Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hb4v6Rs8igB4q5Y4OZWkJUYdtn8.roa
File:                     hb4v6Rs8igB4q5Y4OZWkJUYdtn8.roa (raw, json)
Hash identifier:          ts2shFuyDoePLu8ThvXfStUFiKQZWx/OJimlB38F1J4=
Subject key identifier:   85:BE:2F:E9:1B:3C:8A:00:78:AB:96:38:39:95:A4:25:46:1D:B6:7F
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD0EECCDF830A29E4845B100B8B117
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hb4v6Rs8igB4q5Y4OZWkJUYdtn8.roa
Signing time:             Tue 02 Jan 2024 10:34:19 +0000
ROA not before:           Tue 02 Jan 2024 10:34:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205740
IP address blocks:        2a0e:97c0:a60::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:0e:ec:cd:f8:30:a2:9e:48:45:b1:00:b8:b1:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=85be2fe91b3c8a0078ab96383995a425461db67f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:14:46:89:66:7c:99:cd:af:ef:f1:c0:da:99:
                    42:33:48:a4:81:fa:05:a0:87:c3:5d:54:0b:85:ef:
                    2e:f7:ca:17:87:aa:e3:59:a6:9b:9d:bb:aa:b8:3d:
                    9c:a5:f4:11:47:e2:57:33:71:cd:e1:54:b4:75:f1:
                    5c:f0:34:09:f3:2e:61:33:57:72:7e:d2:ce:71:c8:
                    d1:f9:67:f9:39:f5:4a:44:f6:ea:21:fa:1e:79:56:
                    ca:c5:07:d8:c2:4b:45:72:51:2b:b0:0b:09:c8:17:
                    0b:3e:2e:e0:e9:dc:97:0a:83:58:b0:84:e8:e5:26:
                    3d:40:90:a2:8d:2f:1a:15:2b:5d:13:74:66:bc:70:
                    97:9c:29:90:54:a2:3d:2e:ce:89:a6:89:16:49:da:
                    70:5e:8e:c5:97:73:39:7f:10:c2:03:a8:c5:90:ad:
                    6b:2c:2f:f4:ec:3b:eb:0b:5a:57:ad:d2:4b:53:2b:
                    84:d6:13:e9:c1:55:96:dd:43:4e:26:5b:1d:3d:7a:
                    9a:b6:55:f4:94:52:7c:c1:3d:5a:2a:52:54:c1:60:
                    65:c6:fe:a1:7c:e9:81:73:96:84:a1:83:c5:f1:3c:
                    e1:50:c1:67:db:4c:8e:a5:1c:7e:0d:1e:60:68:09:
                    d4:a1:94:20:82:bd:c9:75:68:87:d6:b9:ac:78:0b:
                    04:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:BE:2F:E9:1B:3C:8A:00:78:AB:96:38:39:95:A4:25:46:1D:B6:7F
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hb4v6Rs8igB4q5Y4OZWkJUYdtn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:a60::/44

    Signature Algorithm: sha256WithRSAEncryption
         29:8a:98:8c:32:fc:fd:63:8a:15:82:b1:1f:1c:38:d6:d5:84:
         94:37:72:04:e8:ef:6a:df:0b:b5:4b:55:67:60:a3:4d:17:73:
         c1:ea:de:ba:25:82:57:c5:f4:1c:92:7d:b6:dc:f5:58:19:51:
         d5:27:ef:ba:9f:b6:68:ec:11:c2:53:2f:df:cd:ef:6e:f9:61:
         bb:c1:f2:1f:55:59:79:f7:f2:4f:64:9e:76:9a:28:be:e7:82:
         00:10:e6:1a:db:bc:5a:e6:8c:47:4c:ea:84:65:e7:64:ba:8b:
         6a:1f:95:92:59:90:6a:bf:d5:9c:1d:6f:b5:06:2b:18:87:0f:
         70:c3:09:2e:7c:14:53:23:20:b1:b5:0e:de:fc:94:77:4d:06:
         67:e8:6f:95:c5:a6:b3:05:df:80:6e:8d:d8:98:a7:ec:31:1b:
         f9:ce:80:f0:a9:7a:6e:30:7f:09:94:35:9b:6c:16:43:f1:6c:
         37:d4:50:7a:ba:b0:81:0a:d6:a9:bf:13:72:33:ce:16:4d:5b:
         69:64:90:b7:0c:89:b3:f8:26:14:45:51:50:8a:2c:ba:9b:4d:
         95:50:e5:54:9a:ac:88:fc:87:51:50:b1:1a:44:ea:cb:60:13:
         4e:de:8f:61:bd:26:5c:88:06:87:21:39:7c:e4:70:1d:96:c0:
         6e:ae:ff:4e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvQ7szfgwop5IRbEAuLEXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWJlMmZlOTFiM2M4YTAwNzhhYjk2MzgzOTk1YTQyNTQ2MWRiNjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRRGiWZ8mc2v7/HA2plCM0ikgfoF
oIfDXVQLhe8u98oXh6rjWaabnbuquD2cpfQRR+JXM3HN4VS0dfFc8DQJ8y5hM1dy
ftLOccjR+Wf5OfVKRPbqIfoeeVbKxQfYwktFclErsAsJyBcLPi7g6dyXCoNYsITo
5SY9QJCijS8aFStdE3RmvHCXnCmQVKI9Ls6JpokWSdpwXo7Fl3M5fxDCA6jFkK1r
LC/07DvrC1pXrdJLUyuE1hPpwVWW3UNOJlsdPXqatlX0lFJ8wT1aKlJUwWBlxv6h
fOmBc5aEoYPF8TzhUMFn20yOpRx+DR5gaAnUoZQggr3JdWiH1rmseAsEBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIW+L+kbPIoAeKuWODmVpCVGHbZ/MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvaGI0djZSczhpZ0I0cTVZNE9aV2tKVVlkdG44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwApg
MA0GCSqGSIb3DQEBCwUAA4IBAQApipiMMvz9Y4oVgrEfHDjW1YSUN3IE6O9q3wu1
S1VnYKNNF3PB6t66JYJXxfQckn223PVYGVHVJ++6n7Zo7BHCUy/fze9u+WG7wfIf
VVl59/JPZJ52mii+54IAEOYa27xa5oxHTOqEZedkuotqH5WSWZBqv9WcHW+1BisY
hw9wwwkufBRTIyCxtQ7e/JR3TQZn6G+VxaazBd+Abo3YmKfsMRv5zoDwqXpuMH8J
lDWbbBZD8Ww31FB6urCBCtapvxNyM84WTVtpZJC3DImz+CYURVFQiiy6m02VUOVU
mqyI/IdRULEaROrLYBNO3o9hvSZciAaHITl85HAdlsBurv9O
-----END CERTIFICATE-----