Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/doN9vBR2vY08jqv6MvfyBiV61OU.roa
File:                     doN9vBR2vY08jqv6MvfyBiV61OU.roa (raw, json)
Hash identifier:          EoKZsyYsZ/hbuBW7g1EJD7QpPtEhS7ji12XS1rjYNSM=
Subject key identifier:   76:83:7D:BC:14:76:BD:8D:3C:8E:AB:FA:32:F7:F2:06:25:7A:D4:E5
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019030216D4815913F5C25E9FB66FBEA37B2
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/doN9vBR2vY08jqv6MvfyBiV61OU.roa
Signing time:             Wed 19 Jun 2024 10:53:35 +0000
ROA not before:           Wed 19 Jun 2024 10:53:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214730
IP address blocks:        2a0e:97c0:180::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:30:21:6d:48:15:91:3f:5c:25:e9:fb:66:fb:ea:37:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun 19 10:53:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76837dbc1476bd8d3c8eabfa32f7f206257ad4e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:83:03:86:2f:26:2d:06:a2:29:b9:d4:24:95:
                    43:75:e2:11:b2:5c:8a:b9:df:7f:d8:37:a7:22:78:
                    11:4c:af:b7:6f:54:bd:4b:4e:2c:53:ba:99:56:ad:
                    ae:67:a7:ee:33:52:5d:12:ba:18:07:80:64:bf:df:
                    10:01:70:2b:ba:1a:60:d0:2e:d5:ad:7d:81:82:fb:
                    32:0b:a2:52:24:35:ad:b8:52:69:36:a2:09:21:1d:
                    0f:1b:70:60:7b:1e:a9:ad:5f:02:a6:de:8a:de:6a:
                    ca:d2:66:0f:fd:48:f8:12:56:06:eb:a4:0b:76:a3:
                    f5:19:d0:3a:b0:ac:ba:dc:6c:13:44:63:4e:c9:cf:
                    93:16:af:28:c9:e4:84:4c:a0:df:f7:56:17:31:70:
                    02:5b:80:19:81:28:81:8e:ed:a4:0d:7c:f2:54:08:
                    fd:ae:4c:1c:04:f0:d4:c3:ff:12:9a:2d:01:f0:83:
                    d2:ef:25:c8:06:68:0e:8b:c3:f1:96:e0:d0:61:2f:
                    0b:07:19:3e:ca:d6:6e:6c:4c:12:58:39:f5:64:a0:
                    42:6f:50:f1:af:07:3e:93:ea:28:2e:20:c4:3e:37:
                    50:67:32:9e:74:d8:7a:86:92:f1:bb:df:86:2f:47:
                    6c:11:a4:7f:3c:2d:e9:5a:13:c2:02:b4:66:0c:bf:
                    5c:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:83:7D:BC:14:76:BD:8D:3C:8E:AB:FA:32:F7:F2:06:25:7A:D4:E5
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/doN9vBR2vY08jqv6MvfyBiV61OU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:180::/44

    Signature Algorithm: sha256WithRSAEncryption
         b4:d2:2d:0f:91:7e:f1:e8:71:33:9f:99:34:68:f6:66:4a:09:
         9d:10:22:0a:b8:78:fb:06:69:bb:c4:fd:8f:42:b5:20:e3:06:
         35:d1:ae:8d:2e:57:61:6a:e7:53:af:c9:71:18:8d:47:0d:e2:
         4b:58:11:ab:d1:94:81:ff:43:a8:51:6c:c8:9e:a6:c1:f9:25:
         43:09:5d:03:f9:d7:8c:10:20:22:2c:0c:3a:39:e2:03:ae:f8:
         ff:cd:5c:5e:a9:8f:27:58:78:76:c9:4c:72:5e:26:ac:a0:24:
         f9:c4:74:b8:61:28:98:b1:3d:43:61:72:8a:09:db:44:34:20:
         d6:2a:be:83:38:ca:9b:3c:15:a6:d5:b0:e8:18:1b:0e:b8:e0:
         24:c0:7b:b5:68:1e:c1:96:b0:af:e3:fc:b1:87:a1:3b:2a:a5:
         f3:89:19:37:73:8e:76:ce:6d:4d:99:ba:7b:fe:78:71:b4:ce:
         84:aa:4a:1e:28:5c:82:6a:d8:d2:86:f3:57:fe:43:36:69:82:
         a7:6d:a4:05:bb:15:83:51:f8:97:c1:9d:c1:b3:ec:d3:e8:2a:
         f6:37:dc:ac:c1:a0:df:14:f6:c9:49:84:03:6a:a3:a5:c4:32:
         7e:70:b6:5b:35:4c:85:db:7e:77:74:cd:b2:95:a6:fc:d6:92:
         c8:e7:2d:57
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAwIW1IFZE/XCXp+2b76jeyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNjE5MTA1MzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjgzN2RiYzE0NzZiZDhkM2M4ZWFiZmEzMmY3ZjIwNjI1N2FkNGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyoMDhi8mLQaiKbnUJJVDdeIRslyK
ud9/2DenIngRTK+3b1S9S04sU7qZVq2uZ6fuM1JdEroYB4Bkv98QAXAruhpg0C7V
rX2BgvsyC6JSJDWtuFJpNqIJIR0PG3Bgex6prV8Cpt6K3mrK0mYP/Uj4ElYG66QL
dqP1GdA6sKy63GwTRGNOyc+TFq8oyeSETKDf91YXMXACW4AZgSiBju2kDXzyVAj9
rkwcBPDUw/8Smi0B8IPS7yXIBmgOi8PxluDQYS8LBxk+ytZubEwSWDn1ZKBCb1Dx
rwc+k+ooLiDEPjdQZzKedNh6hpLxu9+GL0dsEaR/PC3pWhPCArRmDL9cXwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHaDfbwUdr2NPI6r+jL38gYletTlMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZG9OOXZCUjJ2WTA4anF2Nk12ZnlCaVY2MU9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAGA
MA0GCSqGSIb3DQEBCwUAA4IBAQC00i0PkX7x6HEzn5k0aPZmSgmdECIKuHj7Bmm7
xP2PQrUg4wY10a6NLldhaudTr8lxGI1HDeJLWBGr0ZSB/0OoUWzInqbB+SVDCV0D
+deMECAiLAw6OeIDrvj/zVxeqY8nWHh2yUxyXiasoCT5xHS4YSiYsT1DYXKKCdtE
NCDWKr6DOMqbPBWm1bDoGBsOuOAkwHu1aB7BlrCv4/yxh6E7KqXziRk3c452zm1N
mbp7/nhxtM6EqkoeKFyCatjShvNX/kM2aYKnbaQFuxWDUfiXwZ3Bs+zT6Cr2N9ys
waDfFPbJSYQDaqOlxDJ+cLZbNUyF2353dM2ylab81pLI5y1X
-----END CERTIFICATE-----