Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/rVzw8GnWxMQIFczohFL-kVgg82k.roa
File:                     rVzw8GnWxMQIFczohFL-kVgg82k.roa (raw, json)
Hash identifier:          gz0ERwh1aWvEVj/xKwLL0RD0ZMpGQYGSnKDMnr21K94=
Subject key identifier:   AD:5C:F0:F0:69:D6:C4:C4:08:15:CC:E8:84:52:FE:91:58:20:F3:69
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCD9746FA9BFC147019185ABCD7532
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/rVzw8GnWxMQIFczohFL-kVgg82k.roa
Signing time:             Tue 02 Jan 2024 10:34:05 +0000
ROA not before:           Tue 02 Jan 2024 10:34:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134478
IP address blocks:        2a0e:b107:ea2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d9:74:6f:a9:bf:c1:47:01:91:85:ab:cd:75:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad5cf0f069d6c4c40815cce88452fe915820f369
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:bb:6a:4d:0a:ae:a9:c4:09:d3:82:d4:0e:f8:
                    bc:bb:1d:b2:9b:36:d7:51:a2:2e:cd:24:b0:b2:ef:
                    00:61:3b:28:8b:ff:3c:7a:af:4e:b0:50:3d:e1:62:
                    a6:a4:38:cc:6e:98:0f:b8:26:67:f8:65:4b:ec:e6:
                    58:15:a5:3c:b7:47:0d:a9:4e:f5:c2:a2:fd:55:c2:
                    75:97:79:51:f2:de:ae:d9:d4:64:b9:c2:8f:23:30:
                    85:8b:1e:5f:75:58:47:da:6b:96:0a:12:b4:c4:8c:
                    03:b2:47:b6:84:03:25:c9:63:31:c9:bb:c9:b4:da:
                    fc:b3:3c:f7:23:25:db:38:52:e9:13:33:26:e8:85:
                    52:43:5a:f3:a5:84:50:56:f2:6c:23:95:cc:75:91:
                    2a:f3:b4:13:c1:98:51:d8:68:8e:94:ba:fb:be:33:
                    13:05:a2:c3:3e:cb:f6:c2:b6:64:40:02:7e:e5:d9:
                    6e:5a:b6:2a:96:5b:e6:bb:0b:12:9e:3b:33:17:4b:
                    43:d5:d7:1d:5a:2b:8c:f4:aa:2e:f3:bc:8c:4e:20:
                    9d:bb:a3:cc:de:8d:61:57:c2:10:38:11:a6:73:50:
                    bd:80:ff:ed:ff:43:88:f4:22:ad:d0:2e:d8:18:af:
                    63:e4:d5:6e:9e:1c:e2:85:d9:39:06:8a:d8:d0:27:
                    d1:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:5C:F0:F0:69:D6:C4:C4:08:15:CC:E8:84:52:FE:91:58:20:F3:69
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/rVzw8GnWxMQIFczohFL-kVgg82k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:ea2::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:0d:7d:5c:2c:cd:56:2f:e9:35:fc:88:17:82:7f:c0:28:c6:
         fa:fa:69:8d:a9:e0:00:92:0e:4e:21:bd:d1:aa:0a:85:62:70:
         5e:93:21:0a:93:07:e5:a8:20:b6:1e:02:69:cd:d0:65:58:de:
         0f:35:77:c2:d3:24:b6:b3:03:c7:2d:21:6d:e1:b3:42:23:3f:
         b8:4c:8f:3c:22:d8:34:1f:4c:4b:65:59:85:ff:2a:b3:f0:c0:
         b6:34:81:14:c4:9d:de:2b:fe:e8:6e:55:c1:bf:1c:38:b6:33:
         c2:71:40:4f:df:ca:5e:ed:05:f8:0f:fc:22:d8:82:13:fa:de:
         69:80:20:6d:88:b7:cf:58:32:03:81:f9:62:6a:ca:0d:fc:b7:
         f4:b0:ed:79:75:7c:0b:32:d3:df:2b:78:92:1e:70:dd:6b:50:
         2e:7a:b8:3c:84:11:18:4d:2a:ea:a0:7a:f9:e8:88:0a:48:ee:
         d6:d8:17:7d:5d:2e:e3:46:b3:ba:6e:de:97:be:a5:a3:9b:04:
         aa:00:06:e0:8f:69:c4:d3:37:35:24:50:44:7c:a1:82:aa:69:
         2b:fd:a9:f9:e5:d4:00:48:cf:94:40:a8:21:24:87:be:a2:4c:
         f9:13:bb:82:5a:3e:6c:61:6f:ac:34:88:57:6b:54:69:85:fa:
         95:ad:ee:20
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvNl0b6m/wUcBkYWrzXUyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDVjZjBmMDY5ZDZjNGM0MDgxNWNjZTg4NDUyZmU5MTU4MjBmMzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLtqTQquqcQJ04LUDvi8ux2ymzbX
UaIuzSSwsu8AYTsoi/88eq9OsFA94WKmpDjMbpgPuCZn+GVL7OZYFaU8t0cNqU71
wqL9VcJ1l3lR8t6u2dRkucKPIzCFix5fdVhH2muWChK0xIwDske2hAMlyWMxybvJ
tNr8szz3IyXbOFLpEzMm6IVSQ1rzpYRQVvJsI5XMdZEq87QTwZhR2GiOlLr7vjMT
BaLDPsv2wrZkQAJ+5dluWrYqllvmuwsSnjszF0tD1dcdWiuM9Kou87yMTiCdu6PM
3o1hV8IQOBGmc1C9gP/t/0OI9CKt0C7YGK9j5NVunhzihdk5BorY0CfRMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK1c8PBp1sTECBXM6IRS/pFYIPNpMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvclZ6dzhHbld4TVFJRmN6b2hGTC1rVmdnODJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBw6i
MA0GCSqGSIb3DQEBCwUAA4IBAQBMDX1cLM1WL+k1/IgXgn/AKMb6+mmNqeAAkg5O
Ib3RqgqFYnBekyEKkwflqCC2HgJpzdBlWN4PNXfC0yS2swPHLSFt4bNCIz+4TI88
Itg0H0xLZVmF/yqz8MC2NIEUxJ3eK/7oblXBvxw4tjPCcUBP38pe7QX4D/wi2IIT
+t5pgCBtiLfPWDIDgfliasoN/Lf0sO15dXwLMtPfK3iSHnDda1Auerg8hBEYTSrq
oHr56IgKSO7W2Bd9XS7jRrO6bt6XvqWjmwSqAAbgj2nE0zc1JFBEfKGCqmkr/an5
5dQASM+UQKghJIe+okz5E7uCWj5sYW+sNIhXa1RphfqVre4g
-----END CERTIFICATE-----