Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/fGehadX37CN1QlvtCd6G_8Z7eig.roa
File:                     fGehadX37CN1QlvtCd6G_8Z7eig.roa (raw, json)
Hash identifier:          qe/W4YpSJc/AtuAFSZQjd02I07GqZiaZaZ27fB3SPPI=
Subject key identifier:   7C:67:A1:69:D5:F7:EC:23:75:42:5B:ED:09:DE:86:FF:C6:7B:7A:28
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCD7240F468CAEE0C9F48F69CFE3D8
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/fGehadX37CN1QlvtCd6G_8Z7eig.roa
Signing time:             Tue 02 Jan 2024 10:34:05 +0000
ROA not before:           Tue 02 Jan 2024 10:34:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59936
IP address blocks:        2a0e:97c0:40e::/48 maxlen: 48
                          2a0e:97c0:40f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d7:24:0f:46:8c:ae:e0:c9:f4:8f:69:cf:e3:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c67a169d5f7ec2375425bed09de86ffc67b7a28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:13:ad:81:26:10:31:cc:ed:14:cf:22:18:86:
                    3d:db:99:02:5b:03:55:e4:d9:ab:8c:b5:ce:46:75:
                    50:93:19:b3:62:41:2b:7c:13:a1:50:b2:cf:52:4e:
                    ff:49:8b:51:c3:bf:29:1a:3a:69:52:90:04:92:f4:
                    11:0f:22:33:d8:42:cc:8c:29:6e:d0:b2:49:37:6e:
                    c3:62:c6:fa:3a:62:c2:1a:df:31:6a:fe:b3:99:ff:
                    13:a0:66:8a:d6:12:7e:ce:32:25:81:ab:b6:7f:31:
                    c3:81:66:2f:22:18:7d:2f:cb:15:f9:61:4c:9c:31:
                    e0:5b:c8:88:e7:b0:57:ae:9f:85:5c:47:73:e7:71:
                    2a:95:b5:6e:69:04:05:53:aa:29:c8:d8:f3:ec:c0:
                    41:62:64:73:0f:b3:71:06:67:6d:3b:fb:d7:30:12:
                    fa:fa:c6:d2:90:8c:a0:b3:cc:6f:6e:c9:e2:aa:4a:
                    f4:3a:00:16:5c:78:c2:bb:1f:cd:56:9a:a1:65:2d:
                    63:97:bc:8e:7e:5a:73:dd:86:d0:38:1c:cd:5f:cf:
                    ad:f2:df:7a:da:8c:16:93:a0:12:3a:7b:53:62:15:
                    63:47:a6:34:67:e7:b1:81:4b:ba:ad:b3:38:4c:3d:
                    f1:3d:4c:bb:ac:cc:29:6e:68:e9:d4:80:f4:39:e7:
                    7c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:67:A1:69:D5:F7:EC:23:75:42:5B:ED:09:DE:86:FF:C6:7B:7A:28
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/fGehadX37CN1QlvtCd6G_8Z7eig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:40e::/47

    Signature Algorithm: sha256WithRSAEncryption
         64:5a:a3:cb:0a:0d:16:75:e4:2a:05:0a:1c:66:34:72:34:07:
         42:b4:ee:63:2c:45:13:7a:a2:a6:c6:52:2a:a7:64:60:b1:d9:
         3c:d0:35:d1:6c:ed:fe:35:d2:20:ce:43:ae:67:64:93:4b:43:
         e5:4b:a6:13:18:86:f6:43:18:94:a6:27:3b:23:d1:8a:fc:80:
         f9:87:6f:d3:7d:ef:54:97:5f:ae:76:01:55:89:b3:44:8e:b8:
         ae:dd:21:23:02:d7:db:bc:90:44:bc:02:27:e5:80:3f:5c:95:
         18:84:b7:2f:ea:28:58:e4:d0:7a:53:e5:6a:87:18:d9:1b:fc:
         1b:46:0c:32:23:e5:73:fb:3d:3b:f1:53:3f:9a:c4:aa:77:8a:
         05:f5:fe:e2:ef:27:c3:a6:35:73:50:ec:5e:b0:dc:3c:3f:1f:
         db:a0:10:f6:a8:0a:11:44:e6:8b:d0:05:65:c7:7b:e9:97:77:
         1e:63:38:77:b0:3d:08:60:ba:8b:4e:01:25:c4:88:1c:bc:31:
         45:3d:f6:d8:b6:67:0c:ea:d3:75:a3:86:ea:bb:6d:b1:4a:55:
         6f:90:0a:04:bb:06:5d:51:25:86:c5:d3:36:66:1a:db:8d:20:
         6b:d5:a6:c8:ef:66:6d:44:32:51:4f:44:68:11:14:cb:27:a8:
         b3:6d:8f:63
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvNckD0aMruDJ9I9pz+PYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzY3YTE2OWQ1ZjdlYzIzNzU0MjViZWQwOWRlODZmZmM2N2I3YTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BOtgSYQMcztFM8iGIY925kCWwNV
5NmrjLXORnVQkxmzYkErfBOhULLPUk7/SYtRw78pGjppUpAEkvQRDyIz2ELMjClu
0LJJN27DYsb6OmLCGt8xav6zmf8ToGaK1hJ+zjIlgau2fzHDgWYvIhh9L8sV+WFM
nDHgW8iI57BXrp+FXEdz53EqlbVuaQQFU6opyNjz7MBBYmRzD7NxBmdtO/vXMBL6
+sbSkIygs8xvbsniqkr0OgAWXHjCux/NVpqhZS1jl7yOflpz3YbQOBzNX8+t8t96
2owWk6ASOntTYhVjR6Y0Z+exgUu6rbM4TD3xPUy7rMwpbmjp1ID0Oed8bwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHxnoWnV9+wjdUJb7Qnehv/Ge3ooMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZkdlaGFkWDM3Q04xUWx2dENkNkdfOFo3ZWlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKg6XwAQO
MA0GCSqGSIb3DQEBCwUAA4IBAQBkWqPLCg0WdeQqBQocZjRyNAdCtO5jLEUTeqKm
xlIqp2Rgsdk80DXRbO3+NdIgzkOuZ2STS0PlS6YTGIb2QxiUpic7I9GK/ID5h2/T
fe9Ul1+udgFVibNEjriu3SEjAtfbvJBEvAIn5YA/XJUYhLcv6ihY5NB6U+VqhxjZ
G/wbRgwyI+Vz+z078VM/msSqd4oF9f7i7yfDpjVzUOxesNw8Px/boBD2qAoRROaL
0AVlx3vpl3ceYzh3sD0IYLqLTgElxIgcvDFFPfbYtmcM6tN1o4bqu22xSlVvkAoE
uwZdUSWGxdM2ZhrbjSBr1abI72ZtRDJRT0RoERTLJ6izbY9j
-----END CERTIFICATE-----