Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cmx94J1piBDHI490bnnLNttDZEs.roa
File:                     cmx94J1piBDHI490bnnLNttDZEs.roa (raw, json)
Hash identifier:          RvmJQ/K23q8wVGVJDPpvojKKAkWjtgoQZI3sEVyR93A=
Subject key identifier:   72:6C:7D:E0:9D:69:88:10:C7:23:8F:74:6E:79:CB:36:DB:43:64:4B
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCEE3BFF04AB2F146E6E0FDE7A120C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cmx94J1piBDHI490bnnLNttDZEs.roa
Signing time:             Tue 02 Jan 2024 10:34:11 +0000
ROA not before:           Tue 02 Jan 2024 10:34:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199518
IP address blocks:        2a0e:b107:b14::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ee:3b:ff:04:ab:2f:14:6e:6e:0f:de:7a:12:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=726c7de09d698810c7238f746e79cb36db43644b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f6:61:9e:bf:c0:6a:d1:b1:3f:46:1a:11:0c:
                    c2:96:fc:45:69:b2:a2:ca:bd:15:9b:24:8f:4f:59:
                    2b:cc:ee:20:a8:03:b9:9e:11:c8:fb:e8:7a:ab:15:
                    9f:41:56:c8:a1:0d:e5:15:c4:62:8d:f2:e7:64:92:
                    f2:ba:5b:0d:48:51:69:fe:89:71:0c:ed:31:4d:e0:
                    77:db:c9:39:91:05:d1:33:6f:37:c9:7f:c8:42:35:
                    de:8c:40:b1:0e:62:ac:22:75:67:62:8f:b0:c2:ae:
                    ad:ff:6f:4f:ed:98:d7:f5:ea:f7:5c:ef:d1:af:a2:
                    d2:6a:fb:d5:69:72:9b:f5:e4:41:21:a0:75:f5:c9:
                    6d:84:02:d5:5e:b8:c3:92:1d:ce:35:23:64:18:71:
                    0d:72:67:f8:a5:1b:18:1c:6c:97:a1:aa:b0:03:4b:
                    2c:cc:39:22:1e:98:f7:c2:4e:c5:af:07:54:03:8e:
                    96:df:ad:3c:04:1e:e1:ea:e8:a6:89:7b:04:f4:80:
                    fc:76:ff:ab:a3:77:ed:bf:3d:0c:3e:09:1b:73:93:
                    17:3e:6c:99:b1:2c:c2:ad:96:c1:eb:16:fe:ed:d5:
                    c0:e4:ff:ad:e2:63:f7:a8:7e:d1:aa:2f:fc:b9:65:
                    b8:4a:f7:7e:e5:f2:41:ce:10:98:72:c4:8e:24:47:
                    cf:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:6C:7D:E0:9D:69:88:10:C7:23:8F:74:6E:79:CB:36:DB:43:64:4B
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cmx94J1piBDHI490bnnLNttDZEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:b14::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:fb:1b:9e:9f:ab:c5:c1:33:40:e5:d7:02:13:c5:06:33:f9:
         df:98:dd:e3:15:a0:d1:df:d6:bf:9c:a0:f4:00:23:59:03:a0:
         11:90:eb:55:3f:76:5e:8b:f3:02:fb:a1:d4:10:0a:cd:d3:d5:
         59:c7:61:ff:ed:1d:f1:38:fc:b7:ac:7f:8a:aa:a5:96:ab:da:
         9c:58:9d:0d:a5:78:86:b1:9e:15:0e:ee:47:db:8f:82:45:8c:
         8c:90:7f:b2:bd:54:14:ca:b7:73:b0:42:63:b3:4c:fc:7c:3f:
         5d:9e:19:cf:d7:34:67:ee:66:9b:0b:48:49:3e:2b:ae:eb:4b:
         5d:56:9b:1d:f0:ab:33:0e:a8:75:19:2c:98:21:5b:cd:81:b4:
         ba:21:2e:74:7b:e8:df:9a:27:3f:31:12:b2:00:72:2f:b2:3a:
         12:ed:8f:dc:5e:ab:94:e2:22:50:e6:f8:ea:ef:9e:aa:e9:fb:
         bd:0f:82:02:93:6e:f6:c4:31:b4:00:53:3f:b3:e1:5c:73:b3:
         72:14:a8:86:9a:b0:b9:fe:bf:28:2b:5e:c8:d7:52:3b:3b:6e:
         5e:4d:68:3d:f5:55:c5:29:9c:c1:59:d2:2d:13:88:cf:e8:69:
         15:5d:79:de:ec:4d:f7:b4:eb:48:c4:4b:3c:aa:1a:5b:37:99:
         79:f5:fd:2a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvO47/wSrLxRubg/eehIMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjZjN2RlMDlkNjk4ODEwYzcyMzhmNzQ2ZTc5Y2IzNmRiNDM2NDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PZhnr/AatGxP0YaEQzClvxFabKi
yr0VmySPT1krzO4gqAO5nhHI++h6qxWfQVbIoQ3lFcRijfLnZJLyulsNSFFp/olx
DO0xTeB328k5kQXRM283yX/IQjXejECxDmKsInVnYo+wwq6t/29P7ZjX9er3XO/R
r6LSavvVaXKb9eRBIaB19clthALVXrjDkh3ONSNkGHENcmf4pRsYHGyXoaqwA0ss
zDkiHpj3wk7FrwdUA46W3608BB7h6uimiXsE9ID8dv+ro3ftvz0MPgkbc5MXPmyZ
sSzCrZbB6xb+7dXA5P+t4mP3qH7Rqi/8uWW4Svd+5fJBzhCYcsSOJEfPYQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHJsfeCdaYgQxyOPdG55yzbbQ2RLMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvY214OTRKMXBpQkRISTQ5MGJubkxOdHREWkVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBwsU
MA0GCSqGSIb3DQEBCwUAA4IBAQCQ+xuen6vFwTNA5dcCE8UGM/nfmN3jFaDR39a/
nKD0ACNZA6ARkOtVP3Zei/MC+6HUEArN09VZx2H/7R3xOPy3rH+KqqWWq9qcWJ0N
pXiGsZ4VDu5H24+CRYyMkH+yvVQUyrdzsEJjs0z8fD9dnhnP1zRn7mabC0hJPiuu
60tdVpsd8KszDqh1GSyYIVvNgbS6IS50e+jfmic/MRKyAHIvsjoS7Y/cXquU4iJQ
5vjq756q6fu9D4ICk272xDG0AFM/s+Fcc7NyFKiGmrC5/r8oK17I11I7O25eTWg9
9VXFKZzBWdItE4jP6GkVXXne7E33tOtIxEs8qhpbN5l59f0q
-----END CERTIFICATE-----