Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/l51RHw9T-OpeHHWyaRaBLbswY7E.roa
File:                     l51RHw9T-OpeHHWyaRaBLbswY7E.roa (raw, json)
Hash identifier:          bsln/id+f908AVWfasDC1YJn1dKvquyfSyoiiu1zW0Y=
Subject key identifier:   97:9D:51:1F:0F:53:F8:EA:5E:1C:75:B2:69:16:81:2D:BB:30:63:B1
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD3ADFD6DE08EE43D49CEBA6DCC720
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/l51RHw9T-OpeHHWyaRaBLbswY7E.roa
Signing time:             Tue 02 Jan 2024 10:34:30 +0000
ROA not before:           Tue 02 Jan 2024 10:34:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211704
IP address blocks:        2a0e:97c0:230::/44 maxlen: 48
                          2a0e:b107:fb3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:3a:df:d6:de:08:ee:43:d4:9c:eb:a6:dc:c7:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=979d511f0f53f8ea5e1c75b26916812dbb3063b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:84:e8:ad:f6:f6:e2:cd:d7:20:c0:60:a0:89:
                    ae:24:71:49:29:3c:38:04:73:30:d1:74:d6:73:5d:
                    50:c0:59:ef:e4:e4:cf:82:7b:6e:28:c6:40:96:da:
                    b8:50:17:dd:c4:a5:73:3b:de:7c:4c:70:b2:17:9c:
                    0f:79:c4:6f:dc:dc:13:27:fc:12:17:e5:a1:4f:3d:
                    6a:5b:41:88:4e:9a:25:d5:34:e7:c7:2e:61:52:59:
                    1f:ba:7e:19:5b:11:4b:ce:8d:38:22:7f:61:6a:ea:
                    c6:36:d3:1d:4b:08:65:60:85:c2:ca:bf:cb:1e:88:
                    b7:b6:8e:25:4d:b8:49:47:5e:f0:fb:ce:ca:9f:87:
                    bb:17:ec:b6:66:4e:6d:63:a7:d6:70:c8:44:be:26:
                    52:b9:e0:65:47:1f:4f:65:69:ef:03:ef:41:3a:30:
                    f0:72:9d:81:6c:3f:97:f2:46:e8:f7:8f:a9:66:64:
                    b3:0b:c3:0f:a4:30:87:e3:7b:06:06:7b:41:3e:a6:
                    c9:5e:fe:62:75:93:41:31:8a:70:19:05:dd:68:99:
                    5b:16:03:54:26:c9:b7:77:a2:cc:8d:11:1c:bc:3b:
                    17:62:b6:e8:52:20:c1:13:a4:e1:4f:a6:28:64:cd:
                    99:d1:d1:8b:0e:7b:08:00:17:d9:4e:ff:66:f9:00:
                    3e:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:9D:51:1F:0F:53:F8:EA:5E:1C:75:B2:69:16:81:2D:BB:30:63:B1
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/l51RHw9T-OpeHHWyaRaBLbswY7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:230::/44
                  2a0e:b107:fb3::/48

    Signature Algorithm: sha256WithRSAEncryption
         bd:23:70:3c:24:e7:af:ad:a1:5e:50:94:1d:f9:89:83:64:d8:
         c4:a3:4a:3f:ff:2b:8a:8d:1f:e7:56:55:50:88:51:00:85:09:
         24:b8:f2:5d:f6:5f:9c:d0:19:75:3b:25:32:c1:1b:ed:10:fd:
         73:60:74:cc:31:51:e3:83:86:46:38:fe:cd:ae:c0:34:10:d0:
         cc:19:fc:fe:d4:2f:8d:7b:8e:40:a1:5d:db:8f:ab:21:b4:28:
         43:bb:4c:fb:d0:4c:d8:44:5f:ca:2f:a1:cb:a6:92:9d:0c:4b:
         2d:7f:87:c4:42:d2:0a:f0:db:00:89:b9:9c:5f:e6:d8:b5:22:
         ec:83:15:25:91:e2:95:ab:ea:f2:ef:a1:62:d8:35:10:db:84:
         54:ac:1c:8d:15:86:cc:f5:4b:fa:70:46:66:c9:8c:17:35:e7:
         27:56:4f:78:dd:af:15:0c:14:42:89:92:b0:c7:71:12:73:3a:
         77:2f:ed:50:72:85:10:02:4d:0e:6f:7f:7e:a2:9c:33:94:64:
         62:11:b5:da:9d:27:4f:a1:7f:64:79:59:e8:d5:46:d5:a4:a8:
         c4:f1:bc:f0:84:80:da:b0:8f:d3:9f:ef:0d:c7:37:6c:20:89:
         b5:83:39:00:79:7a:08:91:e4:3d:d1:cd:d8:a5:7a:51:b9:4a:
         8e:79:f6:1b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvTrf1t4I7kPUnOum3McgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzlkNTExZjBmNTNmOGVhNWUxYzc1YjI2OTE2ODEyZGJiMzA2M2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0oTorfb24s3XIMBgoImuJHFJKTw4
BHMw0XTWc11QwFnv5OTPgntuKMZAltq4UBfdxKVzO958THCyF5wPecRv3NwTJ/wS
F+WhTz1qW0GITpol1TTnxy5hUlkfun4ZWxFLzo04In9haurGNtMdSwhlYIXCyr/L
Hoi3to4lTbhJR17w+87Kn4e7F+y2Zk5tY6fWcMhEviZSueBlRx9PZWnvA+9BOjDw
cp2BbD+X8kbo94+pZmSzC8MPpDCH43sGBntBPqbJXv5idZNBMYpwGQXdaJlbFgNU
Jsm3d6LMjREcvDsXYrboUiDBE6ThT6YoZM2Z0dGLDnsIABfZTv9m+QA+ZwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJedUR8PU/jqXhx1smkWgS27MGOxMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbDUxUkh3OVQtT3BlSEhXeWFSYUJMYnN3WTdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6XwAIw
AwcAKg6xBw+zMA0GCSqGSIb3DQEBCwUAA4IBAQC9I3A8JOevraFeUJQd+YmDZNjE
o0o//yuKjR/nVlVQiFEAhQkkuPJd9l+c0Bl1OyUywRvtEP1zYHTMMVHjg4ZGOP7N
rsA0ENDMGfz+1C+Ne45AoV3bj6shtChDu0z70EzYRF/KL6HLppKdDEstf4fEQtIK
8NsAibmcX+bYtSLsgxUlkeKVq+ry76Fi2DUQ24RUrByNFYbM9Uv6cEZmyYwXNecn
Vk943a8VDBRCiZKwx3ESczp3L+1QcoUQAk0Ob39+opwzlGRiEbXanSdPoX9keVno
1UbVpKjE8bzwhIDasI/Tn+8NxzdsIIm1gzkAeXoIkeQ90c3YpXpRuUqOefYb
-----END CERTIFICATE-----