Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/dwphfBRIzU6SPqkkShq8T5Q-QUc.roa
File:                     dwphfBRIzU6SPqkkShq8T5Q-QUc.roa (raw, json)
Hash identifier:          ObpVpqoiiWhRRR39DZzTQ3o2x8VwLYBAQJm2lVAurWQ=
Subject key identifier:   77:0A:61:7C:14:48:CD:4E:92:3E:A9:24:4A:1A:BC:4F:94:3E:41:47
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018D2551C4AFF7A5669C617A765CF5D4D492
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/dwphfBRIzU6SPqkkShq8T5Q-QUc.roa
Signing time:             Sat 20 Jan 2024 05:22:12 +0000
ROA not before:           Sat 20 Jan 2024 05:22:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198536
IP address blocks:        2a0e:97c1:8a22::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:25:51:c4:af:f7:a5:66:9c:61:7a:76:5c:f5:d4:d4:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan 20 05:22:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=770a617c1448cd4e923ea9244a1abc4f943e4147
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ba:a3:6f:db:3f:87:21:82:9b:88:fe:ae:e4:
                    27:09:ab:21:30:59:aa:43:15:2b:c1:e0:ad:20:a7:
                    93:f9:c4:c9:a4:a3:9e:cc:10:7b:22:41:8a:33:bf:
                    52:4d:fe:49:e2:cc:83:96:b1:98:d3:d5:ce:6e:97:
                    d7:2e:7e:ad:73:85:5b:f1:0e:bf:dc:1e:b9:5f:01:
                    db:de:87:b3:41:8a:59:a9:a8:95:b1:a7:d6:9b:24:
                    65:b2:96:e7:c6:cc:f2:06:32:c4:21:d7:55:78:b8:
                    78:85:4d:32:38:0b:33:f9:a2:09:df:b1:20:03:fd:
                    11:69:9c:9a:d5:ef:ba:8c:5c:e5:9b:2f:71:45:3d:
                    60:6c:f7:55:9c:62:de:76:32:27:58:69:be:e9:ef:
                    e1:9b:42:4a:f6:e3:e2:1e:3c:d0:d3:ea:71:3a:66:
                    0d:b4:b4:32:18:4e:c8:de:0f:e8:71:12:9e:86:aa:
                    8a:d4:bf:a1:c7:4d:10:33:62:f1:e3:1a:c0:75:4a:
                    23:df:9b:a2:51:cd:3b:97:91:63:93:01:f6:3f:0f:
                    6a:eb:1c:6b:85:7a:4b:07:b2:2b:c6:b3:00:cd:c4:
                    09:72:e9:bf:36:b5:9d:d0:49:b9:39:6b:71:fc:af:
                    35:6e:77:50:dc:14:e9:4e:7e:dc:5b:35:de:2e:9d:
                    93:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:0A:61:7C:14:48:CD:4E:92:3E:A9:24:4A:1A:BC:4F:94:3E:41:47
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/dwphfBRIzU6SPqkkShq8T5Q-QUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c1:8a22::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:20:a5:54:5c:a9:a8:3a:49:df:33:70:bc:41:99:87:fc:fd:
         e8:22:44:26:c7:14:37:8f:c1:78:ce:de:e4:f8:f5:3b:25:e0:
         0b:01:e5:be:1c:ab:d2:f6:cd:57:66:93:02:46:41:92:75:4a:
         3a:7a:75:8b:96:ee:a2:7d:50:44:45:b8:32:75:de:d3:71:9f:
         61:d3:82:99:1a:f9:ee:e1:c5:af:14:7b:38:bf:c4:b7:c4:77:
         63:73:0d:1e:3e:9b:9e:63:1e:db:7c:ff:3e:73:50:f2:c1:7f:
         c8:89:12:2c:8f:cd:11:3f:b1:6e:64:a7:9a:01:9e:71:a1:35:
         ef:b0:cb:db:0e:c8:dc:e7:ac:61:fe:24:40:34:38:87:97:07:
         55:63:5d:46:bd:60:16:c5:ad:a0:fa:10:d1:db:2f:eb:fc:66:
         40:3a:ad:8a:5b:78:bd:f3:1f:86:b9:43:c1:4c:9a:fe:0c:fb:
         dd:ff:ff:79:87:fc:0c:0d:56:1a:32:6e:9a:83:af:33:10:ab:
         e2:06:66:ac:e2:e6:90:0f:16:18:41:e3:ff:3c:92:03:9f:ed:
         65:30:a1:27:1a:20:89:49:b0:3d:99:52:a4:32:2d:1c:9c:93:
         f2:7e:1f:91:f2:83:15:dd:a5:f8:9a:44:13:05:3e:8e:56:2c:
         c1:fa:df:8e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY0lUcSv96VmnGF6dlz11NSSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTIwMDUyMjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzBhNjE3YzE0NDhjZDRlOTIzZWE5MjQ0YTFhYmM0Zjk0M2U0MTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgrqjb9s/hyGCm4j+ruQnCashMFmq
QxUrweCtIKeT+cTJpKOezBB7IkGKM79STf5J4syDlrGY09XObpfXLn6tc4Vb8Q6/
3B65XwHb3oezQYpZqaiVsafWmyRlspbnxszyBjLEIddVeLh4hU0yOAsz+aIJ37Eg
A/0RaZya1e+6jFzlmy9xRT1gbPdVnGLedjInWGm+6e/hm0JK9uPiHjzQ0+pxOmYN
tLQyGE7I3g/ocRKehqqK1L+hx00QM2Lx4xrAdUoj35uiUc07l5FjkwH2Pw9q6xxr
hXpLB7IrxrMAzcQJcum/NrWd0Em5OWtx/K81bndQ3BTpTn7cWzXeLp2TbwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHcKYXwUSM1Okj6pJEoavE+UPkFHMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZHdwaGZCUkl6VTZTUHFra1NocThUNVEtUVVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6XwYoi
MA0GCSqGSIb3DQEBCwUAA4IBAQBHIKVUXKmoOknfM3C8QZmH/P3oIkQmxxQ3j8F4
zt7k+PU7JeALAeW+HKvS9s1XZpMCRkGSdUo6enWLlu6ifVBERbgydd7TcZ9h04KZ
Gvnu4cWvFHs4v8S3xHdjcw0ePpueYx7bfP8+c1DywX/IiRIsj80RP7FuZKeaAZ5x
oTXvsMvbDsjc56xh/iRANDiHlwdVY11GvWAWxa2g+hDR2y/r/GZAOq2KW3i98x+G
uUPBTJr+DPvd//95h/wMDVYaMm6ag68zEKviBmas4uaQDxYYQeP/PJIDn+1lMKEn
GiCJSbA9mVKkMi0cnJPyfh+R8oMV3aX4mkQTBT6OVizB+t+O
-----END CERTIFICATE-----