Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/okUGuZ8lAnXlztCzDSqnAkYoSp4.roa
File:                     okUGuZ8lAnXlztCzDSqnAkYoSp4.roa (raw, json)
Hash identifier:          u+iyOsFtlhJAjpSmZYWoVYz0XHtqVP53qDw933OtosI=
Subject key identifier:   A2:45:06:B9:9F:25:02:75:E5:CE:D0:B3:0D:2A:A7:02:46:28:4A:9E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD0120497179D5A64C4712C653484C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/okUGuZ8lAnXlztCzDSqnAkYoSp4.roa
Signing time:             Tue 02 Jan 2024 10:34:16 +0000
ROA not before:           Tue 02 Jan 2024 10:34:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202929
IP address blocks:        2a0e:97c0:510::/47 maxlen: 48
                          2a0e:97c0:513::/48 maxlen: 48
                          2a0e:97c0:514::/47 maxlen: 48
                          2a0e:97c0:512::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:01:20:49:71:79:d5:a6:4c:47:12:c6:53:48:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a24506b99f250275e5ced0b30d2aa70246284a9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:50:14:dd:7d:a5:fe:1a:1f:8b:35:a7:b5:20:
                    21:5a:50:47:2a:f1:51:af:86:03:a4:41:06:49:db:
                    fe:a3:e8:a6:44:83:fb:1c:44:9e:33:2c:eb:b6:07:
                    7b:ff:86:aa:20:8b:14:f4:52:60:6b:33:90:37:2c:
                    cd:3b:22:b7:93:c2:5e:ba:e8:89:aa:db:2d:41:20:
                    d9:70:af:4f:eb:2b:2d:8e:e3:77:2b:ec:44:ab:ca:
                    f7:c1:11:46:80:4c:5b:02:f4:b8:1e:6e:3a:25:23:
                    54:f3:37:1f:7f:a5:a6:08:23:61:f3:77:e3:4c:8e:
                    26:ec:87:2b:30:00:1f:9c:29:e1:0e:21:b2:29:91:
                    74:24:65:61:59:41:7c:97:f6:22:73:8c:b7:06:f5:
                    df:f5:ab:4c:da:f4:74:a8:39:5b:7f:20:1b:c4:91:
                    bf:01:3c:57:81:a8:93:ec:04:c9:6c:22:eb:5a:88:
                    64:86:e5:b5:93:f8:27:e6:10:9e:e8:40:58:e9:a7:
                    fb:67:2a:03:86:f3:d3:db:fa:b5:75:45:72:cd:de:
                    a0:08:1c:24:30:b9:57:b1:96:1c:17:a9:2c:ee:4b:
                    40:8c:5f:68:38:9f:65:76:cb:32:a8:71:b1:91:08:
                    6d:94:27:47:b1:54:6f:fa:42:c7:b5:26:94:05:e7:
                    72:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:45:06:B9:9F:25:02:75:E5:CE:D0:B3:0D:2A:A7:02:46:28:4A:9E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/okUGuZ8lAnXlztCzDSqnAkYoSp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:510::-2a0e:97c0:515:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         36:ac:93:c4:42:22:13:09:17:69:2c:94:2c:64:be:b4:8b:b4:
         4e:03:e4:87:d4:dc:1f:53:b7:77:97:15:02:a5:e8:96:09:fd:
         60:cc:52:91:98:aa:84:7c:c2:e7:79:19:44:3f:d0:1d:28:06:
         68:43:89:5d:b7:82:a3:e3:38:aa:72:f1:01:af:a2:5d:00:b7:
         17:08:55:03:7e:09:f2:98:ad:95:73:f6:ba:2b:94:d9:90:0d:
         1f:66:ec:94:48:cd:5e:30:ee:76:b7:b9:bf:4f:41:5e:8b:42:
         0c:99:37:7a:e9:99:74:eb:0a:99:37:ef:3f:d5:76:c0:e1:bf:
         5e:18:30:b0:95:89:18:15:00:86:af:8a:cd:8f:c9:74:82:55:
         70:60:72:cf:9e:c8:8f:19:39:26:bb:da:e9:58:58:03:46:9b:
         32:b8:a8:dc:60:2a:0d:f2:dd:3a:66:c6:66:ed:b9:e9:fd:00:
         7f:13:40:8e:24:a2:72:28:7f:26:8d:67:01:0f:ec:6e:e5:25:
         c3:36:3d:e7:98:cf:85:4c:20:de:fb:44:61:ed:ab:ec:19:33:
         5f:7b:6e:d6:61:90:d1:67:ed:e7:5e:b7:85:75:05:ad:96:d4:
         87:60:51:e3:5a:4a:7d:02:1f:70:5c:28:c6:64:f3:8d:fb:c1:
         45:4f:74:a8
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzJvQEgSXF51aZMRxLGU0hMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjQ1MDZiOTlmMjUwMjc1ZTVjZWQwYjMwZDJhYTcwMjQ2Mjg0YTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1AU3X2l/hofizWntSAhWlBHKvFR
r4YDpEEGSdv+o+imRIP7HESeMyzrtgd7/4aqIIsU9FJgazOQNyzNOyK3k8JeuuiJ
qtstQSDZcK9P6ystjuN3K+xEq8r3wRFGgExbAvS4Hm46JSNU8zcff6WmCCNh83fj
TI4m7IcrMAAfnCnhDiGyKZF0JGVhWUF8l/Yic4y3BvXf9atM2vR0qDlbfyAbxJG/
ATxXgaiT7ATJbCLrWohkhuW1k/gn5hCe6EBY6af7ZyoDhvPT2/q1dUVyzd6gCBwk
MLlXsZYcF6ks7ktAjF9oOJ9ldssyqHGxkQhtlCdHsVRv+kLHtSaUBedy3wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKJFBrmfJQJ15c7Qsw0qpwJGKEqeMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvb2tVR3VaOGxBblhsenRDekRTcW5Ba1lvU3A0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwQqDpfA
BRADBwEqDpfABRQwDQYJKoZIhvcNAQELBQADggEBADask8RCIhMJF2kslCxkvrSL
tE4D5IfU3B9Tt3eXFQKl6JYJ/WDMUpGYqoR8wud5GUQ/0B0oBmhDiV23gqPjOKpy
8QGvol0AtxcIVQN+CfKYrZVz9rorlNmQDR9m7JRIzV4w7na3ub9PQV6LQgyZN3rp
mXTrCpk37z/VdsDhv14YMLCViRgVAIavis2PyXSCVXBgcs+eyI8ZOSa72ulYWANG
mzK4qNxgKg3y3Tpmxmbtuen9AH8TQI4konIofyaNZwEP7G7lJcM2PeeYz4VMIN77
RGHtq+wZM197btZhkNFn7edet4V1Ba2W1IdgUeNaSn0CH3BcKMZk8437wUVPdKg=
-----END CERTIFICATE-----