Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/iNFu8oy1si5OSsB9vlXaUdHeeI0.roa
File:                     iNFu8oy1si5OSsB9vlXaUdHeeI0.roa (raw, json)
Hash identifier:          C7Dwpcoeakbq8UU5lkK+CFzZ9TnVFKW+GPZsBcMFLLc=
Subject key identifier:   88:D1:6E:F2:8C:B5:B2:2E:4E:4A:C0:7D:BE:55:DA:51:D1:DE:78:8D
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCC241F1D6628568EC342D8DAC3D18
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/iNFu8oy1si5OSsB9vlXaUdHeeI0.roa
Signing time:             Tue 02 Jan 2024 10:34:00 +0000
ROA not before:           Tue 02 Jan 2024 10:34:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     18041
IP address blocks:        2a0e:b107:1310::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c2:41:f1:d6:62:85:68:ec:34:2d:8d:ac:3d:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88d16ef28cb5b22e4e4ac07dbe55da51d1de788d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:17:38:da:de:78:ef:03:31:2f:e0:b0:85:1f:
                    49:72:0f:a5:77:0b:2e:3a:b0:93:e1:0d:47:aa:ea:
                    7d:b7:25:1d:62:3a:09:d9:42:a1:69:ba:2f:a6:95:
                    83:9f:8f:9c:19:be:a1:c6:f2:8b:f2:71:ce:24:60:
                    e3:14:67:d9:8e:34:7c:a5:fc:15:48:1d:6e:79:fd:
                    02:ea:ad:78:57:11:62:22:62:34:6b:c2:92:98:ce:
                    05:8d:3b:bb:1d:e5:01:4e:d4:dc:27:b7:70:fe:39:
                    a9:30:52:33:2e:97:03:d2:e3:3d:b4:dc:ea:89:0c:
                    06:53:5a:df:14:e6:eb:3c:05:b5:59:52:91:fd:30:
                    aa:de:fc:b8:4f:e1:98:0e:c5:2c:1c:03:c7:e6:fd:
                    c0:7e:ee:22:9c:72:bc:b0:77:36:3a:b9:b1:96:ae:
                    23:98:7a:9f:05:fb:4f:5e:5c:19:17:58:86:a5:cc:
                    af:43:51:28:ba:3a:17:96:24:67:c7:d9:ee:0b:43:
                    9f:d4:05:c5:a0:43:19:c2:af:7d:33:70:3d:1a:19:
                    cc:85:97:ab:7b:f6:78:ee:cf:18:86:0c:34:24:dd:
                    94:35:f5:f4:23:61:b9:28:27:c8:da:b2:6b:af:bc:
                    49:26:4c:83:f6:1c:c7:ae:23:42:8d:de:74:72:8c:
                    97:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:D1:6E:F2:8C:B5:B2:2E:4E:4A:C0:7D:BE:55:DA:51:D1:DE:78:8D
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/iNFu8oy1si5OSsB9vlXaUdHeeI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1310::/44

    Signature Algorithm: sha256WithRSAEncryption
         c0:ba:51:07:c6:b2:bd:dc:f5:b3:84:b6:68:23:f2:c1:5f:39:
         e0:9a:88:03:d1:d7:af:26:b0:df:d3:3a:ac:9e:2a:ef:32:02:
         d7:4f:10:56:0d:33:73:14:19:eb:6e:b4:1a:64:37:10:f2:21:
         21:57:38:6a:ff:be:61:99:7d:9d:f9:5b:c7:14:0e:94:65:ca:
         d5:4f:03:1a:6d:e8:c2:7d:72:8f:bb:2d:17:43:bb:26:78:70:
         d5:8d:ea:17:80:cb:aa:6e:af:f4:34:8a:c7:be:c5:34:07:06:
         bc:31:3c:71:83:70:6d:2c:5a:51:53:d8:e7:6c:ea:d3:6c:5d:
         04:0b:2c:fe:74:b4:66:c5:af:94:5f:63:0c:66:7c:09:af:97:
         18:cf:8c:12:e5:22:ef:d3:7d:2a:7c:b1:fa:ad:73:0f:b7:ca:
         c6:01:1a:d3:e9:e3:a4:97:1c:2e:5c:34:43:b3:20:58:53:70:
         bf:08:93:cb:24:ae:aa:27:23:2c:20:6f:67:d6:e9:2e:c4:7a:
         86:87:d3:ad:cc:fd:b7:f7:41:63:79:4f:32:9c:76:cf:2e:96:
         e1:1c:87:b7:f8:a5:51:16:ed:fb:58:3f:ab:ad:20:5b:a9:e1:
         f9:81:b7:7d:ec:65:3d:11:03:47:c7:48:91:f3:60:25:80:6e:
         db:70:80:25
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvMJB8dZihWjsNC2NrD0YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGQxNmVmMjhjYjViMjJlNGU0YWMwN2RiZTU1ZGE1MWQxZGU3ODhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxc42t547wMxL+CwhR9Jcg+ldwsu
OrCT4Q1Hqup9tyUdYjoJ2UKhabovppWDn4+cGb6hxvKL8nHOJGDjFGfZjjR8pfwV
SB1uef0C6q14VxFiImI0a8KSmM4FjTu7HeUBTtTcJ7dw/jmpMFIzLpcD0uM9tNzq
iQwGU1rfFObrPAW1WVKR/TCq3vy4T+GYDsUsHAPH5v3Afu4inHK8sHc2Ormxlq4j
mHqfBftPXlwZF1iGpcyvQ1EoujoXliRnx9nuC0Of1AXFoEMZwq99M3A9GhnMhZer
e/Z47s8Yhgw0JN2UNfX0I2G5KCfI2rJrr7xJJkyD9hzHriNCjd50coyXTQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIjRbvKMtbIuTkrAfb5V2lHR3niNMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvaU5GdThveTFzaTVPU3NCOXZsWGFVZEhlZUkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxMQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDAulEHxrK93PWzhLZoI/LBXzngmogD0devJrDf
0zqsnirvMgLXTxBWDTNzFBnrbrQaZDcQ8iEhVzhq/75hmX2d+VvHFA6UZcrVTwMa
bejCfXKPuy0XQ7smeHDVjeoXgMuqbq/0NIrHvsU0Bwa8MTxxg3BtLFpRU9jnbOrT
bF0ECyz+dLRmxa+UX2MMZnwJr5cYz4wS5SLv030qfLH6rXMPt8rGARrT6eOklxwu
XDRDsyBYU3C/CJPLJK6qJyMsIG9n1ukuxHqGh9OtzP2390FjeU8ynHbPLpbhHIe3
+KVRFu37WD+rrSBbqeH5gbd97GU9EQNHx0iR82AlgG7bcIAl
-----END CERTIFICATE-----