Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/f6Pk00hSWaSfPjPC680X_gCmoHU.roa
File:                     f6Pk00hSWaSfPjPC680X_gCmoHU.roa (raw, json)
Hash identifier:          8Hyc51g+af+CGe5FG3W88evLa02XUwAqmQBk4Bprhao=
Subject key identifier:   7F:A3:E4:D3:48:52:59:A4:9F:3E:33:C2:EB:CD:17:FE:00:A6:A0:75
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCBDEFF0855D713BB5B82450A97879
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/f6Pk00hSWaSfPjPC680X_gCmoHU.roa
Signing time:             Tue 02 Jan 2024 10:33:59 +0000
ROA not before:           Tue 02 Jan 2024 10:33:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     269
IP address blocks:        2a0e:b107:381::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:bd:ef:f0:85:5d:71:3b:b5:b8:24:50:a9:78:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:33:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7fa3e4d3485259a49f3e33c2ebcd17fe00a6a075
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:e1:36:83:78:54:21:63:d2:6d:e7:d4:49:e3:
                    8f:1b:8e:11:08:31:f6:01:89:6f:fe:09:f3:53:56:
                    3d:76:f3:13:ca:b0:ea:a2:15:d9:65:66:a3:5d:0e:
                    b1:01:d1:09:b1:89:8e:9b:29:62:b5:c9:79:75:28:
                    fc:84:c0:f2:e4:e5:40:df:e2:b8:08:bc:f1:04:73:
                    c5:71:ea:3e:96:6e:5d:51:24:cc:16:d8:c6:f0:b6:
                    d8:8c:b2:77:72:08:f9:fe:f9:0b:4e:de:a4:ce:46:
                    7f:17:cf:fa:7e:fa:fd:87:97:fa:5e:8f:fc:40:33:
                    e3:e2:9a:38:4b:51:71:31:02:d6:5f:9c:5e:e9:28:
                    ba:a3:fd:b8:28:7c:d8:fd:26:4f:6a:35:57:44:db:
                    8d:3b:3e:85:b9:a7:45:d2:db:d3:4e:15:01:04:1a:
                    6e:8a:f0:c0:a6:9f:bf:1f:1e:a9:b3:1c:44:a7:5c:
                    48:a3:93:5b:52:7d:5e:ed:a3:21:0c:bb:ae:45:e7:
                    74:3d:b9:b3:12:9f:91:83:f3:1d:47:a1:ff:c0:7d:
                    30:fa:f7:99:ea:b7:81:ab:70:5b:19:f0:09:9e:74:
                    e0:18:b0:c6:58:19:d8:77:de:30:12:4e:7e:2e:6c:
                    94:8a:e0:27:0f:de:91:3d:07:85:d2:b5:5e:53:7c:
                    39:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:A3:E4:D3:48:52:59:A4:9F:3E:33:C2:EB:CD:17:FE:00:A6:A0:75
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/f6Pk00hSWaSfPjPC680X_gCmoHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:381::/48

    Signature Algorithm: sha256WithRSAEncryption
         bc:32:0b:09:8c:60:af:da:04:94:c1:c3:a3:35:76:d9:f4:bf:
         02:b4:e5:0b:51:9f:7f:e2:a0:a7:21:b7:15:e2:8b:a6:30:07:
         b1:ef:a6:fe:b0:d2:d5:9c:b7:d2:4c:23:31:33:71:9f:ed:36:
         06:a3:d7:74:89:59:be:0a:d9:40:42:01:c5:71:a0:59:8c:1f:
         b0:b9:4a:b8:28:24:76:70:ae:7d:2a:2f:29:ab:f3:0f:3f:59:
         82:0f:7e:ee:0a:4c:24:e9:ca:74:bf:60:f6:f3:0b:9e:e7:9d:
         80:0a:81:66:82:07:72:8f:53:73:60:f0:9c:d0:b7:87:a5:0a:
         5d:70:7f:16:d1:e8:88:84:05:09:58:bd:42:6f:fa:89:3a:29:
         93:17:53:1e:79:69:2b:99:c0:67:7b:5a:63:2a:e5:82:c7:8e:
         ff:cd:b3:03:64:ea:5b:ba:10:36:b2:31:ae:cd:ec:54:a5:9d:
         e2:91:42:2c:69:cb:b2:db:c3:e8:b1:4e:2f:32:09:e4:b7:7f:
         28:2d:1a:d8:e6:62:67:da:57:19:74:d4:9e:54:ed:c3:e0:9d:
         f5:29:1d:da:99:14:a5:15:95:ec:3b:9d:3a:5a:1c:b1:85:af:
         72:6d:e1:3c:21:cb:0a:7c:d9:d9:35:0b:0c:2c:fe:23:3e:7d:
         6a:1e:2e:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvL3v8IVdcTu1uCRQqXh5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmEzZTRkMzQ4NTI1OWE0OWYzZTMzYzJlYmNkMTdmZTAwYTZhMDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8uE2g3hUIWPSbefUSeOPG44RCDH2
AYlv/gnzU1Y9dvMTyrDqohXZZWajXQ6xAdEJsYmOmylitcl5dSj8hMDy5OVA3+K4
CLzxBHPFceo+lm5dUSTMFtjG8LbYjLJ3cgj5/vkLTt6kzkZ/F8/6fvr9h5f6Xo/8
QDPj4po4S1FxMQLWX5xe6Si6o/24KHzY/SZPajVXRNuNOz6FuadF0tvTThUBBBpu
ivDApp+/Hx6psxxEp1xIo5NbUn1e7aMhDLuuRed0PbmzEp+Rg/MdR6H/wH0w+veZ
6reBq3BbGfAJnnTgGLDGWBnYd94wEk5+LmyUiuAnD96RPQeF0rVeU3w5cwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH+j5NNIUlmknz4zwuvNF/4ApqB1MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZjZQazAwaFNXYVNmUGpQQzY4MFhfZ0Ntb0hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBwOB
MA0GCSqGSIb3DQEBCwUAA4IBAQC8MgsJjGCv2gSUwcOjNXbZ9L8CtOULUZ9/4qCn
IbcV4oumMAex76b+sNLVnLfSTCMxM3Gf7TYGo9d0iVm+CtlAQgHFcaBZjB+wuUq4
KCR2cK59Ki8pq/MPP1mCD37uCkwk6cp0v2D28wue552ACoFmggdyj1NzYPCc0LeH
pQpdcH8W0eiIhAUJWL1Cb/qJOimTF1MeeWkrmcBne1pjKuWCx47/zbMDZOpbuhA2
sjGuzexUpZ3ikUIsacuy28PosU4vMgnkt38oLRrY5mJn2lcZdNSeVO3D4J31KR3a
mRSlFZXsO506Whyxha9ybeE8IcsKfNnZNQsMLP4jPn1qHi5Q
-----END CERTIFICATE-----