Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/t1A4XZgR8NbdqLAPLB-ByUX4n3Y.roa
File:                     t1A4XZgR8NbdqLAPLB-ByUX4n3Y.roa (raw, json)
Hash identifier:          6xlkfa/VSGZbCp1MfSnBmFtGDdGHlNWuCyDyRtmpBgk=
Subject key identifier:   B7:50:38:5D:98:11:F0:D6:DD:A8:B0:0F:2C:1F:81:C9:45:F8:9F:76
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD27326CFE9917C7EC3D0230CA1B52
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/t1A4XZgR8NbdqLAPLB-ByUX4n3Y.roa
Signing time:             Tue 02 Jan 2024 10:34:25 +0000
ROA not before:           Tue 02 Jan 2024 10:34:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210659
IP address blocks:        2a0e:97c0:560::/44 maxlen: 48
                          2a10:cc40:130::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:27:32:6c:fe:99:17:c7:ec:3d:02:30:ca:1b:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b750385d9811f0d6dda8b00f2c1f81c945f89f76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:c1:60:80:41:2d:11:59:04:c7:5b:00:4f:db:
                    d3:bc:bc:ab:e9:ac:55:5b:6f:68:c9:d9:c5:c2:f1:
                    ca:c0:b0:d9:fd:98:07:b3:fc:87:fc:20:8f:2e:f0:
                    15:16:38:95:93:22:57:7e:9f:e1:d7:a2:7b:8d:97:
                    66:b6:60:95:8d:75:5b:5e:00:2a:f7:5d:6d:28:0b:
                    42:d7:b7:68:58:66:a1:03:58:2a:ba:74:be:13:ba:
                    0c:c8:cd:55:2c:20:de:b7:47:fe:6a:20:85:fa:28:
                    78:84:5c:01:eb:db:75:88:41:3f:d4:06:df:39:a8:
                    ad:9b:33:72:40:eb:07:15:f3:51:9e:49:5b:86:1f:
                    e7:45:e7:05:56:12:07:d2:db:b6:b3:ab:bd:f2:35:
                    2a:99:12:24:0d:58:9e:80:75:07:0b:c7:e4:52:41:
                    ca:80:d0:58:25:0e:01:26:6a:e6:b4:dd:ac:9c:9c:
                    3b:30:6e:2b:67:ad:7f:b6:9d:51:53:fd:39:3e:b3:
                    f0:65:3a:04:95:76:85:4e:09:c3:77:af:aa:b7:7c:
                    18:a2:64:59:c3:39:b9:17:de:31:5b:5f:ff:fb:a2:
                    43:65:4b:5f:cd:80:5e:17:32:6e:3b:77:3a:ab:46:
                    5c:2d:3a:36:d4:a0:33:9d:41:80:5a:ff:12:72:a1:
                    65:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:50:38:5D:98:11:F0:D6:DD:A8:B0:0F:2C:1F:81:C9:45:F8:9F:76
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/t1A4XZgR8NbdqLAPLB-ByUX4n3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:560::/44
                  2a10:cc40:130::/44

    Signature Algorithm: sha256WithRSAEncryption
         af:04:7f:9f:16:3e:bd:99:ac:a8:c1:f8:d2:79:cc:14:a2:2e:
         76:25:8d:14:51:2e:17:da:dc:49:89:4c:53:ff:7c:50:4b:50:
         e1:06:73:74:83:c7:8f:b1:85:65:78:bc:95:47:d5:22:2e:2e:
         eb:01:04:d0:a5:95:b2:90:51:8a:18:43:3d:ac:a6:c6:24:a8:
         2f:ae:69:20:d5:1d:aa:62:a4:04:17:b0:fa:0b:d1:61:47:2e:
         ab:37:a7:8f:84:30:be:8e:2b:1b:63:40:14:bb:bd:68:c1:f0:
         bd:ae:cc:4a:a9:da:ea:33:fc:40:bb:78:3d:bd:ca:fa:5d:f6:
         7e:c1:5d:7e:7a:70:8b:6a:b2:35:fb:09:95:9d:4b:00:dc:13:
         55:e1:9c:7b:2d:64:04:b9:27:d9:57:a8:f2:36:0b:60:50:d0:
         2a:e4:34:a0:9a:74:53:51:8f:c7:32:74:e2:d0:2f:d1:3c:ef:
         95:27:87:5b:29:1b:8f:ba:31:00:af:f6:ad:be:9c:31:70:fc:
         8c:66:d9:a8:77:32:82:91:f7:de:14:ba:a7:0d:cd:43:31:3a:
         47:bb:0b:e8:fa:90:12:3f:9e:0c:fc:ae:7e:c8:4d:c9:ec:91:
         53:f9:0c:59:df:8c:d6:5b:b3:b9:f7:47:5f:c6:a1:e0:5c:f7:
         40:dc:30:7e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvScybP6ZF8fsPQIwyhtSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzUwMzg1ZDk4MTFmMGQ2ZGRhOGIwMGYyYzFmODFjOTQ1Zjg5Zjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAicFggEEtEVkEx1sAT9vTvLyr6axV
W29oydnFwvHKwLDZ/ZgHs/yH/CCPLvAVFjiVkyJXfp/h16J7jZdmtmCVjXVbXgAq
911tKAtC17doWGahA1gqunS+E7oMyM1VLCDet0f+aiCF+ih4hFwB69t1iEE/1Abf
OaitmzNyQOsHFfNRnklbhh/nRecFVhIH0tu2s6u98jUqmRIkDViegHUHC8fkUkHK
gNBYJQ4BJmrmtN2snJw7MG4rZ61/tp1RU/05PrPwZToElXaFTgnDd6+qt3wYomRZ
wzm5F94xW1//+6JDZUtfzYBeFzJuO3c6q0ZcLTo21KAznUGAWv8ScqFldQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLdQOF2YEfDW3aiwDywfgclF+J92MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdDFBNFhaZ1I4TmJkcUxBUExCLUJ5VVg0bjNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6XwAVg
AwcEKhDMQAEwMA0GCSqGSIb3DQEBCwUAA4IBAQCvBH+fFj69mayowfjSecwUoi52
JY0UUS4X2txJiUxT/3xQS1DhBnN0g8ePsYVleLyVR9UiLi7rAQTQpZWykFGKGEM9
rKbGJKgvrmkg1R2qYqQEF7D6C9FhRy6rN6ePhDC+jisbY0AUu71owfC9rsxKqdrq
M/xAu3g9vcr6XfZ+wV1+enCLarI1+wmVnUsA3BNV4Zx7LWQEuSfZV6jyNgtgUNAq
5DSgmnRTUY/HMnTi0C/RPO+VJ4dbKRuPujEAr/atvpwxcPyMZtmodzKCkffeFLqn
Dc1DMTpHuwvo+pASP54M/K5+yE3J7JFT+QxZ34zWW7O590dfxqHgXPdA3DB+
-----END CERTIFICATE-----