Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/nRh5Ls9exNmwd-EavlToOUYvLAc.roa
File:                     nRh5Ls9exNmwd-EavlToOUYvLAc.roa (raw, json)
Hash identifier:          pQ/NuGxOnqwho8k1GgVR53ElO4lxYG0qfu9KfyNT/nw=
Subject key identifier:   9D:18:79:2E:CF:5E:C4:D9:B0:77:E1:1A:BE:54:E8:39:46:2F:2C:07
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018D8AC69D541E194F6FF6DF0DA9FC6FAC85
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/nRh5Ls9exNmwd-EavlToOUYvLAc.roa
Signing time:             Thu 08 Feb 2024 22:11:28 +0000
ROA not before:           Thu 08 Feb 2024 22:11:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215562
IP address blocks:        2a0e:97c0:8d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8a:c6:9d:54:1e:19:4f:6f:f6:df:0d:a9:fc:6f:ac:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb  8 22:11:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9d18792ecf5ec4d9b077e11abe54e839462f2c07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:df:17:d2:e8:f1:39:c7:94:8c:88:e7:55:65:
                    73:0e:9f:62:8a:b6:0f:7b:ef:ec:d3:0e:17:d8:63:
                    d1:4c:88:ce:d4:df:35:ad:59:ba:e0:b2:60:eb:9d:
                    30:eb:e4:b1:87:c7:65:2f:11:f2:22:0f:c1:97:f2:
                    d9:d8:44:81:b5:0b:28:84:e2:e2:de:67:6a:ff:f2:
                    40:86:91:bb:a7:35:0b:5d:55:6e:6f:03:68:5c:af:
                    96:a0:13:04:3c:ea:31:9c:cf:9c:87:25:29:33:97:
                    30:4b:96:5c:55:93:ab:6a:9c:ff:5d:43:fe:06:37:
                    5e:b5:70:3f:3d:b1:b4:75:e2:8a:0a:c4:08:78:8e:
                    82:31:98:21:cf:d5:38:6d:27:e2:da:78:a7:59:fa:
                    75:1b:39:d3:9b:cb:f3:6f:be:70:db:5c:17:5e:5b:
                    11:61:00:eb:9a:0f:47:87:f7:af:7e:ff:36:e0:34:
                    c2:3b:87:a9:30:6c:b7:83:46:b1:ee:f9:24:79:e5:
                    ae:f6:31:39:5b:51:15:a5:7a:c8:6c:43:b8:33:bd:
                    31:f2:3d:dd:fe:a5:66:fc:df:09:81:2e:7a:4e:9a:
                    60:ee:35:e9:6d:cd:76:cf:bc:14:f4:b8:f6:bc:32:
                    84:e3:a9:19:66:8b:19:88:5f:cf:5b:9b:9a:5f:72:
                    63:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:18:79:2E:CF:5E:C4:D9:B0:77:E1:1A:BE:54:E8:39:46:2F:2C:07
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/nRh5Ls9exNmwd-EavlToOUYvLAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:8d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         03:4f:b5:f3:79:c8:db:45:56:dd:c6:d0:bc:a1:5f:b2:a6:9f:
         a4:25:84:c9:d0:c3:42:80:40:46:9c:ea:9d:43:4f:48:2e:23:
         87:a1:99:96:6c:d3:85:68:da:d8:ea:35:ba:e8:cf:8e:5b:89:
         e0:79:f0:de:41:00:30:57:3b:37:d5:c7:37:f1:f2:83:07:40:
         35:c3:74:44:01:a1:80:e9:4f:9e:89:54:82:aa:53:03:ea:f8:
         b3:08:37:e0:6b:8a:df:65:c7:8f:65:9f:e1:10:50:d1:80:09:
         48:6c:a1:ea:11:77:d8:94:52:15:4d:b9:38:23:50:c7:99:8d:
         91:b1:e7:03:5e:de:02:52:3a:20:42:46:cd:d6:fc:43:8f:73:
         f5:f4:90:42:83:49:ba:2d:23:fc:9b:1a:92:78:9a:cb:f7:ab:
         52:8a:0a:53:5e:e9:a8:75:8e:80:2a:1e:d8:d7:c5:fa:ff:cc:
         80:26:ee:50:a8:73:09:ef:e2:e7:f5:e8:bf:95:07:52:e6:95:
         d6:e1:75:5c:6d:d7:a1:f3:5b:3c:d2:f8:e1:8d:8d:a9:e1:80:
         4a:3a:25:e3:94:ea:2c:7b:7b:20:ae:7a:54:11:a7:4c:ec:25:
         63:e7:dc:ba:3a:1f:86:f0:6f:25:6b:cc:f7:b5:26:48:f0:2d:
         1d:c9:e8:db
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2Kxp1UHhlPb/bfDan8b6yFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMjA4MjIxMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDE4NzkyZWNmNWVjNGQ5YjA3N2UxMWFiZTU0ZTgzOTQ2MmYyYzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApd8X0ujxOceUjIjnVWVzDp9iirYP
e+/s0w4X2GPRTIjO1N81rVm64LJg650w6+Sxh8dlLxHyIg/Bl/LZ2ESBtQsohOLi
3mdq//JAhpG7pzULXVVubwNoXK+WoBMEPOoxnM+chyUpM5cwS5ZcVZOrapz/XUP+
BjdetXA/PbG0deKKCsQIeI6CMZghz9U4bSfi2ninWfp1GznTm8vzb75w21wXXlsR
YQDrmg9Hh/evfv824DTCO4epMGy3g0ax7vkkeeWu9jE5W1EVpXrIbEO4M70x8j3d
/qVm/N8JgS56Tppg7jXpbc12z7wU9Lj2vDKE46kZZosZiF/PW5uaX3JjFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ0YeS7PXsTZsHfhGr5U6DlGLywHMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvblJoNUxzOWV4Tm13ZC1FYXZsVG9PVVl2TEFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAjQ
MA0GCSqGSIb3DQEBCwUAA4IBAQADT7XzecjbRVbdxtC8oV+ypp+kJYTJ0MNCgEBG
nOqdQ09ILiOHoZmWbNOFaNrY6jW66M+OW4ngefDeQQAwVzs31cc38fKDB0A1w3RE
AaGA6U+eiVSCqlMD6vizCDfga4rfZcePZZ/hEFDRgAlIbKHqEXfYlFIVTbk4I1DH
mY2RsecDXt4CUjogQkbN1vxDj3P19JBCg0m6LSP8mxqSeJrL96tSigpTXumodY6A
Kh7Y18X6/8yAJu5QqHMJ7+Ln9ei/lQdS5pXW4XVcbdeh81s80vjhjY2p4YBKOiXj
lOose3sgrnpUEadM7CVj59y6Oh+G8G8la8z3tSZI8C0dyejb
-----END CERTIFICATE-----