Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/iiPa0kicXST_hBG4gSDRlzPjm_w.roa
File:                     iiPa0kicXST_hBG4gSDRlzPjm_w.roa (raw, json)
Hash identifier:          gLPO1fw6VfjfK3I8qaqVfm2XwdbSUcZ0XLvv/fsCEvg=
Subject key identifier:   8A:23:DA:D2:48:9C:5D:24:FF:84:11:B8:81:20:D1:97:33:E3:9B:FC
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018EB8267F5ED51E50F18579B7365C132ACB
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/iiPa0kicXST_hBG4gSDRlzPjm_w.roa
Signing time:             Sun 07 Apr 2024 10:41:54 +0000
ROA not before:           Sun 07 Apr 2024 10:41:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215188
IP address blocks:        2a0e:97c0:800::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:b8:26:7f:5e:d5:1e:50:f1:85:79:b7:36:5c:13:2a:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr  7 10:41:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a23dad2489c5d24ff8411b88120d19733e39bfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:07:59:00:e6:33:95:6f:72:af:16:d4:ee:73:
                    95:54:2f:ea:14:e6:b0:84:eb:83:ab:eb:cb:a1:3d:
                    63:9a:44:25:da:c6:48:a9:b6:97:03:34:cb:b1:8f:
                    d5:51:ff:b0:fb:98:7d:2c:dd:41:3a:3a:49:68:64:
                    9a:5c:a8:bc:5d:98:cd:84:bb:25:92:fb:11:02:56:
                    16:d2:8c:ab:3c:36:1d:85:a5:44:f0:8a:0c:03:83:
                    28:94:c7:9f:fd:27:0a:60:ea:fc:ad:5b:7b:89:4a:
                    80:b1:50:fc:20:62:f1:88:2b:43:9c:18:ef:ef:c3:
                    82:0d:2e:2d:0f:af:3b:d0:3b:70:cf:8c:11:73:75:
                    f9:dc:ed:3b:36:18:fe:e7:17:ac:46:8a:a5:81:73:
                    f3:62:03:45:fe:ab:9e:7d:bd:b7:57:4c:ff:5f:b1:
                    52:1a:5b:22:81:58:12:1b:99:c6:46:d4:87:42:e9:
                    6f:e8:35:3a:57:94:95:e9:e0:ba:c3:61:21:34:fc:
                    b3:e1:78:c5:39:17:62:7d:b1:ce:ad:51:16:65:7e:
                    1e:43:e7:70:fe:2e:b9:11:ba:46:72:de:76:31:48:
                    ef:9c:1c:e2:54:1d:5b:95:4c:68:df:41:52:71:71:
                    09:27:54:e3:59:23:76:91:ea:4c:03:19:67:18:2b:
                    4a:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:23:DA:D2:48:9C:5D:24:FF:84:11:B8:81:20:D1:97:33:E3:9B:FC
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/iiPa0kicXST_hBG4gSDRlzPjm_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:800::/44

    Signature Algorithm: sha256WithRSAEncryption
         77:51:9e:2d:75:ef:d5:fe:41:b7:47:6a:fc:30:b9:51:e1:9b:
         c8:2f:32:85:5c:00:6b:be:fe:ae:fc:a1:73:6f:5c:8d:15:4e:
         49:a7:d8:fd:23:42:c8:1c:1d:e0:40:e6:62:cd:92:8b:49:51:
         f0:ac:31:88:cd:aa:5c:8c:0d:2d:7b:7b:34:c1:a8:08:02:d1:
         f9:ec:fb:6c:23:ed:26:62:62:c7:6b:f9:71:8a:5a:2e:8f:d2:
         4f:8d:db:0e:33:8f:99:b3:e7:07:44:b0:ba:a6:ab:b1:af:33:
         50:9f:80:d8:8d:87:d4:80:18:ee:f5:5b:f2:b3:2f:e0:45:ea:
         b3:3c:cd:7a:97:64:64:aa:10:db:cc:20:e7:b0:97:53:c3:d2:
         c9:ca:c5:13:eb:38:c2:57:96:bf:05:76:b4:bc:aa:e7:56:d3:
         21:d4:7c:e6:89:20:70:3b:3e:39:aa:91:95:ca:1b:90:b1:ca:
         08:e1:15:e0:45:0c:7b:01:12:64:c8:dc:bf:2b:71:76:a3:dc:
         8f:14:96:38:f2:2f:f6:4b:82:d3:87:fc:77:c7:89:0f:4b:80:
         ff:a7:fd:23:68:bf:a2:bd:81:03:b5:23:ad:1d:2d:2b:aa:46:
         b8:2e:3e:20:e3:96:81:a0:7a:93:9e:c4:2e:98:78:e1:bb:1e:
         bb:a3:c3:62
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY64Jn9e1R5Q8YV5tzZcEyrLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNDA3MTA0MTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTIzZGFkMjQ4OWM1ZDI0ZmY4NDExYjg4MTIwZDE5NzMzZTM5YmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgdZAOYzlW9yrxbU7nOVVC/qFOaw
hOuDq+vLoT1jmkQl2sZIqbaXAzTLsY/VUf+w+5h9LN1BOjpJaGSaXKi8XZjNhLsl
kvsRAlYW0oyrPDYdhaVE8IoMA4MolMef/ScKYOr8rVt7iUqAsVD8IGLxiCtDnBjv
78OCDS4tD6870Dtwz4wRc3X53O07Nhj+5xesRoqlgXPzYgNF/quefb23V0z/X7FS
GlsigVgSG5nGRtSHQulv6DU6V5SV6eC6w2EhNPyz4XjFORdifbHOrVEWZX4eQ+dw
/i65EbpGct52MUjvnBziVB1blUxo30FScXEJJ1TjWSN2kepMAxlnGCtK6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIoj2tJInF0k/4QRuIEg0Zcz45v8MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvaWlQYTBraWNYU1RfaEJHNGdTRFJselBqbV93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAgA
MA0GCSqGSIb3DQEBCwUAA4IBAQB3UZ4tde/V/kG3R2r8MLlR4ZvILzKFXABrvv6u
/KFzb1yNFU5Jp9j9I0LIHB3gQOZizZKLSVHwrDGIzapcjA0te3s0wagIAtH57Pts
I+0mYmLHa/lxilouj9JPjdsOM4+Zs+cHRLC6pquxrzNQn4DYjYfUgBju9Vvysy/g
ReqzPM16l2RkqhDbzCDnsJdTw9LJysUT6zjCV5a/BXa0vKrnVtMh1HzmiSBwOz45
qpGVyhuQscoI4RXgRQx7ARJkyNy/K3F2o9yPFJY48i/2S4LTh/x3x4kPS4D/p/0j
aL+ivYEDtSOtHS0rqka4Lj4g45aBoHqTnsQumHjhux67o8Ni
-----END CERTIFICATE-----