Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/pkeBFVHj86KL92TEoifDqEc9GWw.roa
File:                     pkeBFVHj86KL92TEoifDqEc9GWw.roa (raw, json)
Hash identifier:          LepNyWWtvcG1f8weS6yXjLZmCzS005L+Tx4sYHHBC7M=
Subject key identifier:   A6:47:81:15:51:E3:F3:A2:8B:F7:64:C4:A2:27:C3:A8:47:3D:19:6C
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCEAA904FF444941E4BA47500CB496
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/pkeBFVHj86KL92TEoifDqEc9GWw.roa
Signing time:             Tue 02 Jan 2024 10:34:10 +0000
ROA not before:           Tue 02 Jan 2024 10:34:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198661
IP address blocks:        2a0e:97c0:7e0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:ea:a9:04:ff:44:49:41:e4:ba:47:50:0c:b4:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a647811551e3f3a28bf764c4a227c3a8473d196c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a1:06:9a:0d:c2:36:b6:d0:09:9d:81:d7:a6:
                    63:6e:86:7e:64:16:67:17:71:fd:24:22:40:0f:cb:
                    96:2d:4b:82:02:62:b9:1b:3f:eb:57:d8:e2:5c:22:
                    b4:f8:3d:17:90:5a:92:27:db:a6:ab:4d:40:6a:da:
                    db:99:c8:99:ce:ec:9e:0f:28:eb:1c:8f:64:d9:1a:
                    fe:77:b5:95:40:03:01:e5:ba:db:31:6f:56:ad:74:
                    ec:e1:3f:4e:d2:cb:0f:01:36:bb:c5:1f:1f:aa:45:
                    ab:14:69:91:7e:6b:af:83:26:1c:71:ef:c3:cc:04:
                    4e:ff:6e:ed:80:9e:80:35:d4:4b:42:c1:29:d6:1a:
                    5e:b9:c0:5f:88:92:b8:40:13:04:42:05:29:12:b0:
                    25:50:73:37:61:f2:76:ac:14:49:26:03:2d:5c:01:
                    bd:ed:12:f9:a4:b5:95:a7:11:c1:ad:6d:23:cd:e4:
                    04:8e:ae:5d:ab:10:54:19:28:b6:f3:03:da:f8:b0:
                    6c:a4:b5:e4:e2:de:6b:d4:41:74:b4:c8:99:d5:d4:
                    02:30:dc:17:64:19:10:93:ce:ff:2f:10:91:13:27:
                    4e:84:d3:b4:7a:5c:c0:6d:25:66:fa:f0:39:99:00:
                    5d:79:49:09:8c:37:ae:4e:2a:2a:71:af:d7:60:7f:
                    55:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:47:81:15:51:E3:F3:A2:8B:F7:64:C4:A2:27:C3:A8:47:3D:19:6C
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/pkeBFVHj86KL92TEoifDqEc9GWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:7e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         10:5a:59:6a:ca:be:62:89:9b:65:57:a6:43:b2:4c:27:db:f4:
         0e:88:44:c1:05:8d:5f:3f:a8:89:9f:df:0e:e1:6f:8d:96:0c:
         3e:83:2d:01:26:a3:88:27:18:98:92:ae:aa:8c:4d:6f:7d:c9:
         23:57:b6:d7:2b:89:86:69:3e:dd:a0:3b:9d:37:3f:9f:ae:3b:
         a5:4c:12:e3:22:60:3b:11:06:26:3e:66:9f:24:14:a3:27:ca:
         98:da:29:2b:0f:10:2b:89:23:96:71:ef:9d:f7:7d:36:5d:e9:
         d0:8a:45:aa:b8:33:a4:8c:bc:2c:88:4e:f2:6f:00:47:fd:f5:
         fe:17:38:56:f7:f6:8a:9c:26:0f:8f:f3:29:cb:ea:10:cf:3e:
         14:ea:c8:b3:68:8f:a4:2e:bc:e3:4c:fa:ff:42:6e:14:81:c2:
         e2:4b:98:d6:74:15:a9:5d:15:59:c3:57:3a:9c:79:43:15:7b:
         7a:c7:43:df:3a:e5:24:ed:8f:85:c8:f7:22:82:57:ed:90:7a:
         d3:e9:02:6f:4f:6c:34:b6:c1:b0:ee:4b:75:26:6e:9f:49:a4:
         62:cb:97:30:ca:26:2f:44:9b:c7:48:f3:49:0b:c5:43:2b:42:
         3d:48:d7:9a:ce:72:83:73:b7:98:e0:bd:46:42:db:da:56:56:
         6a:73:45:97
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvOqpBP9ESUHkukdQDLSWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjQ3ODExNTUxZTNmM2EyOGJmNzY0YzRhMjI3YzNhODQ3M2QxOTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKEGmg3CNrbQCZ2B16ZjboZ+ZBZn
F3H9JCJAD8uWLUuCAmK5Gz/rV9jiXCK0+D0XkFqSJ9umq01AatrbmciZzuyeDyjr
HI9k2Rr+d7WVQAMB5brbMW9WrXTs4T9O0ssPATa7xR8fqkWrFGmRfmuvgyYcce/D
zARO/27tgJ6ANdRLQsEp1hpeucBfiJK4QBMEQgUpErAlUHM3YfJ2rBRJJgMtXAG9
7RL5pLWVpxHBrW0jzeQEjq5dqxBUGSi28wPa+LBspLXk4t5r1EF0tMiZ1dQCMNwX
ZBkQk87/LxCREydOhNO0elzAbSVm+vA5mQBdeUkJjDeuTioqca/XYH9VOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKZHgRVR4/Oii/dkxKInw6hHPRlsMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvcGtlQkZWSGo4NktMOTJURW9pZkRxRWM5R1d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAfg
MA0GCSqGSIb3DQEBCwUAA4IBAQAQWllqyr5iiZtlV6ZDskwn2/QOiETBBY1fP6iJ
n98O4W+Nlgw+gy0BJqOIJxiYkq6qjE1vfckjV7bXK4mGaT7doDudNz+frjulTBLj
ImA7EQYmPmafJBSjJ8qY2ikrDxAriSOWce+d9302XenQikWquDOkjLwsiE7ybwBH
/fX+FzhW9/aKnCYPj/Mpy+oQzz4U6sizaI+kLrzjTPr/Qm4UgcLiS5jWdBWpXRVZ
w1c6nHlDFXt6x0PfOuUk7Y+FyPciglftkHrT6QJvT2w0tsGw7kt1Jm6fSaRiy5cw
yiYvRJvHSPNJC8VDK0I9SNeaznKDc7eY4L1GQtvaVlZqc0WX
-----END CERTIFICATE-----