Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/eE-mqfXUDsA0eWsOl0Y52Xd_gdk.roa
File:                     eE-mqfXUDsA0eWsOl0Y52Xd_gdk.roa (raw, json)
Hash identifier:          /9oF2D91z7uOAKbC5a2V2YJCYAS7jUQdhCJY4nmuATE=
Subject key identifier:   78:4F:A6:A9:F5:D4:0E:C0:34:79:6B:0E:97:46:39:D9:77:7F:81:D9
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0190813F2C8641E3B3EBD167EC0A960ADF79
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/eE-mqfXUDsA0eWsOl0Y52Xd_gdk.roa
Signing time:             Fri 05 Jul 2024 04:55:19 +0000
ROA not before:           Fri 05 Jul 2024 04:55:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214616
IP address blocks:        2a0e:97c0:3f0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:81:3f:2c:86:41:e3:b3:eb:d1:67:ec:0a:96:0a:df:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jul  5 04:55:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=784fa6a9f5d40ec034796b0e974639d9777f81d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:09:9b:80:e8:30:42:2d:43:29:65:92:ef:56:
                    53:41:43:8a:f2:34:2f:88:85:39:6a:80:5b:77:4e:
                    16:5e:8f:24:dc:ba:2e:1d:6f:bb:55:dc:f0:6d:d6:
                    f1:4c:cd:9e:d1:d9:94:5f:ad:0f:43:51:d1:26:94:
                    a5:1c:04:fe:2e:8d:fd:ed:cd:0f:ce:e7:ed:b4:71:
                    6e:f4:b6:b6:e7:e8:fb:43:47:ca:f5:5f:c6:57:f1:
                    7c:04:dc:c1:c8:f2:7a:38:ea:81:05:5d:ba:9b:21:
                    7e:2a:6c:48:4b:7f:d3:16:98:59:19:12:39:a8:8a:
                    c3:fb:ed:eb:cf:54:79:45:25:55:74:da:e7:88:7e:
                    d4:0f:99:df:48:fc:51:82:08:a3:74:b0:cc:b3:bd:
                    25:2d:6f:07:1f:b8:c3:01:e3:98:75:9e:ac:eb:0a:
                    1c:f4:c7:8a:9d:2f:72:37:02:7c:ae:5c:52:43:35:
                    5b:32:cd:41:5a:5e:fe:29:cb:72:b8:a4:a2:1e:21:
                    a9:cf:61:30:8d:73:43:c9:1f:4b:b9:d7:43:91:b0:
                    8d:f5:55:4e:ef:55:aa:47:fe:9f:46:30:f6:f7:88:
                    f4:bc:ff:25:0a:6c:20:40:7a:f7:10:fc:55:53:96:
                    47:02:ce:f6:59:20:da:06:eb:69:58:92:0f:2c:e1:
                    54:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:4F:A6:A9:F5:D4:0E:C0:34:79:6B:0E:97:46:39:D9:77:7F:81:D9
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/eE-mqfXUDsA0eWsOl0Y52Xd_gdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:3f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         0a:6b:6b:f7:33:83:91:30:34:88:dd:2e:08:25:62:64:dc:bb:
         9f:61:d3:f0:a2:f3:5c:8b:26:cb:a2:b0:5d:09:2c:d3:bb:3d:
         28:09:32:31:28:a7:43:81:0c:f4:8f:bc:07:1b:fe:96:c3:c4:
         c0:af:82:22:35:2f:3d:24:2d:84:4c:6b:79:b7:f4:10:f4:f8:
         b8:2f:0f:fd:a7:61:ec:d0:4a:e9:4b:24:da:55:5a:94:9e:cf:
         f1:8d:cf:df:1a:5d:03:62:07:d9:22:49:1d:b7:fd:d5:a9:28:
         87:7d:fd:2b:f3:83:84:0c:7f:f3:35:7e:1b:21:f2:d9:f7:09:
         0c:72:fd:71:1d:2c:6b:1f:77:45:af:34:6b:36:68:ff:40:ee:
         2b:44:d5:ed:06:c4:83:e7:39:b6:d0:3a:33:17:2c:10:ff:08:
         03:f4:e7:c9:7c:85:63:00:02:65:4a:49:84:6a:6d:29:13:65:
         b6:fd:dd:b9:15:84:d8:de:2b:0a:c6:02:ec:d6:63:68:23:ce:
         1f:ca:60:78:c0:96:78:f5:32:51:34:cf:2f:cf:6d:e6:86:4f:
         3c:1c:d3:7e:ab:ae:40:7a:ff:fd:68:08:45:94:ac:b8:88:16:
         73:45:d1:5d:aa:d0:4d:0a:2a:dd:71:0a:d9:1d:b2:ba:19:fa:
         67:c9:cf:f7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZCBPyyGQeOz69Fn7AqWCt95MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNzA1MDQ1NTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODRmYTZhOWY1ZDQwZWMwMzQ3OTZiMGU5NzQ2MzlkOTc3N2Y4MWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQmbgOgwQi1DKWWS71ZTQUOK8jQv
iIU5aoBbd04WXo8k3LouHW+7VdzwbdbxTM2e0dmUX60PQ1HRJpSlHAT+Lo397c0P
zufttHFu9La25+j7Q0fK9V/GV/F8BNzByPJ6OOqBBV26myF+KmxIS3/TFphZGRI5
qIrD++3rz1R5RSVVdNrniH7UD5nfSPxRggijdLDMs70lLW8HH7jDAeOYdZ6s6woc
9MeKnS9yNwJ8rlxSQzVbMs1BWl7+KctyuKSiHiGpz2EwjXNDyR9LuddDkbCN9VVO
71WqR/6fRjD294j0vP8lCmwgQHr3EPxVU5ZHAs72WSDaButpWJIPLOFUPwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHhPpqn11A7ANHlrDpdGOdl3f4HZMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZUUtbXFmWFVEc0EwZVdzT2wwWTUyWGRfZ2RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAPw
MA0GCSqGSIb3DQEBCwUAA4IBAQAKa2v3M4ORMDSI3S4IJWJk3LufYdPwovNciybL
orBdCSzTuz0oCTIxKKdDgQz0j7wHG/6Ww8TAr4IiNS89JC2ETGt5t/QQ9Pi4Lw/9
p2Hs0ErpSyTaVVqUns/xjc/fGl0DYgfZIkkdt/3VqSiHff0r84OEDH/zNX4bIfLZ
9wkMcv1xHSxrH3dFrzRrNmj/QO4rRNXtBsSD5zm20DozFywQ/wgD9OfJfIVjAAJl
SkmEam0pE2W2/d25FYTY3isKxgLs1mNoI84fymB4wJZ49TJRNM8vz23mhk88HNN+
q65Aev/9aAhFlKy4iBZzRdFdqtBNCirdcQrZHbK6Gfpnyc/3
-----END CERTIFICATE-----