Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/flvOwYHt6rawYYRbSvAbPZncs4A.roa
File:                     flvOwYHt6rawYYRbSvAbPZncs4A.roa (raw, json)
Hash identifier:          FDJEhBfUmmIb9JsK/Bvr66hU1AJqM7/qLADBug5ucio=
Subject key identifier:   7E:5B:CE:C1:81:ED:EA:B6:B0:61:84:5B:4A:F0:1B:3D:99:DC:B3:80
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD129D1C959969321D427C22AC3016
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/flvOwYHt6rawYYRbSvAbPZncs4A.roa
Signing time:             Tue 02 Jan 2024 10:34:20 +0000
ROA not before:           Tue 02 Jan 2024 10:34:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207401
IP address blocks:        2a0e:b107:4e0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:12:9d:1c:95:99:69:32:1d:42:7c:22:ac:30:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e5bcec181edeab6b061845b4af01b3d99dcb380
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7e:41:83:1e:aa:a8:35:e4:dd:3f:96:7f:b2:
                    93:91:ee:32:3b:f2:46:8f:dc:47:94:74:c3:ba:13:
                    47:a1:f8:7b:af:9e:2d:a1:9f:45:11:e7:b5:3d:51:
                    de:3d:40:c0:04:ea:3c:77:f5:76:49:80:f3:95:c4:
                    0f:3d:3c:dc:84:40:0e:75:68:9f:24:ee:d4:3c:43:
                    0f:e5:4a:5f:bf:3b:80:d8:9f:e0:20:55:34:17:e3:
                    16:73:d8:50:b4:05:1d:ae:9a:74:0b:1f:73:73:2d:
                    31:8a:46:97:a6:f4:49:13:65:26:f3:6a:37:f6:38:
                    36:27:59:74:d7:4e:97:ec:6c:05:b2:e9:95:a4:28:
                    39:51:97:06:16:01:94:30:6a:9b:cd:39:3b:51:1d:
                    a1:a0:82:b1:e1:bb:56:69:77:20:f0:5f:bb:7c:e2:
                    f4:af:f9:c6:35:aa:f4:14:35:3d:a9:3d:60:ac:d2:
                    31:b9:e7:9b:fa:5a:52:c8:43:85:c4:a4:46:42:44:
                    82:2b:4c:98:38:31:c3:95:8b:b4:4d:be:c7:8a:3b:
                    b1:25:ab:9c:bf:6e:fb:94:4e:82:39:7f:5f:5d:27:
                    da:5d:f1:82:ee:b9:73:92:0e:6d:36:1b:8c:0b:e9:
                    c3:b3:6a:12:12:98:13:44:bb:70:ca:0c:64:c9:7a:
                    02:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:5B:CE:C1:81:ED:EA:B6:B0:61:84:5B:4A:F0:1B:3D:99:DC:B3:80
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/flvOwYHt6rawYYRbSvAbPZncs4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:4e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:4e:af:7a:81:c1:72:29:23:e1:8e:03:73:ba:85:05:41:2e:
         24:66:47:b2:42:f9:7a:28:fd:3d:e1:3c:3c:1d:9e:50:24:7a:
         4c:3b:22:4c:8f:39:e5:37:a9:f6:78:b0:e9:0e:92:b4:24:a0:
         82:87:c7:f6:05:26:36:69:e2:9d:c2:93:63:31:e5:86:61:9e:
         4a:34:ce:aa:ab:b8:65:fe:0e:11:05:ea:3a:3e:f2:e3:e6:ab:
         e6:ba:3d:3a:bf:fd:e7:79:ba:c2:f2:6b:b1:f7:a1:42:c3:84:
         51:b4:1b:91:35:2e:33:20:59:01:13:bd:95:b2:23:51:15:70:
         1f:27:fe:f2:59:1f:79:97:20:1f:8c:3c:78:93:3a:ef:38:b0:
         60:e9:01:99:fb:8e:14:4d:2e:60:3c:0b:3f:1c:a7:76:60:b3:
         b9:c6:79:90:04:ee:0a:73:2e:4f:dd:9a:ca:08:17:b9:97:7e:
         7f:db:96:a1:7e:2f:3c:36:e4:9f:65:cc:cc:87:14:34:47:aa:
         39:43:49:56:15:af:51:1a:7f:e3:47:4f:9a:d1:39:d3:d9:1f:
         59:99:70:fb:e5:27:c7:6e:17:71:0f:05:e3:6c:65:63:3c:2e:
         00:ef:bc:5d:52:88:40:11:74:3f:3e:26:83:dd:98:0a:3c:d1:
         de:82:aa:df
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvRKdHJWZaTIdQnwirDAWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTViY2VjMTgxZWRlYWI2YjA2MTg0NWI0YWYwMWIzZDk5ZGNiMzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn35Bgx6qqDXk3T+Wf7KTke4yO/JG
j9xHlHTDuhNHofh7r54toZ9FEee1PVHePUDABOo8d/V2SYDzlcQPPTzchEAOdWif
JO7UPEMP5UpfvzuA2J/gIFU0F+MWc9hQtAUdrpp0Cx9zcy0xikaXpvRJE2Um82o3
9jg2J1l0106X7GwFsumVpCg5UZcGFgGUMGqbzTk7UR2hoIKx4btWaXcg8F+7fOL0
r/nGNar0FDU9qT1grNIxueeb+lpSyEOFxKRGQkSCK0yYODHDlYu0Tb7HijuxJauc
v277lE6COX9fXSfaXfGC7rlzkg5tNhuMC+nDs2oSEpgTRLtwygxkyXoCwQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH5bzsGB7eq2sGGEW0rwGz2Z3LOAMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZmx2T3dZSHQ2cmF3WVlSYlN2QWJQWm5jczRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBwTg
MA0GCSqGSIb3DQEBCwUAA4IBAQBvTq96gcFyKSPhjgNzuoUFQS4kZkeyQvl6KP09
4Tw8HZ5QJHpMOyJMjznlN6n2eLDpDpK0JKCCh8f2BSY2aeKdwpNjMeWGYZ5KNM6q
q7hl/g4RBeo6PvLj5qvmuj06v/3nebrC8mux96FCw4RRtBuRNS4zIFkBE72VsiNR
FXAfJ/7yWR95lyAfjDx4kzrvOLBg6QGZ+44UTS5gPAs/HKd2YLO5xnmQBO4Kcy5P
3ZrKCBe5l35/25ahfi88NuSfZczMhxQ0R6o5Q0lWFa9RGn/jR0+a0TnT2R9ZmXD7
5SfHbhdxDwXjbGVjPC4A77xdUohAEXQ/PiaD3ZgKPNHegqrf
-----END CERTIFICATE-----