Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/fJ0gULjW0a0AJzcHB23lRw4BMSU.roa
File:                     fJ0gULjW0a0AJzcHB23lRw4BMSU.roa (raw, json)
Hash identifier:          6ZY09Z6n3TeP+ydx1HBLfJ6/2mtiKfF/bPrdADNerXs=
Subject key identifier:   7C:9D:20:50:B8:D6:D1:AD:00:27:37:07:07:6D:E5:47:0E:01:31:25
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD3A66159FA8F156DD8A69E1B0A049
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/fJ0gULjW0a0AJzcHB23lRw4BMSU.roa
Signing time:             Tue 02 Jan 2024 10:34:30 +0000
ROA not before:           Tue 02 Jan 2024 10:34:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211685
IP address blocks:        2a0e:97c0:250::/44 maxlen: 48
                          2a0e:97c0:250::/48 maxlen: 48
                          2a0e:97c0:251::/48 maxlen: 48
                          2a0e:97c0:252::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:3a:66:15:9f:a8:f1:56:dd:8a:69:e1:b0:a0:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c9d2050b8d6d1ad00273707076de5470e013125
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:64:ae:09:0d:be:0c:67:df:dc:a3:02:06:bc:
                    09:d9:ea:90:13:95:90:34:17:04:15:bc:c8:09:da:
                    2f:8c:20:e2:5f:78:09:9c:40:55:ec:a0:f9:3c:f8:
                    83:00:05:97:fb:73:0b:b5:16:bf:97:7f:c0:49:3d:
                    69:22:9b:20:fc:8d:2f:ca:85:99:c4:23:64:a4:18:
                    db:4d:70:3f:c7:a4:8f:d2:34:47:9f:5a:ba:26:7a:
                    79:6e:2f:a9:dc:c2:36:61:e4:36:05:da:0f:f8:2e:
                    35:99:1f:4b:7f:c7:f9:1c:52:9c:75:20:e1:c1:79:
                    16:63:8a:bd:89:6a:89:bc:79:96:c0:3c:52:47:94:
                    68:10:75:b0:93:34:5c:c5:59:5e:f7:be:92:cf:16:
                    06:ba:60:27:bc:a7:9d:13:01:d5:18:ab:f9:66:f8:
                    66:4c:a0:be:d6:64:74:80:bd:09:e3:d4:11:78:3b:
                    65:45:37:69:79:d2:4f:4a:1d:5b:fd:cd:93:98:ee:
                    e9:0f:8c:70:ca:e6:7b:69:f9:67:3e:fb:dc:71:60:
                    87:83:1f:2e:25:9c:31:4e:fa:6b:0a:42:0c:1c:48:
                    1a:ad:43:63:c9:b0:eb:0f:db:00:95:33:97:76:15:
                    93:33:24:46:4f:50:1c:6f:d5:e1:17:70:47:b4:5c:
                    c3:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:9D:20:50:B8:D6:D1:AD:00:27:37:07:07:6D:E5:47:0E:01:31:25
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/fJ0gULjW0a0AJzcHB23lRw4BMSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:250::/44

    Signature Algorithm: sha256WithRSAEncryption
         28:4d:fd:ad:7d:8b:c8:72:45:97:a7:7a:39:45:96:98:fa:e1:
         01:0f:7c:a3:ce:aa:97:30:14:d2:12:fb:f8:ba:01:8e:36:9e:
         57:2b:b3:9e:3d:97:82:a2:f6:a6:bc:1e:69:70:d6:5b:e8:6c:
         29:05:3a:04:b6:24:a7:89:9e:06:70:db:a2:9d:34:22:c1:2b:
         a9:f3:de:38:7f:46:90:c9:91:e1:86:19:5f:27:06:ad:98:75:
         e4:db:9e:f6:5c:20:7a:57:ed:27:86:9d:64:54:4f:cf:f3:29:
         76:a7:82:33:07:3b:23:7e:db:e7:22:06:33:60:c4:a7:ab:47:
         5b:80:d9:2e:0d:8a:91:2f:3e:5a:4a:4f:78:cb:24:b0:88:a4:
         63:71:43:e1:df:59:03:f7:c0:8c:72:a6:cd:51:6e:8c:b7:c7:
         16:e9:b7:05:bc:e3:ee:32:cd:e3:a5:e3:2f:6e:c0:ac:22:3a:
         7e:05:cb:db:5b:72:98:c7:30:b9:c4:22:43:e5:22:cd:9b:fb:
         0b:54:3c:54:fe:42:56:dd:6a:f9:3d:a6:fe:f0:20:c5:b7:0c:
         c1:b0:1b:0b:9a:ac:fb:da:88:84:ef:00:fe:a3:50:ea:15:f6:
         a7:2b:2b:c8:1e:1b:04:86:89:3c:59:83:2c:ea:5b:b4:35:2b:
         15:23:16:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvTpmFZ+o8VbdimnhsKBJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzlkMjA1MGI4ZDZkMWFkMDAyNzM3MDcwNzZkZTU0NzBlMDEzMTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGSuCQ2+DGff3KMCBrwJ2eqQE5WQ
NBcEFbzICdovjCDiX3gJnEBV7KD5PPiDAAWX+3MLtRa/l3/AST1pIpsg/I0vyoWZ
xCNkpBjbTXA/x6SP0jRHn1q6Jnp5bi+p3MI2YeQ2BdoP+C41mR9Lf8f5HFKcdSDh
wXkWY4q9iWqJvHmWwDxSR5RoEHWwkzRcxVle976SzxYGumAnvKedEwHVGKv5Zvhm
TKC+1mR0gL0J49QReDtlRTdpedJPSh1b/c2TmO7pD4xwyuZ7aflnPvvccWCHgx8u
JZwxTvprCkIMHEgarUNjybDrD9sAlTOXdhWTMyRGT1Acb9XhF3BHtFzDNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHydIFC41tGtACc3Bwdt5UcOATElMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZkowZ1VMalcwYTBBSnpjSEIyM2xSdzRCTVNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAJQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAoTf2tfYvIckWXp3o5RZaY+uEBD3yjzqqXMBTS
Evv4ugGONp5XK7OePZeCovamvB5pcNZb6GwpBToEtiSniZ4GcNuinTQiwSup8944
f0aQyZHhhhlfJwatmHXk2572XCB6V+0nhp1kVE/P8yl2p4IzBzsjftvnIgYzYMSn
q0dbgNkuDYqRLz5aSk94yySwiKRjcUPh31kD98CMcqbNUW6Mt8cW6bcFvOPuMs3j
peMvbsCsIjp+BcvbW3KYxzC5xCJD5SLNm/sLVDxU/kJW3Wr5Pab+8CDFtwzBsBsL
mqz72oiE7wD+o1DqFfanKyvIHhsEhok8WYMs6lu0NSsVIxbt
-----END CERTIFICATE-----