Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/judiRCc48NIsq8iSSzaeLKJTvvY.roa
File:                     judiRCc48NIsq8iSSzaeLKJTvvY.roa (raw, json)
Hash identifier:          sFcsFYS2emb70t/iNxaiTVfmqmC8GLantj3U57PHEX8=
Subject key identifier:   8E:E7:62:44:27:38:F0:D2:2C:AB:C8:92:4B:36:9E:2C:A2:53:BE:F6
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD24C6CB9556678EF27435FEDB48C0
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/judiRCc48NIsq8iSSzaeLKJTvvY.roa
Signing time:             Tue 02 Jan 2024 10:34:25 +0000
ROA not before:           Tue 02 Jan 2024 10:34:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210537
IP address blocks:        2a0e:97c0:600::/44 maxlen: 48
                          2a0e:b107:17c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:24:c6:cb:95:56:67:8e:f2:74:35:fe:db:48:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ee762442738f0d22cabc8924b369e2ca253bef6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:02:d5:18:91:ad:d3:78:61:37:1b:f4:70:86:
                    75:0e:c7:c3:56:86:1d:81:16:a0:9a:08:73:f9:0a:
                    97:16:d6:74:9c:9e:67:80:3a:72:55:60:9f:c3:cb:
                    c1:ed:c3:6b:e0:5f:8d:22:a5:18:af:02:81:74:ae:
                    12:ab:3c:f6:4c:93:ad:8b:f1:ee:28:61:b9:21:3a:
                    19:d9:ae:65:7c:a2:ed:17:98:4b:f2:09:da:9c:ce:
                    0a:f9:b2:d3:c9:66:20:5c:e0:ce:52:93:e7:16:79:
                    0f:e2:5d:03:23:7c:62:a6:7f:b5:ec:66:d4:17:14:
                    ac:4f:01:2d:89:53:9e:ea:3a:0b:b1:88:86:03:e5:
                    de:a5:42:87:28:a6:d7:b1:e6:4c:64:99:af:e6:a7:
                    48:3b:d1:74:f7:97:b8:12:e3:2f:3c:40:4c:0f:ff:
                    48:f6:50:05:88:69:16:23:1a:7a:b0:20:07:e6:2f:
                    0b:a5:87:15:19:61:db:9a:e8:3c:c4:10:ba:59:c5:
                    0e:a4:3c:fe:9e:74:be:9c:be:3c:e1:dd:21:f0:8a:
                    95:da:0c:c5:8d:d3:3a:e7:45:02:7d:16:af:fb:9a:
                    a8:19:22:f6:9c:bf:2a:47:dc:0e:02:e2:78:d1:8a:
                    3d:37:48:45:4c:3c:66:69:d3:e8:3c:ba:a3:b7:86:
                    c1:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:E7:62:44:27:38:F0:D2:2C:AB:C8:92:4B:36:9E:2C:A2:53:BE:F6
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/judiRCc48NIsq8iSSzaeLKJTvvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:600::/44
                  2a0e:b107:17c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         53:20:ff:35:0c:fa:3b:a6:54:79:89:b1:df:26:4b:ea:44:84:
         c4:05:9c:2f:96:d5:1a:0f:85:11:78:1d:27:ae:07:40:14:96:
         a4:cb:e7:7f:f3:36:67:97:5b:0f:ed:09:22:1e:4a:f6:24:9f:
         c6:89:cb:64:85:8a:e3:29:79:fd:9d:ed:41:18:3c:e1:7e:9b:
         06:61:c8:a7:c7:e2:bb:e3:ff:b2:51:49:77:63:f3:3a:ed:26:
         dd:55:2a:aa:15:b8:45:87:18:5d:62:eb:a8:75:3e:d8:91:7d:
         5e:f8:d6:d3:e9:3b:52:c0:91:8a:8d:db:ef:71:0a:85:3d:5e:
         bf:a1:a1:42:a9:b6:61:04:9d:89:d1:d1:f1:9d:03:b9:cf:1a:
         95:a3:32:45:07:8d:47:46:6c:76:1a:4e:63:cd:b9:8b:c9:db:
         be:b8:15:84:65:e3:8d:f1:9f:da:a7:d0:7b:ba:ac:42:3b:7f:
         0e:41:34:f3:02:8c:1b:1d:c4:96:b0:8f:e2:17:ec:84:51:7a:
         8f:30:18:49:3c:3a:6b:b7:17:33:94:4b:35:91:f7:6a:55:33:
         36:a3:48:15:df:c7:71:7d:61:53:b2:1e:52:98:53:64:5c:29:
         71:03:dd:d6:ef:2f:a3:0a:ec:43:f8:1d:87:69:b0:86:1d:17:
         bc:ef:0b:70
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvSTGy5VWZ47ydDX+20jAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWU3NjI0NDI3MzhmMGQyMmNhYmM4OTI0YjM2OWUyY2EyNTNiZWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ALVGJGt03hhNxv0cIZ1DsfDVoYd
gRagmghz+QqXFtZ0nJ5ngDpyVWCfw8vB7cNr4F+NIqUYrwKBdK4Sqzz2TJOti/Hu
KGG5IToZ2a5lfKLtF5hL8gnanM4K+bLTyWYgXODOUpPnFnkP4l0DI3xipn+17GbU
FxSsTwEtiVOe6joLsYiGA+XepUKHKKbXseZMZJmv5qdIO9F095e4EuMvPEBMD/9I
9lAFiGkWIxp6sCAH5i8LpYcVGWHbmug8xBC6WcUOpDz+nnS+nL484d0h8IqV2gzF
jdM650UCfRav+5qoGSL2nL8qR9wOAuJ40Yo9N0hFTDxmadPoPLqjt4bBHwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI7nYkQnOPDSLKvIkks2niyiU772MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvanVkaVJDYzQ4TklzcThpU1N6YWVMS0pUdnZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6XwAYA
AwcEKg6xBxfAMA0GCSqGSIb3DQEBCwUAA4IBAQBTIP81DPo7plR5ibHfJkvqRITE
BZwvltUaD4UReB0nrgdAFJaky+d/8zZnl1sP7QkiHkr2JJ/GictkhYrjKXn9ne1B
GDzhfpsGYcinx+K74/+yUUl3Y/M67SbdVSqqFbhFhxhdYuuodT7YkX1e+NbT6TtS
wJGKjdvvcQqFPV6/oaFCqbZhBJ2J0dHxnQO5zxqVozJFB41HRmx2Gk5jzbmLydu+
uBWEZeON8Z/ap9B7uqxCO38OQTTzAowbHcSWsI/iF+yEUXqPMBhJPDprtxczlEs1
kfdqVTM2o0gV38dxfWFTsh5SmFNkXClxA93W7y+jCuxD+B2HabCGHRe87wtw
-----END CERTIFICATE-----