Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/gXI6OumMl1WCmtFf0nkGEamJDY4.roa
File:                     gXI6OumMl1WCmtFf0nkGEamJDY4.roa (raw, json)
Hash identifier:          RFQ9iL5yf4rt4E81oF1G8ZA7hR/f2Va7QGm5QtMcvpQ=
Subject key identifier:   81:72:3A:3A:E9:8C:97:55:82:9A:D1:5F:D2:79:06:11:A9:89:0D:8E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCC9FFB8E94C5408AF1B8BB8D8D213
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/gXI6OumMl1WCmtFf0nkGEamJDY4.roa
Signing time:             Tue 02 Jan 2024 10:34:02 +0000
ROA not before:           Tue 02 Jan 2024 10:34:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41732
IP address blocks:        2a0e:b107:820::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c9:ff:b8:e9:4c:54:08:af:1b:8b:b8:d8:d2:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81723a3ae98c9755829ad15fd2790611a9890d8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:61:20:db:37:e1:3a:ef:28:30:66:3e:b6:45:
                    d7:d8:0a:05:55:fa:c1:b2:04:6e:1f:49:21:e8:ff:
                    04:c5:ca:29:50:51:bc:f4:15:3b:07:5e:a7:90:82:
                    45:f6:57:f3:16:8f:69:72:e0:97:6e:ea:08:cd:5e:
                    be:57:9e:ad:6e:f2:97:c1:5b:de:94:8b:2a:4c:f2:
                    18:02:4c:10:81:1a:63:ce:71:5e:94:5f:28:ed:44:
                    5f:73:6d:5c:46:f3:3b:bd:dc:34:35:63:35:bb:5e:
                    1b:9b:67:6d:9c:38:4f:37:6e:7f:5b:57:4b:56:bd:
                    65:be:e4:cf:a2:c7:c8:b6:bc:0a:0c:79:3f:c7:02:
                    69:17:ad:fa:37:49:06:ce:82:d2:57:9c:99:7d:27:
                    7e:dc:29:ed:21:ac:85:08:d2:6a:30:84:b9:fa:e3:
                    ac:32:df:ed:32:8f:73:4c:35:5a:ab:a6:13:17:70:
                    f3:d6:a1:77:6e:26:6b:1a:b2:32:84:fe:a0:fd:95:
                    11:13:45:91:b0:7d:69:6d:ac:03:29:3f:bd:5f:50:
                    1a:de:76:88:3e:4e:34:1a:e1:b9:2f:f2:15:77:a3:
                    e8:33:07:7f:6e:37:a9:f2:88:87:56:31:02:ac:04:
                    d2:33:2e:bd:f4:be:71:96:b4:a4:4d:7e:ba:88:1d:
                    61:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:72:3A:3A:E9:8C:97:55:82:9A:D1:5F:D2:79:06:11:A9:89:0D:8E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/gXI6OumMl1WCmtFf0nkGEamJDY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:820::/44

    Signature Algorithm: sha256WithRSAEncryption
         5d:2b:62:29:e1:64:6c:59:89:a2:c7:8d:35:71:8c:d9:b0:9d:
         c7:4b:7e:05:61:df:5a:4a:89:26:bd:83:8a:17:0a:28:73:f3:
         b8:69:a2:5b:81:a9:ee:1a:52:ac:94:02:ec:ed:7b:3a:88:e4:
         0b:f7:de:5e:43:01:ac:56:e9:1a:fd:cb:e7:5f:14:8b:00:dd:
         64:3d:b1:55:06:4d:b6:3b:a7:e2:42:bb:82:cd:eb:f3:a1:d0:
         8c:69:33:ed:49:0b:b0:9c:d2:96:63:db:c8:04:6d:fb:24:66:
         af:ee:4d:62:96:69:7d:0b:65:f0:38:96:39:f6:ed:c2:bc:29:
         9a:fc:67:9b:50:16:c7:0d:ae:48:d6:53:41:b3:5b:1a:c6:82:
         51:4d:78:3a:59:3e:67:1e:fd:02:ba:83:e0:3f:3e:e5:4b:f3:
         5f:18:dc:04:74:4b:4e:b9:84:9a:37:d1:aa:1c:42:4e:88:c2:
         60:4e:ba:7d:e4:cb:9f:e2:ca:76:00:46:7c:dc:db:df:ca:60:
         75:cc:26:d4:e8:3a:37:71:c9:30:9a:c5:c8:19:0e:e5:43:15:
         c1:43:9a:89:d1:4c:67:a5:b7:ed:b0:52:67:5b:6a:ee:10:4c:
         66:b2:de:b2:fc:f8:fa:cc:4e:91:36:53:c8:da:1f:c2:49:db:
         35:15:35:2f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvMn/uOlMVAivG4u42NITMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTcyM2EzYWU5OGM5NzU1ODI5YWQxNWZkMjc5MDYxMWE5ODkwZDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGEg2zfhOu8oMGY+tkXX2AoFVfrB
sgRuH0kh6P8ExcopUFG89BU7B16nkIJF9lfzFo9pcuCXbuoIzV6+V56tbvKXwVve
lIsqTPIYAkwQgRpjznFelF8o7URfc21cRvM7vdw0NWM1u14bm2dtnDhPN25/W1dL
Vr1lvuTPosfItrwKDHk/xwJpF636N0kGzoLSV5yZfSd+3CntIayFCNJqMIS5+uOs
Mt/tMo9zTDVaq6YTF3Dz1qF3biZrGrIyhP6g/ZURE0WRsH1pbawDKT+9X1Aa3naI
Pk40GuG5L/IVd6PoMwd/bjep8oiHVjECrATSMy699L5xlrSkTX66iB1h6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIFyOjrpjJdVgprRX9J5BhGpiQ2OMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZ1hJNk91bU1sMVdDbXRGZjBua0dFYW1KRFk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBwgg
MA0GCSqGSIb3DQEBCwUAA4IBAQBdK2Ip4WRsWYmix401cYzZsJ3HS34FYd9aSokm
vYOKFwooc/O4aaJbganuGlKslALs7Xs6iOQL995eQwGsVuka/cvnXxSLAN1kPbFV
Bk22O6fiQruCzevzodCMaTPtSQuwnNKWY9vIBG37JGav7k1ilml9C2XwOJY59u3C
vCma/GebUBbHDa5I1lNBs1saxoJRTXg6WT5nHv0CuoPgPz7lS/NfGNwEdEtOuYSa
N9GqHEJOiMJgTrp95Muf4sp2AEZ83NvfymB1zCbU6Do3cckwmsXIGQ7lQxXBQ5qJ
0UxnpbftsFJnW2ruEExmst6y/Pj6zE6RNlPI2h/CSds1FTUv
-----END CERTIFICATE-----