Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/nC2TCrWCLQcnIg7iQjNE8Lvq8qc.roa
File:                     nC2TCrWCLQcnIg7iQjNE8Lvq8qc.roa (raw, json)
Hash identifier:          nyenKfBX1sHl6L7NWLhd/ujKY/MQt6QHmWbAzFhD208=
Subject key identifier:   9C:2D:93:0A:B5:82:2D:07:27:22:0E:E2:42:33:44:F0:BB:EA:F2:A7
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD067D8321AA4CE111AB8FAEEFE1E2
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/nC2TCrWCLQcnIg7iQjNE8Lvq8qc.roa
Signing time:             Tue 02 Jan 2024 10:34:17 +0000
ROA not before:           Tue 02 Jan 2024 10:34:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203899
IP address blocks:        2a0e:b107:1b20::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:06:7d:83:21:aa:4c:e1:11:ab:8f:ae:ef:e1:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c2d930ab5822d0727220ee2423344f0bbeaf2a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:51:63:e9:00:60:61:0a:61:7f:dc:42:b2:29:
                    ad:dd:f1:c4:ac:fc:ea:31:67:ef:86:7d:05:9c:53:
                    fe:74:33:8b:98:60:9c:7f:18:4c:43:6e:bb:10:0c:
                    4e:67:3d:0e:ad:90:76:75:18:a0:76:53:e3:66:79:
                    f0:09:11:2a:b0:6b:5f:08:db:85:e1:ad:4d:a1:de:
                    6b:41:e4:fc:31:2c:50:37:58:66:31:e0:23:03:a3:
                    80:d6:14:58:92:a6:2a:af:55:33:ef:39:b7:f7:b4:
                    e5:45:12:55:fa:59:eb:3a:af:76:7b:73:1a:c8:6f:
                    a9:01:8e:81:9b:54:eb:a1:e0:68:c2:b5:23:64:fa:
                    ae:0d:f1:b2:73:b6:7f:41:37:f1:a5:c5:16:de:03:
                    ba:7a:63:35:86:71:7c:4c:41:8e:27:91:cc:ba:eb:
                    2a:06:d6:d1:cf:04:a5:2b:36:aa:5f:7f:c2:c0:1f:
                    d7:7b:5d:a1:1e:a6:dc:2b:3e:b1:10:33:80:76:3c:
                    65:25:e0:bd:c0:2f:77:c0:ae:8e:fb:5e:1b:f5:ad:
                    06:aa:6f:28:b6:ec:23:2d:3b:05:6c:a9:4c:c3:68:
                    ad:c0:a3:43:e0:d3:4e:9f:d5:7e:0e:0f:04:d7:ab:
                    8d:fe:05:c3:d9:54:d2:31:5c:78:51:bc:e2:76:6e:
                    dd:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:2D:93:0A:B5:82:2D:07:27:22:0E:E2:42:33:44:F0:BB:EA:F2:A7
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/nC2TCrWCLQcnIg7iQjNE8Lvq8qc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1b20::/44

    Signature Algorithm: sha256WithRSAEncryption
         17:b5:e5:71:d1:72:98:c9:d7:94:fd:1c:04:c3:9c:49:38:fc:
         8d:44:0e:43:8b:78:9a:4c:fc:44:bb:5d:a0:c4:fe:2c:25:46:
         15:19:a8:97:4a:ca:ea:b5:0a:da:17:fb:18:58:2c:1d:28:2c:
         37:c0:08:ba:4a:88:ea:01:00:68:3c:86:49:48:3e:1a:1f:17:
         92:cc:0b:79:a5:24:91:8e:9b:21:0e:c7:0f:a3:4d:39:1a:11:
         80:44:ff:c0:97:e7:03:94:8f:9b:a2:c3:ba:b5:2b:84:48:91:
         98:42:0b:6b:3e:bf:fa:49:e9:9b:e4:56:a8:9d:27:68:88:bc:
         37:39:47:ca:ae:32:30:24:04:5b:b6:a0:f0:b3:b5:3a:18:0d:
         83:8f:0c:25:4f:ea:a2:a8:ac:68:1a:3d:61:7f:56:99:6a:9d:
         d5:71:4b:c3:e9:5b:5b:f3:46:33:ac:c6:6c:8f:4b:2c:bf:9f:
         01:da:ac:ad:cf:77:7c:16:e8:37:25:04:29:f0:8c:63:aa:c8:
         f2:64:fa:5e:ec:c2:46:5e:9c:d4:96:ac:ca:29:ad:a5:a4:91:
         e6:a6:fa:ac:3c:17:c5:2e:a3:48:b1:57:4c:9a:07:75:e3:a9:
         34:a1:b7:02:51:ce:ce:e5:1d:60:fd:0b:50:95:d2:54:05:70:
         91:af:0c:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvQZ9gyGqTOERq4+u7+HiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzJkOTMwYWI1ODIyZDA3MjcyMjBlZTI0MjMzNDRmMGJiZWFmMmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslFj6QBgYQphf9xCsimt3fHErPzq
MWfvhn0FnFP+dDOLmGCcfxhMQ267EAxOZz0OrZB2dRigdlPjZnnwCREqsGtfCNuF
4a1Nod5rQeT8MSxQN1hmMeAjA6OA1hRYkqYqr1Uz7zm397TlRRJV+lnrOq92e3Ma
yG+pAY6Bm1TroeBowrUjZPquDfGyc7Z/QTfxpcUW3gO6emM1hnF8TEGOJ5HMuusq
BtbRzwSlKzaqX3/CwB/Xe12hHqbcKz6xEDOAdjxlJeC9wC93wK6O+14b9a0Gqm8o
tuwjLTsFbKlMw2itwKND4NNOn9V+Dg8E16uN/gXD2VTSMVx4Ubzidm7dMQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJwtkwq1gi0HJyIO4kIzRPC76vKnMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbkMyVENyV0NMUWNuSWc3aVFqTkU4THZxOHFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxsg
MA0GCSqGSIb3DQEBCwUAA4IBAQAXteVx0XKYydeU/RwEw5xJOPyNRA5Di3iaTPxE
u12gxP4sJUYVGaiXSsrqtQraF/sYWCwdKCw3wAi6SojqAQBoPIZJSD4aHxeSzAt5
pSSRjpshDscPo005GhGARP/Al+cDlI+bosO6tSuESJGYQgtrPr/6Semb5FaonSdo
iLw3OUfKrjIwJARbtqDws7U6GA2DjwwlT+qiqKxoGj1hf1aZap3VcUvD6Vtb80Yz
rMZsj0ssv58B2qytz3d8Fug3JQQp8IxjqsjyZPpe7MJGXpzUlqzKKa2lpJHmpvqs
PBfFLqNIsVdMmgd146k0obcCUc7O5R1g/QtQldJUBXCRrwyv
-----END CERTIFICATE-----