Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hOOLeoeCHOscUhfKgKkfaHG2mg8.roa
File:                     hOOLeoeCHOscUhfKgKkfaHG2mg8.roa (raw, json)
Hash identifier:          BMBv6CCM0vSi5Gwk2sEReqoJiZZG7YKU9o/bw4W5ToM=
Subject key identifier:   84:E3:8B:7A:87:82:1C:EB:1C:52:17:CA:80:A9:1F:68:71:B6:9A:0F
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCE7F5909468AD927BA1779D7ED5C6
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hOOLeoeCHOscUhfKgKkfaHG2mg8.roa
Signing time:             Tue 02 Jan 2024 10:34:09 +0000
ROA not before:           Tue 02 Jan 2024 10:34:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197963
IP address blocks:        2a06:de01:b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e7:f5:90:94:68:ad:92:7b:a1:77:9d:7e:d5:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84e38b7a87821ceb1c5217ca80a91f6871b69a0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:59:07:30:a1:c2:2a:c9:f8:8a:f7:7b:07:ce:
                    cc:81:79:d6:f0:71:9d:cd:d5:fc:79:b0:b4:3a:67:
                    c9:d2:cb:96:df:7a:f4:6d:0f:b3:bc:aa:5a:0d:d1:
                    c0:43:06:d4:e6:98:c3:dd:70:e0:03:e9:c8:7f:7a:
                    c0:1f:af:3a:44:e1:50:31:a8:24:c8:a7:14:ca:2e:
                    e9:ce:46:07:56:a2:b8:21:ee:71:9d:31:a7:c8:ea:
                    ed:eb:67:8b:3a:86:88:c0:a7:b9:34:ac:9f:66:00:
                    56:34:44:dc:14:4e:07:84:76:88:92:70:df:f3:a5:
                    4e:7b:47:f5:4e:ee:a0:7c:6e:ff:a8:5c:97:09:9b:
                    76:fb:3b:a5:f2:eb:45:ec:e8:b3:d3:61:4f:6e:55:
                    05:8e:ad:6d:a6:14:06:19:3f:2d:a6:33:89:0b:86:
                    98:79:11:60:2f:a7:84:da:d3:71:11:4f:9e:f1:eb:
                    c7:ef:2a:e5:29:4b:0b:7c:05:b6:de:97:31:ca:65:
                    ae:33:ff:c6:e9:ae:8e:af:71:90:02:4a:a0:56:e7:
                    89:07:55:73:ec:95:d8:59:0f:0f:51:72:af:04:63:
                    06:2c:df:a7:ca:4d:2d:16:de:e2:b8:88:3b:53:70:
                    04:c5:0f:47:9f:79:00:4a:f7:b5:cd:09:c5:c3:cb:
                    ee:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:E3:8B:7A:87:82:1C:EB:1C:52:17:CA:80:A9:1F:68:71:B6:9A:0F
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hOOLeoeCHOscUhfKgKkfaHG2mg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de01:b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         40:7c:91:9e:f1:85:07:55:28:24:72:7c:5a:d7:14:9b:a3:7e:
         74:93:b1:20:f1:21:6b:47:e4:cc:48:65:02:50:83:d8:b1:27:
         e3:49:ba:03:80:ef:20:94:ef:8b:69:5a:7b:e0:a2:f3:1a:cf:
         d3:fc:0c:d0:9f:0d:cc:85:62:82:6d:27:15:fb:16:9b:c1:05:
         16:80:d2:59:66:01:1f:e8:17:0b:15:ef:6d:c2:11:4a:02:f6:
         c6:54:a7:6c:6d:1b:37:1e:6d:7a:5c:6e:dc:39:b7:dd:c3:4d:
         4c:05:b9:19:7f:94:76:37:7e:3b:9f:6f:55:04:4b:00:0b:5c:
         9f:4f:ce:9d:36:a6:c3:31:a9:68:6e:1e:20:27:02:fd:03:77:
         60:88:da:11:1c:0e:ff:b4:a7:34:c7:0b:34:29:6d:f2:86:1a:
         ba:37:4b:01:ba:b9:39:3c:90:5e:16:0c:54:86:56:7e:fd:5e:
         95:fb:5d:30:6f:35:73:47:7b:95:3b:4c:62:b5:c4:63:39:0f:
         22:ea:13:d2:d2:04:2a:bf:22:c9:c1:37:58:af:56:fd:7f:58:
         3a:f7:e1:21:43:79:ae:93:d9:d7:a4:9c:7b:0d:09:5d:4b:54:
         46:3a:d3:a9:67:a9:b2:17:95:75:1e:1f:96:6e:79:be:2b:62:
         a9:2d:22:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvOf1kJRorZJ7oXedftXGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGUzOGI3YTg3ODIxY2ViMWM1MjE3Y2E4MGE5MWY2ODcxYjY5YTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVkHMKHCKsn4ivd7B87MgXnW8HGd
zdX8ebC0OmfJ0suW33r0bQ+zvKpaDdHAQwbU5pjD3XDgA+nIf3rAH686ROFQMagk
yKcUyi7pzkYHVqK4Ie5xnTGnyOrt62eLOoaIwKe5NKyfZgBWNETcFE4HhHaIknDf
86VOe0f1Tu6gfG7/qFyXCZt2+zul8utF7Oiz02FPblUFjq1tphQGGT8tpjOJC4aY
eRFgL6eE2tNxEU+e8evH7yrlKUsLfAW23pcxymWuM//G6a6Or3GQAkqgVueJB1Vz
7JXYWQ8PUXKvBGMGLN+nyk0tFt7iuIg7U3AExQ9Hn3kASve1zQnFw8vuXQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFITji3qHghzrHFIXyoCpH2hxtpoPMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvaE9PTGVvZUNIT3NjVWhmS2dLa2ZhSEcybWc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgbeAQCw
MA0GCSqGSIb3DQEBCwUAA4IBAQBAfJGe8YUHVSgkcnxa1xSbo350k7Eg8SFrR+TM
SGUCUIPYsSfjSboDgO8glO+LaVp74KLzGs/T/AzQnw3MhWKCbScV+xabwQUWgNJZ
ZgEf6BcLFe9twhFKAvbGVKdsbRs3Hm16XG7cObfdw01MBbkZf5R2N347n29VBEsA
C1yfT86dNqbDMalobh4gJwL9A3dgiNoRHA7/tKc0xws0KW3yhhq6N0sBurk5PJBe
FgxUhlZ+/V6V+10wbzVzR3uVO0xitcRjOQ8i6hPS0gQqvyLJwTdYr1b9f1g69+Eh
Q3muk9nXpJx7DQldS1RGOtOpZ6myF5V1Hh+Wbnm+K2KpLSKy
-----END CERTIFICATE-----