Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/pt8HMs0VT8ttUh-t_e9TSYoh2LU.roa
File:                     pt8HMs0VT8ttUh-t_e9TSYoh2LU.roa (raw, json)
Hash identifier:          4L4/XI0GB05lA25Te0PFOtF3BnNqd2NYBVG84t4Wnjo=
Subject key identifier:   A6:DF:07:32:CD:15:4F:CB:6D:52:1F:AD:FD:EF:53:49:8A:21:D8:B5
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD548EC34A985D071A523617303F2A
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/pt8HMs0VT8ttUh-t_e9TSYoh2LU.roa
Signing time:             Tue 02 Jan 2024 10:34:37 +0000
ROA not before:           Tue 02 Jan 2024 10:34:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215975
IP address blocks:        2a0e:97c0:e20::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:54:8e:c3:4a:98:5d:07:1a:52:36:17:30:3f:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6df0732cd154fcb6d521fadfdef53498a21d8b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b8:99:db:6f:52:a4:80:32:69:a1:2d:1a:b4:
                    51:48:ee:47:8c:61:8e:86:0b:80:30:e5:bc:58:17:
                    ff:c7:6f:e6:fa:15:8f:67:dc:3f:a3:fa:6b:15:7d:
                    ef:d4:b3:9c:d9:0d:ad:be:49:47:c7:c0:6f:eb:3b:
                    9c:a1:56:4e:67:74:c8:53:3f:35:35:1e:dd:16:88:
                    56:65:95:f4:44:d4:d2:ff:be:02:59:38:bc:4d:7a:
                    ed:98:e4:b2:b2:76:1c:70:c0:8c:03:8d:5d:57:fd:
                    5c:aa:97:2f:d0:b8:d9:b0:fe:6e:c1:49:71:5d:8d:
                    b4:41:1d:51:d8:c4:1d:58:b3:3b:08:b8:59:e4:ce:
                    cb:b9:06:98:57:af:ba:79:0a:dc:02:d2:60:dc:60:
                    e4:e5:74:10:8c:c2:71:a9:0b:84:39:06:de:2d:21:
                    ed:e9:59:34:bf:a1:f3:c1:ab:81:95:c2:a1:7e:93:
                    24:dd:7c:72:d3:5d:c4:73:92:77:09:d0:62:1c:94:
                    e8:10:d4:d4:45:5f:f4:32:fd:eb:1c:12:aa:03:ee:
                    1a:ee:4b:b0:8f:46:f3:bd:ef:e2:12:10:16:77:f1:
                    0f:4e:6e:52:51:55:04:7f:a7:78:e7:36:ef:ef:bb:
                    ad:f2:a7:07:68:4f:eb:3d:d7:5d:df:4e:e4:cb:9b:
                    43:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:DF:07:32:CD:15:4F:CB:6D:52:1F:AD:FD:EF:53:49:8A:21:D8:B5
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/pt8HMs0VT8ttUh-t_e9TSYoh2LU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:e20::/44

    Signature Algorithm: sha256WithRSAEncryption
         84:55:b5:e7:ec:2d:68:60:d0:56:e9:02:31:70:04:66:33:32:
         34:57:ef:01:43:0d:59:64:73:8f:bb:b3:99:2e:a3:04:e6:d8:
         93:c6:26:23:00:b2:21:33:9d:82:1b:02:2b:d2:c2:75:b4:e9:
         94:b8:a0:7c:07:00:43:13:0d:3a:db:84:fb:4a:1f:ea:9b:3d:
         23:dc:6c:11:41:24:e7:6f:d7:ae:66:18:88:14:b8:36:43:b4:
         25:c7:c2:db:96:7d:16:80:cb:ea:93:60:6e:54:c9:24:8f:88:
         48:f1:5f:90:52:f5:24:52:43:20:70:d1:26:c8:00:c6:91:ad:
         fb:85:60:76:b1:db:ec:3c:4b:5b:ea:6a:96:70:e0:b5:b5:58:
         64:04:a1:d9:71:df:61:da:88:ce:05:77:4b:04:64:17:0f:9d:
         11:7d:02:1c:2e:4b:e9:f6:7f:e0:c4:02:f3:c7:ee:00:78:b5:
         93:de:cc:af:6c:e3:98:0f:c0:64:fc:1a:0f:1d:fb:b9:08:47:
         f5:d3:78:ff:28:42:89:cc:0b:85:ee:a8:3f:ba:06:b2:49:f8:
         b6:88:23:85:30:fb:5c:a3:a4:c2:70:f6:4d:0f:46:1f:a2:85:
         12:b9:6c:63:bd:56:24:94:c8:74:00:23:b3:63:a8:62:3b:4d:
         3d:29:34:99
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvVSOw0qYXQcaUjYXMD8qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmRmMDczMmNkMTU0ZmNiNmQ1MjFmYWRmZGVmNTM0OThhMjFkOGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbiZ229SpIAyaaEtGrRRSO5HjGGO
hguAMOW8WBf/x2/m+hWPZ9w/o/prFX3v1LOc2Q2tvklHx8Bv6zucoVZOZ3TIUz81
NR7dFohWZZX0RNTS/74CWTi8TXrtmOSysnYccMCMA41dV/1cqpcv0LjZsP5uwUlx
XY20QR1R2MQdWLM7CLhZ5M7LuQaYV6+6eQrcAtJg3GDk5XQQjMJxqQuEOQbeLSHt
6Vk0v6HzwauBlcKhfpMk3Xxy013Ec5J3CdBiHJToENTURV/0Mv3rHBKqA+4a7kuw
j0bzve/iEhAWd/EPTm5SUVUEf6d45zbv77ut8qcHaE/rPddd307ky5tDBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKbfBzLNFU/LbVIfrf3vU0mKIdi1MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvcHQ4SE1zMFZUOHR0VWgtdF9lOVRTWW9oMkxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwA4g
MA0GCSqGSIb3DQEBCwUAA4IBAQCEVbXn7C1oYNBW6QIxcARmMzI0V+8BQw1ZZHOP
u7OZLqME5tiTxiYjALIhM52CGwIr0sJ1tOmUuKB8BwBDEw0624T7Sh/qmz0j3GwR
QSTnb9euZhiIFLg2Q7Qlx8Lbln0WgMvqk2BuVMkkj4hI8V+QUvUkUkMgcNEmyADG
ka37hWB2sdvsPEtb6mqWcOC1tVhkBKHZcd9h2ojOBXdLBGQXD50RfQIcLkvp9n/g
xALzx+4AeLWT3syvbOOYD8Bk/BoPHfu5CEf103j/KEKJzAuF7qg/ugaySfi2iCOF
MPtco6TCcPZND0YfooUSuWxjvVYklMh0ACOzY6hiO009KTSZ
-----END CERTIFICATE-----