Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lfLk3AIzuUzxtkY1rZSnOHMtrFU.roa
File:                     lfLk3AIzuUzxtkY1rZSnOHMtrFU.roa (raw, json)
Hash identifier:          9eh6YYH69e7JT/Ya+2mJaREbKgNNL8kkcWTfjnyrWLg=
Subject key identifier:   95:F2:E4:DC:02:33:B9:4C:F1:B6:46:35:AD:94:A7:38:73:2D:AC:55
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD435F112E88FB571454429A10EC69
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lfLk3AIzuUzxtkY1rZSnOHMtrFU.roa
Signing time:             Tue 02 Jan 2024 10:34:33 +0000
ROA not before:           Tue 02 Jan 2024 10:34:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212294
IP address blocks:        2a0e:b107:1ba0::/44 maxlen: 48
                          2a0e:b107:1bb0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:43:5f:11:2e:88:fb:57:14:54:42:9a:10:ec:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=95f2e4dc0233b94cf1b64635ad94a738732dac55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:33:b3:f9:ec:7b:c6:55:38:d4:c1:d3:8b:51:
                    2f:8f:1e:5e:2f:c4:03:94:92:50:3f:38:fb:55:57:
                    69:aa:a7:05:d7:5f:15:e6:95:22:a7:ea:e2:be:68:
                    5e:89:94:13:c4:d0:ca:51:dd:36:0b:25:22:98:92:
                    e8:48:76:ef:0e:b1:b1:a3:ea:0c:0f:5e:27:6b:5f:
                    22:79:37:97:af:6b:25:b2:4b:ac:7e:36:90:7d:b4:
                    a3:b9:53:f5:ae:76:57:c6:a6:b8:fe:84:3c:ef:ea:
                    88:3f:7a:52:05:bc:7b:68:59:18:88:c5:32:aa:8b:
                    c9:3c:09:17:4b:e3:f7:f2:18:8f:14:7c:5a:7d:40:
                    8a:0c:dc:0f:2d:18:df:96:c2:00:73:00:c6:d7:17:
                    8c:50:24:68:7e:13:1d:fe:f6:67:f2:4d:d8:1f:35:
                    bc:77:cf:bd:c3:b2:a9:00:0b:d8:94:46:5d:43:dd:
                    41:e8:bc:dc:66:aa:46:da:09:38:61:20:1f:ac:98:
                    1e:6f:fc:01:ed:56:9b:56:65:cb:94:03:94:5a:75:
                    a8:97:14:a0:76:84:44:c5:a5:4b:73:d9:86:99:35:
                    45:2d:5a:57:57:16:31:32:7c:9c:58:0e:ca:46:17:
                    cb:e3:1f:e6:72:f5:71:b4:62:35:11:80:0b:a5:9e:
                    84:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:F2:E4:DC:02:33:B9:4C:F1:B6:46:35:AD:94:A7:38:73:2D:AC:55
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lfLk3AIzuUzxtkY1rZSnOHMtrFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1ba0::/43

    Signature Algorithm: sha256WithRSAEncryption
         72:fe:14:cb:be:0b:aa:4d:81:15:0a:81:33:c6:64:dc:69:06:
         a4:8f:20:3a:f6:c4:96:81:eb:1b:ff:ed:60:a4:59:e6:f7:fe:
         f0:f3:da:7c:96:90:08:29:5d:2c:5e:de:87:23:50:1f:06:fd:
         bd:a9:26:c4:f3:e6:6a:51:fb:f7:5f:6a:51:be:49:8f:6d:ad:
         28:05:8f:45:6a:b0:9c:f2:b6:28:6d:e8:ce:68:58:68:8e:34:
         a9:6f:43:3e:57:a5:e2:7b:c6:14:1f:b3:a9:e8:ce:c7:85:38:
         85:90:81:44:8d:dc:d5:5c:eb:ad:5d:f4:a4:4c:0f:a7:e6:85:
         cf:04:5f:a7:63:a2:71:5d:e7:7b:3b:92:46:ea:61:c9:7a:49:
         01:00:75:97:64:31:10:ae:bd:6c:92:b1:a7:9a:99:31:b1:8b:
         0e:a4:c0:15:a6:22:55:81:c1:27:49:a2:7f:f4:1e:76:7c:c6:
         eb:3e:1e:9c:43:0f:26:85:ec:f3:2b:27:f2:94:1b:e7:64:34:
         6f:24:8f:be:86:85:46:08:fd:56:15:a4:ad:7c:31:8a:03:62:
         38:3d:26:e4:16:3d:fa:cb:ae:c9:a9:fc:16:df:2c:cd:b1:11:
         6e:fb:a7:80:d5:fc:48:ed:10:49:16:a1:7c:e1:d2:51:19:1d:
         c1:e2:5b:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvUNfES6I+1cUVEKaEOxpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWYyZTRkYzAyMzNiOTRjZjFiNjQ2MzVhZDk0YTczODczMmRhYzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3DOz+ex7xlU41MHTi1Evjx5eL8QD
lJJQPzj7VVdpqqcF118V5pUip+rivmheiZQTxNDKUd02CyUimJLoSHbvDrGxo+oM
D14na18ieTeXr2slskusfjaQfbSjuVP1rnZXxqa4/oQ87+qIP3pSBbx7aFkYiMUy
qovJPAkXS+P38hiPFHxafUCKDNwPLRjflsIAcwDG1xeMUCRofhMd/vZn8k3YHzW8
d8+9w7KpAAvYlEZdQ91B6LzcZqpG2gk4YSAfrJgeb/wB7VabVmXLlAOUWnWolxSg
doRExaVLc9mGmTVFLVpXVxYxMnycWA7KRhfL4x/mcvVxtGI1EYALpZ6E9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJXy5NwCM7lM8bZGNa2UpzhzLaxVMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbGZMazNBSXp1VXp4dGtZMXJaU25PSE10ckZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcFKg6xBxug
MA0GCSqGSIb3DQEBCwUAA4IBAQBy/hTLvguqTYEVCoEzxmTcaQakjyA69sSWgesb
/+1gpFnm9/7w89p8lpAIKV0sXt6HI1AfBv29qSbE8+ZqUfv3X2pRvkmPba0oBY9F
arCc8rYobejOaFhojjSpb0M+V6Xie8YUH7Op6M7HhTiFkIFEjdzVXOutXfSkTA+n
5oXPBF+nY6JxXed7O5JG6mHJekkBAHWXZDEQrr1skrGnmpkxsYsOpMAVpiJVgcEn
SaJ/9B52fMbrPh6cQw8mhezzKyfylBvnZDRvJI++hoVGCP1WFaStfDGKA2I4PSbk
Fj36y67JqfwW3yzNsRFu+6eA1fxI7RBJFqF84dJRGR3B4luy
-----END CERTIFICATE-----