Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/g4kMhUceHdGzdhnobDm6ShNmBxk.roa
File:                     g4kMhUceHdGzdhnobDm6ShNmBxk.roa (raw, json)
Hash identifier:          dyRGknkh4b2jRlXPfzEfHcl/z/MimBm+Ji2Ye20pYk4=
Subject key identifier:   83:89:0C:85:47:1E:1D:D1:B3:76:19:E8:6C:39:BA:4A:13:66:07:19
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD4622BC31C5AE7B86039FE3A960B3
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/g4kMhUceHdGzdhnobDm6ShNmBxk.roa
Signing time:             Tue 02 Jan 2024 10:34:33 +0000
ROA not before:           Tue 02 Jan 2024 10:34:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212514
IP address blocks:        2a0e:b107:f0::/47 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:46:22:bc:31:c5:ae:7b:86:03:9f:e3:a9:60:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83890c85471e1dd1b37619e86c39ba4a13660719
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c7:4e:44:dd:38:cf:9f:40:93:67:b6:5b:6e:
                    58:71:3d:b4:a0:da:dd:0e:97:ae:e0:ee:5b:0b:26:
                    13:74:e5:84:2f:55:9e:14:b4:fb:d8:03:db:fd:b0:
                    47:e5:d0:ee:d1:36:60:30:29:a4:60:fb:41:f0:d6:
                    8e:cc:ab:86:8a:22:73:8a:20:77:cd:a3:9e:a5:d6:
                    3f:f8:62:d8:f5:c7:67:aa:b7:e2:56:7a:32:dc:ea:
                    28:45:e4:57:a9:63:1b:43:24:9a:4f:c4:50:d7:e4:
                    35:fc:ec:23:61:42:53:80:3c:e0:76:bd:2c:5b:5a:
                    ba:24:91:4c:39:24:a6:52:29:0a:3a:4e:68:c7:48:
                    a7:a2:c1:95:76:62:66:14:b2:28:da:a9:6e:12:fe:
                    bd:bd:44:49:14:3c:d6:c9:70:26:e5:47:61:6a:21:
                    be:9a:39:2e:9b:fc:20:6a:e5:1d:20:d0:3b:7a:92:
                    f6:9c:a4:56:e3:77:5d:bf:a0:3e:d3:0e:ae:7c:b7:
                    dc:db:63:f2:e8:e0:53:19:13:06:cf:80:14:95:79:
                    e2:4c:44:ed:56:63:88:2f:c5:49:d0:2f:b1:a0:41:
                    fe:6c:25:8c:a6:cd:6c:b0:72:d8:79:9c:1a:53:40:
                    d8:eb:a1:0d:5b:9f:85:ab:c2:c0:6a:24:3b:a7:ab:
                    6a:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:89:0C:85:47:1E:1D:D1:B3:76:19:E8:6C:39:BA:4A:13:66:07:19
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/g4kMhUceHdGzdhnobDm6ShNmBxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:f0::/47

    Signature Algorithm: sha256WithRSAEncryption
         c6:f6:79:ba:bf:95:78:36:02:f4:5b:ab:01:2d:79:42:94:e4:
         81:28:ec:03:26:fc:b8:54:cf:84:8c:bc:16:b7:92:99:14:2e:
         a4:6f:e3:ce:17:0b:c5:fb:13:96:04:3c:0d:86:dd:38:d3:72:
         27:e3:a9:ea:dc:f2:d5:93:0c:32:92:8d:52:ff:41:a8:5d:bf:
         e8:f8:68:68:40:00:1e:64:e3:92:bf:fe:f7:1a:36:79:65:b0:
         db:ba:c6:b2:1f:67:3d:fd:b5:ee:7d:aa:a5:28:9f:52:99:36:
         11:45:0b:0e:04:3c:ef:74:1f:5e:a4:9b:2a:38:76:46:e6:64:
         d9:11:31:98:f5:a3:4a:8c:04:44:39:20:e6:73:64:84:f5:bd:
         40:90:70:62:4a:26:ee:5d:2f:b8:6d:7b:5e:14:3c:7c:ca:6a:
         06:dc:67:d0:aa:59:14:ce:1c:c1:66:26:3d:b0:99:77:f6:e5:
         94:43:33:28:cb:57:a0:3f:ab:f0:24:9a:e5:b6:95:ef:09:77:
         a5:c1:95:3d:e4:2b:2b:4d:60:83:f3:db:28:a8:06:38:75:54:
         43:95:b7:92:51:6b:88:df:6d:71:2b:45:3e:8d:71:01:de:46:
         8a:cf:76:88:ee:22:19:7b:04:09:7a:d1:4f:40:a7:a7:15:71:
         74:30:33:fc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvUYivDHFrnuGA5/jqWCzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Mzg5MGM4NTQ3MWUxZGQxYjM3NjE5ZTg2YzM5YmE0YTEzNjYwNzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsdORN04z59Ak2e2W25YcT20oNrd
Dpeu4O5bCyYTdOWEL1WeFLT72APb/bBH5dDu0TZgMCmkYPtB8NaOzKuGiiJziiB3
zaOepdY/+GLY9cdnqrfiVnoy3OooReRXqWMbQySaT8RQ1+Q1/OwjYUJTgDzgdr0s
W1q6JJFMOSSmUikKOk5ox0inosGVdmJmFLIo2qluEv69vURJFDzWyXAm5UdhaiG+
mjkum/wgauUdINA7epL2nKRW43ddv6A+0w6ufLfc22Py6OBTGRMGz4AUlXniTETt
VmOIL8VJ0C+xoEH+bCWMps1ssHLYeZwaU0DY66ENW5+Fq8LAaiQ7p6tq3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIOJDIVHHh3Rs3YZ6Gw5ukoTZgcZMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZzRrTWhVY2VIZEd6ZGhub2JEbTZTaE5tQnhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKg6xBwDw
MA0GCSqGSIb3DQEBCwUAA4IBAQDG9nm6v5V4NgL0W6sBLXlClOSBKOwDJvy4VM+E
jLwWt5KZFC6kb+POFwvF+xOWBDwNht0403In46nq3PLVkwwyko1S/0GoXb/o+Gho
QAAeZOOSv/73GjZ5ZbDbusayH2c9/bXufaqlKJ9SmTYRRQsOBDzvdB9epJsqOHZG
5mTZETGY9aNKjAREOSDmc2SE9b1AkHBiSibuXS+4bXteFDx8ymoG3GfQqlkUzhzB
ZiY9sJl39uWUQzMoy1egP6vwJJrltpXvCXelwZU95CsrTWCD89soqAY4dVRDlbeS
UWuI321xK0U+jXEB3kaKz3aI7iIZewQJetFPQKenFXF0MDP8
-----END CERTIFICATE-----