Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cX8OlaLaWRuUQWGpZYQSw14BJiE.roa
File:                     cX8OlaLaWRuUQWGpZYQSw14BJiE.roa (raw, json)
Hash identifier:          H5ux7OEwg1UinD0gAh/sBxn57TSYXWfUl0MIYhTbdj8=
Subject key identifier:   71:7F:0E:95:A2:DA:59:1B:94:41:61:A9:65:84:12:C3:5E:01:26:21
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD55A761E7907708EE860DED7D976E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cX8OlaLaWRuUQWGpZYQSw14BJiE.roa
Signing time:             Tue 02 Jan 2024 10:34:37 +0000
ROA not before:           Tue 02 Jan 2024 10:34:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216065
IP address blocks:        2a0e:b107:1198::/45 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:55:a7:61:e7:90:77:08:ee:86:0d:ed:7d:97:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=717f0e95a2da591b944161a9658412c35e012621
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:5f:0c:ab:87:e1:10:a7:9a:a6:4d:86:1d:ad:
                    7a:87:b1:f7:ed:cc:f8:a0:4a:88:3a:92:3a:4f:17:
                    47:4f:89:2d:86:9b:0b:46:68:73:ae:b4:5a:59:41:
                    59:1c:fe:df:c6:46:5f:c9:15:80:2e:b9:09:6a:69:
                    bb:63:02:25:3d:7a:ef:f0:db:d8:e3:d8:ef:40:5d:
                    4e:ca:95:68:e5:33:f6:32:84:ef:c7:1d:a3:70:60:
                    24:52:82:07:92:dd:33:10:7e:79:5a:3a:a5:e4:be:
                    ea:70:35:1f:42:4d:33:ff:a5:a2:27:7d:dd:b9:92:
                    57:f2:88:5d:cd:b5:3f:07:cb:1b:d2:46:90:9c:67:
                    8a:c6:7c:b6:1d:fe:00:91:cc:d1:89:b5:31:32:cc:
                    ee:b4:58:c0:23:64:86:6b:6d:72:94:88:79:03:b5:
                    16:bb:44:c8:76:d6:76:a7:0d:2f:84:f6:20:9b:d1:
                    eb:58:29:8c:51:96:2b:53:b5:9c:b8:73:98:aa:74:
                    62:f8:64:38:87:70:90:27:ca:66:1a:9d:f0:80:5b:
                    29:e9:5c:6c:62:22:a3:19:d6:88:fa:28:54:80:f2:
                    82:0b:0a:7a:fd:8e:a9:a9:0b:fd:b6:cb:47:85:ad:
                    1e:3c:a5:df:82:81:af:0f:f3:d9:55:46:4c:0a:b4:
                    7b:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:7F:0E:95:A2:DA:59:1B:94:41:61:A9:65:84:12:C3:5E:01:26:21
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cX8OlaLaWRuUQWGpZYQSw14BJiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1198::/45

    Signature Algorithm: sha256WithRSAEncryption
         42:2b:9c:74:ca:03:e3:c4:7f:f5:35:2c:ed:10:d3:8d:d4:b0:
         08:2f:30:30:bf:94:16:8f:24:b8:f8:7a:f2:1c:73:44:d7:51:
         5b:8f:02:aa:66:31:ab:71:32:c2:0b:b3:3e:54:c7:c4:ea:46:
         9b:e1:a0:34:f4:2e:ed:d1:6f:79:40:84:ec:bc:f6:d4:37:42:
         83:4a:6b:5e:a8:ce:a4:de:a4:6f:a0:a3:75:2b:0c:9c:81:1c:
         8d:8b:6b:6e:25:78:0b:bc:e3:fc:f2:ec:28:70:cf:fa:19:ea:
         4c:68:34:45:ed:9a:dd:71:be:4f:2f:15:37:99:da:1c:2c:b0:
         ba:fd:bc:70:92:54:84:9a:52:2f:ac:1f:ab:33:ff:13:65:7f:
         d1:b6:39:61:ad:8e:29:9f:bc:b3:bc:b6:42:84:bd:e3:34:32:
         0a:34:70:d3:73:25:9c:bd:c7:bc:aa:ae:1d:13:c9:d0:46:12:
         31:61:ac:47:dd:49:cf:e6:c8:59:8f:4a:59:1f:f7:a5:d0:a4:
         55:a4:26:11:45:39:dc:e7:45:28:26:c3:0e:9a:aa:0a:1e:42:
         7a:26:d2:f6:51:ce:1a:2a:c1:1b:e6:b9:a9:b3:66:4f:29:c0:
         7f:fe:5a:c2:95:b9:65:4b:0f:23:2e:24:b8:75:78:6f:8b:59:
         46:db:6d:f9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvVWnYeeQdwjuhg3tfZduMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTdmMGU5NWEyZGE1OTFiOTQ0MTYxYTk2NTg0MTJjMzVlMDEyNjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiF8Mq4fhEKeapk2GHa16h7H37cz4
oEqIOpI6TxdHT4kthpsLRmhzrrRaWUFZHP7fxkZfyRWALrkJamm7YwIlPXrv8NvY
49jvQF1OypVo5TP2MoTvxx2jcGAkUoIHkt0zEH55Wjql5L7qcDUfQk0z/6WiJ33d
uZJX8ohdzbU/B8sb0kaQnGeKxny2Hf4AkczRibUxMszutFjAI2SGa21ylIh5A7UW
u0TIdtZ2pw0vhPYgm9HrWCmMUZYrU7WcuHOYqnRi+GQ4h3CQJ8pmGp3wgFsp6Vxs
YiKjGdaI+ihUgPKCCwp6/Y6pqQv9tstHha0ePKXfgoGvD/PZVUZMCrR7dQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHF/DpWi2lkblEFhqWWEEsNeASYhMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvY1g4T2xhTGFXUnVVUVdHcFpZUVN3MTRCSmlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcDKg6xBxGY
MA0GCSqGSIb3DQEBCwUAA4IBAQBCK5x0ygPjxH/1NSztENON1LAILzAwv5QWjyS4
+HryHHNE11FbjwKqZjGrcTLCC7M+VMfE6kab4aA09C7t0W95QITsvPbUN0KDSmte
qM6k3qRvoKN1KwycgRyNi2tuJXgLvOP88uwocM/6GepMaDRF7Zrdcb5PLxU3mdoc
LLC6/bxwklSEmlIvrB+rM/8TZX/RtjlhrY4pn7yzvLZChL3jNDIKNHDTcyWcvce8
qq4dE8nQRhIxYaxH3UnP5shZj0pZH/el0KRVpCYRRTnc50UoJsMOmqoKHkJ6JtL2
Uc4aKsEb5rmps2ZPKcB//lrClbllSw8jLiS4dXhvi1lG2235
-----END CERTIFICATE-----