:57:c3:41:31:0c:66:6b:23:86:f6:42:f8:b1:
                    0b:f9:f2:03:aa:a6:ab:ea:9d:03:79:31:f3:42:1a:
                    c5:28:a7:36:a9:a4:57:fc:23:ae:6a:f8:21:c5:f8:
                    4a:1c:79:5b:3f:1e:7f:16:b0:18:e9:f8:4e:c7:d0:
                    5b:54:71:fc:f2:92:d6:cc:1c:3a:68:85:6a:d3:14:
                    ea:f7:ce:a6:45:1a:e2:52:33:65:e4:00:0c:97:f1:
                    22:f1:5c:95:f0:9a:0a:e9:e4:5e:01:98:e1:de:3a:
                    1f:5d:f3:93:ed:32:6a:bb:94:8a:b9:af:8b:27:68:
                    90:7f:c9:6e:aa:d3:e2:6b:87:b5:1a:ad:14:8f:aa:
                    f3:f9:86:03:d5:f3:15:e0:21:98:ba:69:e8:b1:5e:
                    39:20:53:89:29:77:93:6a:1b:db:86:e5:53:05:31:
                    75:f1:38:48:8c:84:82:2d:af:ad:a1:61:3e:f3:dd:
                    8c:e2:f0:e3:5f:ad:a7:2f:f6:89:13:22:3c:86:b4:
                    9b:0d:68:9b:91:81:36:e2:a1:a4:78:f2:4f:74:6a:
                    de:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:C0:69:20:34:3C:60:79:FA:AD:FC:9D:F9:59:C9:65:B1:2F:EA:0D
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/asBpIDQ8YHn6rfyd-VnJZbEv6g0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:860::/44

    Signature Algorithm: sha256WithRSAEncryption
         01:a2:0e:06:80:ad:46:0e:a2:f7:0d:c0:a8:00:0a:00:4b:79:
         f1:a0:e0:4d:6d:7f:bc:f4:e7:65:87:fd:44:ad:0d:a4:4a:da:
         ac:0c:bb:1c:fc:ad:39:13:f8:24:2b:23:1e:0c:ef:55:5c:d5:
         fc:d7:ab:d8:e8:79:2f:01:ff:9d:c9:a5:f6:83:f1:95:62:ce:
         6d:bf:1e:ea:63:34:54:23:f7:6a:82:2e:73:c1:dc:6d:88:d5:
         df:53:4a:48:c9:ba:fc:c6:da:54:d7:d7:79:5c:10:36:7c:86:
         a5:d4:e9:99:21:73:8e:ca:3a:c5:16:20:8d:2b:5a:c4:79:79:
         4b:1f:1e:05:cf:fe:1a:2e:cf:d6:75:93:30:98:4d:bc:f4:c6:
         37:e3:b6:f9:a4:33:cc:61:27:c8:50:6d:58:ac:b0:07:b9:f6:
         5d:64:56:d3:88:5d:ac:e2:d5:73:1e:4e:3e:4e:00:68:e1:3d:
         fb:9e:4c:2a:08:98:7f:7c:e0:5e:f5:71:13:c2:c5:a9:4d:78:
         bf:3d:0a:5c:f2:d2:52:54:8b:12:78:5a:f5:5c:ed:4c:48:bd:
         07:23:d6:d9:d7:b4:a9:9d:06:9b:38:df:dd:2c:a3:0d:cb:50:
         08:15:e4:5f:29:93:1b:93:8e:e0:e2:ff:b5:05:a7:79:6b:2b:
         82:02:4e:d5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvPD4BxjouZ0GodopZrQ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWMwNjkyMDM0M2M2MDc5ZmFhZGZjOWRmOTU5Yzk2NWIxMmZlYTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgo7MObkIiSl6dlc/HCE19NJMYNB8
LXycz297DAORSR6OD/BLCuzX8vYcgq74CVfDQTEMZmsjhvZC+LEL+fIDqqar6p0D
eTHzQhrFKKc2qaRX/COuavghxfhKHHlbPx5/FrAY6fhOx9BbVHH88pLWzBw6aIVq
0xTq986mRRriUjNl5AAMl/Ei8VyV8JoK6eReAZjh3jofXfOT7TJqu5SKua+LJ2iQ
f8luqtPia4e1Gq0Uj6rz+YYD1fMV4CGYumnosV45IFOJKXeTahvbhuVTBTF18ThI
jISCLa+toWE+892M4vDjX62nL/aJEyI8hrSbDWibkYE24qGkePJPdGreyQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGrAaSA0PGB5+q38nflZyWWxL+oNMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvYXNCcElEUThZSG42cmZ5ZC1WbkpaYkV2NmcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAhg
MA0GCSqGSIb3DQEBCwUAA4IBAQABog4GgK1GDqL3DcCoAAoAS3nxoOBNbX+89Odl
h/1ErQ2kStqsDLsc/K05E/gkKyMeDO9VXNX816vY6HkvAf+dyaX2g/GVYs5tvx7q
YzRUI/dqgi5zwdxtiNXfU0pIybr8xtpU19d5XBA2fIal1OmZIXOOyjrFFiCNK1rE
eXlLHx4Fz/4aLs/WdZMwmE289MY347b5pDPMYSfIUG1YrLAHufZdZFbTiF2s4tVz
Hk4+TgBo4T37nkwqCJh/fOBe9XETwsWpTXi/PQpc8tJSVIsSeFr1XO1MSL0HI9bZ
17SpnQabON/dLKMNy1AIFeRfKZMbk47g4v+1Bad5ayuCAk7V
-----END CERTIFICATE-----