Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lTLD-rUQhFg1JFp4MblB_u16otQ.roa
File:                     lTLD-rUQhFg1JFp4MblB_u16otQ.roa (raw, json)
Hash identifier:          wV9Xq9Oi1bH4hvy6tUyJdG0YPJb2gOzGoFuirsrfuAA=
Subject key identifier:   95:32:C3:FA:B5:10:84:58:35:24:5A:78:31:B9:41:FE:ED:7A:A2:D4
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD0C71C65863638855BF70CB70C57C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lTLD-rUQhFg1JFp4MblB_u16otQ.roa
Signing time:             Tue 02 Jan 2024 10:34:19 +0000
ROA not before:           Tue 02 Jan 2024 10:34:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205092
IP address blocks:        2a0e:97c0:b00::/48 maxlen: 48
                          2a0e:97c0:b01::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:0c:71:c6:58:63:63:88:55:bf:70:cb:70:c5:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9532c3fab510845835245a7831b941feed7aa2d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:0d:ee:d7:ec:88:96:b0:ce:ea:5c:3f:b5:a5:
                    e0:cf:9d:3e:49:ec:b5:f8:0f:c7:a7:d2:4e:7d:62:
                    cc:a6:fe:dc:84:43:29:68:80:76:32:d1:69:89:ca:
                    f1:17:76:8f:77:c2:c2:f9:6f:4d:ea:ad:56:94:3b:
                    3f:33:58:07:43:75:7b:7e:47:28:5b:36:78:a6:3e:
                    ab:ac:ef:10:3c:dd:7f:d1:1c:0d:55:fe:ba:83:8b:
                    f7:ee:b9:94:05:28:80:85:38:6b:74:42:48:43:b0:
                    55:49:10:96:59:c1:6a:f9:62:b4:0e:f4:ed:79:80:
                    18:a4:05:5f:e7:ee:66:58:8c:a0:7b:5b:b2:2f:97:
                    69:b7:eb:3c:bf:1b:89:55:f3:eb:ce:1e:da:e4:49:
                    07:03:2f:19:4e:77:9a:3c:0c:21:7f:26:77:bd:a5:
                    c7:f7:f2:d0:4f:bc:07:a4:42:1a:f0:05:eb:54:4e:
                    e2:ab:9e:13:7b:05:03:e0:43:6c:cc:5d:07:b5:dc:
                    cf:86:53:2d:91:a6:46:01:79:88:94:10:f6:9a:bd:
                    3e:0b:8f:0e:73:8b:77:02:e2:b6:d6:23:07:7c:df:
                    44:09:92:5a:9f:5c:ce:f1:68:ce:8b:f8:a2:d2:fa:
                    04:1c:9d:a8:1b:ea:58:27:06:72:3e:fd:f3:0a:b9:
                    bc:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:32:C3:FA:B5:10:84:58:35:24:5A:78:31:B9:41:FE:ED:7A:A2:D4
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lTLD-rUQhFg1JFp4MblB_u16otQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:b00::/47

    Signature Algorithm: sha256WithRSAEncryption
         8e:49:82:9c:4a:98:25:52:4e:29:0a:95:f5:95:3a:42:85:10:
         65:3e:ce:3a:fe:67:3b:79:c5:41:a3:89:15:40:3c:36:67:b0:
         2e:73:28:ba:b6:25:7b:66:5b:84:76:de:32:8d:55:75:a8:1f:
         54:4c:10:2d:1e:a8:5b:15:9e:b9:a9:e6:4f:14:fb:80:78:8f:
         b2:d3:c1:b5:fe:95:47:36:8e:fe:7c:e2:d2:c7:d8:9f:f3:9e:
         64:d1:0e:47:be:5a:62:3c:58:cc:cd:ce:55:5e:83:8e:eb:4f:
         8f:62:fd:10:0c:83:ca:6f:bb:8c:05:36:8e:ea:d2:e5:16:bd:
         98:20:f9:ef:17:3f:0b:37:37:2c:90:ae:a2:00:44:b6:c6:34:
         b2:f8:94:05:e5:58:31:44:11:3f:26:e1:a5:29:e1:1f:36:99:
         80:17:e3:9e:f3:bf:2b:2c:7a:8d:c9:25:d9:2e:e5:75:2e:b4:
         0c:b3:89:92:97:db:65:12:b9:25:68:74:b6:72:24:ec:02:26:
         e1:9d:a3:f3:c2:f1:e0:cc:90:72:02:35:90:a7:10:ce:ef:f9:
         be:c8:7d:d8:62:6c:86:b3:25:27:41:5e:2e:a4:e6:c7:50:7f:
         f1:ed:d4:a9:49:0c:fe:c8:fd:20:a4:61:26:53:f0:d9:ec:20:
         8c:51:72:53
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvQxxxlhjY4hVv3DLcMV8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTMyYzNmYWI1MTA4NDU4MzUyNDVhNzgzMWI5NDFmZWVkN2FhMmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApw3u1+yIlrDO6lw/taXgz50+Sey1
+A/Hp9JOfWLMpv7chEMpaIB2MtFpicrxF3aPd8LC+W9N6q1WlDs/M1gHQ3V7fkco
WzZ4pj6rrO8QPN1/0RwNVf66g4v37rmUBSiAhThrdEJIQ7BVSRCWWcFq+WK0DvTt
eYAYpAVf5+5mWIyge1uyL5dpt+s8vxuJVfPrzh7a5EkHAy8ZTneaPAwhfyZ3vaXH
9/LQT7wHpEIa8AXrVE7iq54TewUD4ENszF0HtdzPhlMtkaZGAXmIlBD2mr0+C48O
c4t3AuK21iMHfN9ECZJan1zO8WjOi/ii0voEHJ2oG+pYJwZyPv3zCrm8dQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJUyw/q1EIRYNSRaeDG5Qf7teqLUMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbFRMRC1yVVFoRmcxSkZwNE1ibEJfdTE2b3RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKg6XwAsA
MA0GCSqGSIb3DQEBCwUAA4IBAQCOSYKcSpglUk4pCpX1lTpChRBlPs46/mc7ecVB
o4kVQDw2Z7Aucyi6tiV7ZluEdt4yjVV1qB9UTBAtHqhbFZ65qeZPFPuAeI+y08G1
/pVHNo7+fOLSx9if855k0Q5HvlpiPFjMzc5VXoOO60+PYv0QDIPKb7uMBTaO6tLl
Fr2YIPnvFz8LNzcskK6iAES2xjSy+JQF5VgxRBE/JuGlKeEfNpmAF+Oe878rLHqN
ySXZLuV1LrQMs4mSl9tlErklaHS2ciTsAibhnaPzwvHgzJByAjWQpxDO7/m+yH3Y
YmyGsyUnQV4upObHUH/x7dSpSQz+yP0gpGEmU/DZ7CCMUXJT
-----END CERTIFICATE-----