Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ka3YJA3ZVC8MuqIxLSsB6mYy1Dg.roa
File:                     ka3YJA3ZVC8MuqIxLSsB6mYy1Dg.roa (raw, json)
Hash identifier:          ygSEf6FYgL7CRWUngd+OCRritKDmKC544+znjY7+PAw=
Subject key identifier:   91:AD:D8:24:0D:D9:54:2F:0C:BA:A2:31:2D:2B:01:EA:66:32:D4:38
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD02E1D1B71A52A0DE13F427DC7A88
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ka3YJA3ZVC8MuqIxLSsB6mYy1Dg.roa
Signing time:             Tue 02 Jan 2024 10:34:16 +0000
ROA not before:           Tue 02 Jan 2024 10:34:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203442
IP address blocks:        2a0e:97c0:bc0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:02:e1:d1:b7:1a:52:a0:de:13:f4:27:dc:7a:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91add8240dd9542f0cbaa2312d2b01ea6632d438
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:84:53:60:39:72:1c:4f:f5:62:93:a6:51:a5:
                    b8:fc:c2:b8:1c:b4:cc:ec:e0:31:a2:e6:8e:b1:a1:
                    5a:a1:f9:5d:17:82:39:73:84:e8:62:f0:e0:2f:ac:
                    ef:8c:1d:bd:6c:3d:03:b2:56:f3:02:a0:3f:84:53:
                    cb:00:f9:58:88:28:7e:57:e7:9e:3a:2c:0e:a7:07:
                    4d:d9:b7:31:90:cf:e6:f9:e8:ab:85:a4:19:fa:5e:
                    e7:f6:71:c4:6b:99:4c:4a:62:1e:f5:0f:62:1c:68:
                    95:eb:08:19:64:9e:e7:b3:2f:1d:3d:3d:69:7a:cc:
                    1d:0a:d0:4f:8f:e2:f3:5c:14:8e:e9:bb:9d:e5:3c:
                    71:cd:54:ea:fa:71:bb:20:e2:87:3f:98:98:5f:fd:
                    96:e9:53:79:e3:a9:80:f2:6d:4b:c3:20:e9:95:f6:
                    80:59:da:ba:80:6d:bf:f4:62:42:24:db:ad:3f:93:
                    12:0f:ae:6c:ab:ff:ca:74:87:8f:08:57:9e:4d:fc:
                    56:f0:48:0d:fd:f4:cd:a8:d3:e6:42:9e:98:71:6d:
                    94:b0:04:1b:ce:1d:5e:09:31:7c:1b:dc:cc:91:4b:
                    57:58:be:50:7e:96:33:a5:55:ae:98:da:db:f7:aa:
                    47:82:d0:19:eb:03:55:6b:12:f9:34:12:bc:62:2c:
                    e7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:AD:D8:24:0D:D9:54:2F:0C:BA:A2:31:2D:2B:01:EA:66:32:D4:38
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ka3YJA3ZVC8MuqIxLSsB6mYy1Dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:bc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         7d:44:d5:fd:9b:8c:66:3a:42:7b:60:90:61:d0:4d:f7:03:f6:
         ae:52:2e:e9:dc:73:11:2c:d2:48:c8:63:01:97:35:f6:48:1b:
         77:fa:aa:aa:79:dd:9c:d2:6a:25:ce:8e:fc:98:b2:3a:65:e7:
         06:c7:bc:5d:02:38:ae:40:d3:8a:bf:4b:a7:d9:06:f1:9a:f3:
         8f:54:69:8f:41:0d:78:82:d4:6b:b0:f3:11:5a:13:70:32:f6:
         03:1d:a2:b6:0c:aa:82:92:e1:d7:7a:af:16:f1:cd:f4:42:6d:
         72:f4:46:7d:32:a7:86:93:5e:8c:29:78:25:8e:8d:e5:4c:80:
         7a:9a:1a:1e:26:52:54:87:b1:42:90:26:4a:9b:3f:ad:0c:ff:
         1d:fb:04:c1:4f:7d:87:5b:4d:e6:6c:95:54:62:39:fc:a5:e3:
         61:a8:b9:9f:05:0d:6f:73:da:20:84:4b:be:ee:db:e0:78:5f:
         bd:f0:3f:62:4e:f1:4d:2f:dc:b7:f4:68:c4:0e:62:e1:4e:b8:
         b4:d4:f6:61:6f:30:5b:9e:66:f8:81:78:86:46:35:38:91:d1:
         11:28:da:66:52:16:00:25:12:92:e0:71:80:27:9e:38:d5:a6:
         6f:cf:0e:1c:18:be:01:b0:35:23:5c:99:51:a0:c9:12:f8:00:
         99:9f:58:26
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvQLh0bcaUqDeE/Qn3HqIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWFkZDgyNDBkZDk1NDJmMGNiYWEyMzEyZDJiMDFlYTY2MzJkNDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4RTYDlyHE/1YpOmUaW4/MK4HLTM
7OAxouaOsaFaofldF4I5c4ToYvDgL6zvjB29bD0DslbzAqA/hFPLAPlYiCh+V+ee
OiwOpwdN2bcxkM/m+eirhaQZ+l7n9nHEa5lMSmIe9Q9iHGiV6wgZZJ7nsy8dPT1p
eswdCtBPj+LzXBSO6bud5TxxzVTq+nG7IOKHP5iYX/2W6VN546mA8m1LwyDplfaA
Wdq6gG2/9GJCJNutP5MSD65sq//KdIePCFeeTfxW8EgN/fTNqNPmQp6YcW2UsAQb
zh1eCTF8G9zMkUtXWL5QfpYzpVWumNrb96pHgtAZ6wNVaxL5NBK8YiznrQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJGt2CQN2VQvDLqiMS0rAepmMtQ4MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEva2EzWUpBM1pWQzhNdXFJeExTc0I2bVl5MURnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAvA
MA0GCSqGSIb3DQEBCwUAA4IBAQB9RNX9m4xmOkJ7YJBh0E33A/auUi7p3HMRLNJI
yGMBlzX2SBt3+qqqed2c0molzo78mLI6ZecGx7xdAjiuQNOKv0un2QbxmvOPVGmP
QQ14gtRrsPMRWhNwMvYDHaK2DKqCkuHXeq8W8c30Qm1y9EZ9MqeGk16MKXgljo3l
TIB6mhoeJlJUh7FCkCZKmz+tDP8d+wTBT32HW03mbJVUYjn8peNhqLmfBQ1vc9og
hEu+7tvgeF+98D9iTvFNL9y39GjEDmLhTri01PZhbzBbnmb4gXiGRjU4kdERKNpm
UhYAJRKS4HGAJ5441aZvzw4cGL4BsDUjXJlRoMkS+ACZn1gm
-----END CERTIFICATE-----