Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/os4TvhOE2JErvP37Q2j_nxU_-gA.roa
File:                     os4TvhOE2JErvP37Q2j_nxU_-gA.roa (raw, json)
Hash identifier:          ZmLk7OB5hcMWZIh2tzbkG9U5x7Kf5+gpgmSd/cziPsw=
Subject key identifier:   A2:CE:13:BE:13:84:D8:91:2B:BC:FD:FB:43:68:FF:9F:15:3F:FA:00
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018DE127A74124453948741C14D7BCF5AB94
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/os4TvhOE2JErvP37Q2j_nxU_-gA.roa
Signing time:             Sun 25 Feb 2024 16:44:48 +0000
ROA not before:           Sun 25 Feb 2024 16:44:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215453
IP address blocks:        2a0e:97c0:ef0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e1:27:a7:41:24:45:39:48:74:1c:14:d7:bc:f5:ab:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb 25 16:44:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2ce13be1384d8912bbcfdfb4368ff9f153ffa00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:42:62:3c:7e:0d:91:27:ac:1f:7a:b6:37:af:
                    68:6d:3a:e8:67:a7:22:f8:2c:42:68:4e:a5:73:02:
                    65:76:93:29:eb:df:86:d7:15:4c:b8:3b:18:17:d9:
                    38:16:2c:9e:76:08:af:bc:76:b4:94:09:e6:c2:cd:
                    ab:27:85:70:34:10:d2:fb:a2:33:c5:9e:95:a6:77:
                    ec:8c:d0:18:1e:54:8b:33:10:8e:4e:2b:6f:41:b4:
                    29:01:b0:f0:af:30:23:41:d4:2b:49:c0:e2:a0:8d:
                    07:80:54:5d:c9:ab:4b:22:e4:d7:53:2d:0b:24:d6:
                    34:19:54:ba:2d:4a:66:95:d2:44:87:11:37:b8:47:
                    27:7f:bc:6f:92:ef:13:46:b2:0b:38:a6:6d:84:1c:
                    81:99:e1:37:52:e2:a8:1e:f7:49:88:6b:49:9a:df:
                    9c:79:31:f1:1b:5e:65:dd:5a:61:07:8f:b5:5a:43:
                    dc:23:34:e4:a5:0d:8b:e1:d2:9f:4c:d2:e2:a1:93:
                    4c:87:70:c9:c7:0e:04:63:19:ee:9e:69:84:65:18:
                    78:cc:52:26:3b:da:4b:de:d0:5e:ed:6c:28:de:47:
                    88:41:e3:98:d8:9c:f3:28:30:59:6a:b4:93:8e:c9:
                    27:05:00:72:b2:e8:f3:89:06:63:39:2f:29:57:bf:
                    3d:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:CE:13:BE:13:84:D8:91:2B:BC:FD:FB:43:68:FF:9F:15:3F:FA:00
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/os4TvhOE2JErvP37Q2j_nxU_-gA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:ef0::/44

    Signature Algorithm: sha256WithRSAEncryption
         3f:a7:ab:51:a8:f8:c7:f7:f0:84:9c:fa:77:96:c7:e2:da:8a:
         c3:56:f3:f5:62:2e:24:9a:bd:92:43:e0:50:92:aa:33:99:ff:
         35:3a:39:ad:b3:4b:e3:aa:7b:6f:80:dc:67:4f:47:44:aa:ac:
         7f:80:43:ed:ba:16:a0:16:52:28:fa:4f:2d:d3:6e:30:a2:3b:
         da:59:8d:92:f0:d2:eb:28:82:57:34:91:23:8a:63:a7:bc:bc:
         a9:58:21:7a:36:73:0b:93:e9:42:28:b5:eb:f0:d7:56:67:69:
         98:80:b6:42:74:a0:30:4e:7a:bc:ca:0d:45:40:91:dd:2d:e5:
         92:a2:90:75:aa:4a:86:45:26:1c:65:8f:a3:46:ce:69:87:0d:
         16:15:95:53:7b:e3:48:3a:af:a6:85:ca:e6:e3:6a:6e:59:06:
         ea:4b:ac:78:a3:a8:38:8f:b0:6f:13:bd:56:2a:99:95:38:5d:
         a1:b4:f9:ea:ba:2f:a6:5f:ad:7a:fa:06:74:15:43:b2:a4:6c:
         9d:cf:a7:73:f1:0f:14:85:5f:7f:18:7f:55:98:d4:86:3c:09:
         24:fb:24:4e:72:c1:d7:23:8b:3c:39:9f:7c:19:6e:d3:e3:cb:
         d6:db:aa:9b:04:57:9a:64:81:8c:17:18:b0:70:cf:f2:40:37:
         8d:df:bf:cd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY3hJ6dBJEU5SHQcFNe89auUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMjI1MTY0NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmNlMTNiZTEzODRkODkxMmJiY2ZkZmI0MzY4ZmY5ZjE1M2ZmYTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkEJiPH4NkSesH3q2N69obTroZ6ci
+CxCaE6lcwJldpMp69+G1xVMuDsYF9k4FiyedgivvHa0lAnmws2rJ4VwNBDS+6Iz
xZ6VpnfsjNAYHlSLMxCOTitvQbQpAbDwrzAjQdQrScDioI0HgFRdyatLIuTXUy0L
JNY0GVS6LUpmldJEhxE3uEcnf7xvku8TRrILOKZthByBmeE3UuKoHvdJiGtJmt+c
eTHxG15l3VphB4+1WkPcIzTkpQ2L4dKfTNLioZNMh3DJxw4EYxnunmmEZRh4zFIm
O9pL3tBe7Wwo3keIQeOY2JzzKDBZarSTjsknBQBysujziQZjOS8pV789gwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKLOE74ThNiRK7z9+0No/58VP/oAMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvb3M0VHZoT0UySkVydlAzN1Eyal9ueFVfLWdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwA7w
MA0GCSqGSIb3DQEBCwUAA4IBAQA/p6tRqPjH9/CEnPp3lsfi2orDVvP1Yi4kmr2S
Q+BQkqozmf81Ojmts0vjqntvgNxnT0dEqqx/gEPtuhagFlIo+k8t024wojvaWY2S
8NLrKIJXNJEjimOnvLypWCF6NnMLk+lCKLXr8NdWZ2mYgLZCdKAwTnq8yg1FQJHd
LeWSopB1qkqGRSYcZY+jRs5phw0WFZVTe+NIOq+mhcrm42puWQbqS6x4o6g4j7Bv
E71WKpmVOF2htPnqui+mX616+gZ0FUOypGydz6dz8Q8UhV9/GH9VmNSGPAkk+yRO
csHXI4s8OZ98GW7T48vW26qbBFeaZIGMFxiwcM/yQDeN37/N
-----END CERTIFICATE-----