Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/eqD3ESkoECAOSRhVQ8hCSzSwT-8.roa
File:                     eqD3ESkoECAOSRhVQ8hCSzSwT-8.roa (raw, json)
Hash identifier:          2kceqObJs1dGFUBHOZCfqUwWEaPbN02d2Fh5ueMJPSs=
Subject key identifier:   7A:A0:F7:11:29:28:10:20:0E:49:18:55:43:C8:42:4B:34:B0:4F:EF
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD3273F18AD75725A3FF7B5FC792EB
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/eqD3ESkoECAOSRhVQ8hCSzSwT-8.roa
Signing time:             Tue 02 Jan 2024 10:34:28 +0000
ROA not before:           Tue 02 Jan 2024 10:34:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211231
IP address blocks:        2a0e:b107:1390::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:32:73:f1:8a:d7:57:25:a3:ff:7b:5f:c7:92:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7aa0f711292810200e49185543c8424b34b04fef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:98:3c:38:e6:7f:50:f8:7d:48:4c:1a:25:7c:
                    bf:52:95:25:c4:1a:8b:ea:e6:84:d5:d1:8a:f4:d2:
                    df:88:6a:50:32:e6:1a:c7:d9:20:bb:0c:ca:73:3e:
                    0b:bb:b0:af:d0:b8:bc:8d:3a:ef:8c:62:99:f9:41:
                    42:e4:71:a9:22:45:ce:ff:ae:74:03:e5:c4:8d:53:
                    30:fe:3f:f4:2b:9e:17:46:84:34:62:d9:1c:83:8c:
                    c1:cd:78:05:f6:b8:86:34:20:0f:14:fd:a5:80:68:
                    ee:4f:83:86:e1:fa:5c:5e:dd:83:94:bd:46:9f:72:
                    9d:c0:9c:77:6d:20:fc:f6:13:f9:3c:84:4f:b3:5a:
                    2a:ef:93:7c:64:b8:4f:55:27:26:bd:f5:26:be:ef:
                    e6:81:77:80:fc:2b:87:65:6b:92:f7:31:bc:4e:93:
                    c2:e8:5e:ad:5e:7f:4d:11:83:b8:8b:bb:bb:3f:ec:
                    ec:b6:9a:95:26:47:d8:7a:9b:ee:00:6f:48:d6:44:
                    7c:71:24:44:f2:0c:f6:34:18:69:54:44:bc:a2:92:
                    86:b0:3b:86:87:ae:0e:ef:25:a9:01:29:23:f5:68:
                    c6:d7:a2:d6:ce:6d:fa:45:84:c9:f7:c2:34:2c:04:
                    e6:13:74:16:d1:08:00:de:25:9c:ef:c0:9c:52:4f:
                    76:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:A0:F7:11:29:28:10:20:0E:49:18:55:43:C8:42:4B:34:B0:4F:EF
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/eqD3ESkoECAOSRhVQ8hCSzSwT-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1390::/44

    Signature Algorithm: sha256WithRSAEncryption
         4c:54:4b:70:83:03:29:2a:c6:6e:e6:0e:04:c6:bf:98:9b:bb:
         f6:2b:c0:e7:2e:00:e9:02:02:94:ec:1d:4a:1d:5e:34:ab:16:
         b7:8a:92:df:fe:af:3c:d3:fd:e3:1a:72:34:68:c7:58:26:ce:
         be:11:d4:72:23:81:2d:bf:cc:aa:cf:69:ce:57:e4:d1:27:cb:
         c4:23:36:bc:b2:48:51:a7:d4:22:d6:99:5d:01:6b:bb:d7:e1:
         1e:02:d3:28:11:dc:e8:0e:c6:cd:f9:e5:1a:f8:04:3e:18:0c:
         62:25:2d:32:2d:37:a4:52:e9:61:6c:a1:91:91:ab:bf:c0:3a:
         43:f0:08:2c:86:7d:75:62:3e:23:89:63:0f:43:ae:7f:17:18:
         e5:89:05:fb:38:8c:71:b2:3b:d4:f3:3c:a0:ac:eb:79:b2:7d:
         90:fd:87:9c:5a:85:09:16:1d:7d:85:ed:2c:c7:84:66:93:9f:
         2c:05:92:fd:d1:84:fb:c8:aa:8d:30:e9:4b:05:0d:89:84:dd:
         50:ee:6b:f1:5c:2d:51:27:94:a7:de:34:5c:00:98:74:c9:7a:
         2b:40:3a:b8:3d:01:44:6f:08:40:9c:b9:ca:c5:59:48:ef:39:
         02:90:ce:1e:71:25:26:6d:b3:89:d7:94:b9:26:86:65:92:2c:
         74:5c:ba:f2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvTJz8YrXVyWj/3tfx5LrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWEwZjcxMTI5MjgxMDIwMGU0OTE4NTU0M2M4NDI0YjM0YjA0ZmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJg8OOZ/UPh9SEwaJXy/UpUlxBqL
6uaE1dGK9NLfiGpQMuYax9kguwzKcz4Lu7Cv0Li8jTrvjGKZ+UFC5HGpIkXO/650
A+XEjVMw/j/0K54XRoQ0Ytkcg4zBzXgF9riGNCAPFP2lgGjuT4OG4fpcXt2DlL1G
n3KdwJx3bSD89hP5PIRPs1oq75N8ZLhPVScmvfUmvu/mgXeA/CuHZWuS9zG8TpPC
6F6tXn9NEYO4i7u7P+zstpqVJkfYepvuAG9I1kR8cSRE8gz2NBhpVES8opKGsDuG
h64O7yWpASkj9WjG16LWzm36RYTJ98I0LATmE3QW0QgA3iWc78CcUk92ZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHqg9xEpKBAgDkkYVUPIQks0sE/vMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZXFEM0VTa29FQ0FPU1JoVlE4aENTelN3VC04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxOQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBMVEtwgwMpKsZu5g4Exr+Ym7v2K8DnLgDpAgKU
7B1KHV40qxa3ipLf/q880/3jGnI0aMdYJs6+EdRyI4Etv8yqz2nOV+TRJ8vEIza8
skhRp9Qi1pldAWu71+EeAtMoEdzoDsbN+eUa+AQ+GAxiJS0yLTekUulhbKGRkau/
wDpD8Agshn11Yj4jiWMPQ65/FxjliQX7OIxxsjvU8zygrOt5sn2Q/YecWoUJFh19
he0sx4Rmk58sBZL90YT7yKqNMOlLBQ2JhN1Q7mvxXC1RJ5Sn3jRcAJh0yXorQDq4
PQFEbwhAnLnKxVlI7zkCkM4ecSUmbbOJ15S5JoZlkix0XLry
-----END CERTIFICATE-----