Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/fZ92HPQn8dlzJBHRG-csEZilpU8.roa
File:                     fZ92HPQn8dlzJBHRG-csEZilpU8.roa (raw, json)
Hash identifier:          0XT3NjTtBTZTLYk3b9vJYtNRjG+ozhCu1eSQsinc8bE=
Subject key identifier:   7D:9F:76:1C:F4:27:F1:D9:73:24:11:D1:1B:E7:2C:11:98:A5:A5:4F
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCEA3C428C0665F4A4FFB87E7993EA
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/fZ92HPQn8dlzJBHRG-csEZilpU8.roa
Signing time:             Tue 02 Jan 2024 10:34:10 +0000
ROA not before:           Tue 02 Jan 2024 10:34:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198535
IP address blocks:        2a0e:b107:1b00::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ea:3c:42:8c:06:65:f4:a4:ff:b8:7e:79:93:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d9f761cf427f1d9732411d11be72c1198a5a54f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:66:34:eb:73:ac:bb:5f:64:e7:47:c4:cf:6b:
                    10:a6:ae:1b:0b:a2:87:3e:d4:ec:2d:e8:75:19:63:
                    5d:9c:e8:43:d1:6d:88:4f:86:98:1e:cc:3a:9e:42:
                    56:50:44:ec:05:bc:45:d1:9e:24:96:13:17:53:70:
                    6a:a6:38:0a:23:cd:05:48:5b:3d:55:03:05:b8:df:
                    75:4c:c4:76:ba:10:c7:71:6a:43:b8:30:72:1c:5a:
                    ce:29:d1:57:30:b1:7b:f1:01:5d:14:f3:1d:7f:91:
                    02:d1:42:f0:8a:e4:37:24:12:2c:b8:23:8e:aa:17:
                    a2:c9:71:69:77:52:47:99:10:9b:23:2c:be:95:8d:
                    d3:06:67:02:44:cf:38:39:3c:48:f2:6e:25:05:8c:
                    74:c4:5a:f2:62:12:d1:e0:c9:b4:ff:b4:ac:54:5a:
                    5c:94:d3:64:2a:f6:c9:31:0e:c1:90:75:ed:4c:ba:
                    eb:e0:d3:e8:cc:1d:90:66:fe:da:d4:63:c4:75:75:
                    44:e7:85:7d:14:c0:f8:22:3e:d1:b1:6b:9d:a1:64:
                    aa:b7:82:63:1d:68:1a:a2:9c:24:c3:f5:ae:25:a2:
                    f2:2c:cc:60:c1:d7:aa:cb:34:68:b6:2c:be:31:f4:
                    1d:e7:83:28:04:7d:db:b6:94:1b:89:05:54:51:17:
                    d3:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:9F:76:1C:F4:27:F1:D9:73:24:11:D1:1B:E7:2C:11:98:A5:A5:4F
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/fZ92HPQn8dlzJBHRG-csEZilpU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1b00::/44

    Signature Algorithm: sha256WithRSAEncryption
         9d:7c:6a:ac:3e:19:25:c1:85:6c:07:e3:87:56:b4:87:0f:86:
         2e:d3:aa:e0:4b:b6:ee:95:29:25:ba:86:6f:cb:00:bd:44:c3:
         a5:85:a8:05:97:48:f7:68:e9:4e:02:a7:8e:1a:ab:c7:8d:f6:
         1b:74:a1:00:ee:79:e1:8e:fe:7c:6a:66:b7:d4:36:5a:39:f7:
         76:6f:d2:55:38:03:84:a7:bb:82:11:0a:e8:e6:a4:a7:da:48:
         93:93:bb:04:99:63:ba:37:8b:d2:13:5a:6a:df:9f:65:7e:7a:
         b8:cd:ef:c6:28:f0:3e:de:25:2e:3f:99:00:04:16:98:ca:5a:
         8f:90:80:87:25:59:80:ba:48:7b:ba:92:34:2b:27:b5:27:b7:
         2e:18:5d:d2:d1:c1:0b:44:35:ef:19:5f:e3:3a:4e:d9:e3:ec:
         db:7a:b2:50:16:42:f0:84:69:87:05:ce:34:78:0b:c8:fb:f8:
         d7:55:74:fb:4a:83:46:68:06:2a:43:9e:12:89:05:f1:61:4d:
         b4:36:48:4d:28:e0:d6:3a:92:c6:e7:70:6b:56:e5:f0:7c:e9:
         a8:02:b2:b1:c3:70:39:d0:8d:e8:0e:1b:79:4c:ba:86:97:b2:
         ed:9a:52:09:7c:e9:ac:61:b7:b4:88:68:db:31:ca:91:6b:0e:
         25:16:ea:d4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvOo8QowGZfSk/7h+eZPqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDlmNzYxY2Y0MjdmMWQ5NzMyNDExZDExYmU3MmMxMTk4YTVhNTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2Y063Osu19k50fEz2sQpq4bC6KH
PtTsLeh1GWNdnOhD0W2IT4aYHsw6nkJWUETsBbxF0Z4klhMXU3BqpjgKI80FSFs9
VQMFuN91TMR2uhDHcWpDuDByHFrOKdFXMLF78QFdFPMdf5EC0ULwiuQ3JBIsuCOO
qheiyXFpd1JHmRCbIyy+lY3TBmcCRM84OTxI8m4lBYx0xFryYhLR4Mm0/7SsVFpc
lNNkKvbJMQ7BkHXtTLrr4NPozB2QZv7a1GPEdXVE54V9FMD4Ij7RsWudoWSqt4Jj
HWgaopwkw/WuJaLyLMxgwdeqyzRotiy+MfQd54MoBH3btpQbiQVUURfTywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH2fdhz0J/HZcyQR0RvnLBGYpaVPMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZlo5MkhQUW44ZGx6SkJIUkctY3NFWmlscFU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxsA
MA0GCSqGSIb3DQEBCwUAA4IBAQCdfGqsPhklwYVsB+OHVrSHD4Yu06rgS7bulSkl
uoZvywC9RMOlhagFl0j3aOlOAqeOGqvHjfYbdKEA7nnhjv58ama31DZaOfd2b9JV
OAOEp7uCEQro5qSn2kiTk7sEmWO6N4vSE1pq359lfnq4ze/GKPA+3iUuP5kABBaY
ylqPkICHJVmAukh7upI0Kye1J7cuGF3S0cELRDXvGV/jOk7Z4+zberJQFkLwhGmH
Bc40eAvI+/jXVXT7SoNGaAYqQ54SiQXxYU20NkhNKODWOpLG53BrVuXwfOmoArKx
w3A50I3oDht5TLqGl7LtmlIJfOmsYbe0iGjbMcqRaw4lFurU
-----END CERTIFICATE-----