Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tQw4Kzth8yXJBU90SV0d0Rp2CVo.roa
File:                     tQw4Kzth8yXJBU90SV0d0Rp2CVo.roa (raw, json)
Hash identifier:          /j6hKkVKdkFATMBK18SqRePcKa9Zi4JJ0CuGE/BWrfQ=
Subject key identifier:   B5:0C:38:2B:3B:61:F3:25:C9:05:4F:74:49:5D:1D:D1:1A:76:09:5A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018D8E5BC8CFE3D7D93C0E9B61B19534A714
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tQw4Kzth8yXJBU90SV0d0Rp2CVo.roa
Signing time:             Fri 09 Feb 2024 14:53:16 +0000
ROA not before:           Fri 09 Feb 2024 14:53:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215669
IP address blocks:        2a0e:97c0:8b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:8e:5b:c8:cf:e3:d7:d9:3c:0e:9b:61:b1:95:34:a7:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb  9 14:53:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b50c382b3b61f325c9054f74495d1dd11a76095a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:de:d5:13:51:38:3b:bc:0b:41:5a:cd:e2:eb:
                    7f:1a:7b:6c:74:34:e0:77:1b:30:d7:ae:fa:92:ca:
                    6f:c2:ff:9c:d6:1c:fc:c1:dd:52:0a:0a:cb:3d:af:
                    97:71:08:9a:cf:9e:fb:bd:7c:6d:eb:ec:ef:a0:6c:
                    d3:16:1f:e2:3f:e3:c0:e1:c1:a6:6f:31:99:ce:88:
                    ae:09:65:82:d7:ea:8a:06:6c:a9:30:5c:4b:63:1d:
                    fd:04:5f:59:fe:bc:0c:29:42:11:1c:ac:93:f5:e7:
                    07:9f:43:48:74:f2:f1:7c:f8:ec:6b:f3:c7:98:61:
                    0a:40:84:29:83:94:32:27:75:31:fb:14:ad:d6:df:
                    72:58:72:5b:72:5f:03:4b:60:af:ad:ef:a9:74:9c:
                    98:3c:d9:e6:d5:0d:22:13:5e:da:91:34:b7:c1:17:
                    0b:e6:c2:bc:4e:10:4d:b4:dd:b0:df:e9:8a:0f:9b:
                    4d:73:fa:1e:86:30:d5:11:87:b5:33:d9:d5:59:f8:
                    df:54:37:24:4c:e5:66:11:42:bb:42:36:b1:7d:1e:
                    93:f6:c1:ff:fb:5c:87:3b:a8:2e:74:dc:1f:91:bc:
                    20:8e:cc:2b:a0:10:46:6a:b2:6f:78:61:da:1e:8c:
                    8d:ae:7e:58:bb:fc:60:b2:33:5c:f1:a9:e0:4b:21:
                    3f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:0C:38:2B:3B:61:F3:25:C9:05:4F:74:49:5D:1D:D1:1A:76:09:5A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tQw4Kzth8yXJBU90SV0d0Rp2CVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:8b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         4e:bf:ad:57:4a:64:48:b3:c6:15:75:6e:96:c8:60:61:5a:6e:
         50:06:eb:56:02:4f:49:5a:88:00:ca:94:03:7b:39:bc:97:b1:
         d6:5c:0a:67:d9:2f:ad:bc:e8:3c:1b:b3:74:52:85:74:69:4f:
         75:8c:bd:78:5c:1b:8b:75:b3:45:ef:a5:45:30:57:86:2f:74:
         21:18:f1:df:f1:d7:64:4a:8b:50:29:e4:5b:03:d1:eb:09:04:
         6d:41:b7:f7:e5:89:c5:80:d6:86:02:76:0c:b8:79:3d:9f:68:
         fb:a3:3c:d8:6e:a8:23:e3:43:15:34:f7:96:9e:1a:ab:df:4d:
         82:91:fa:e4:c0:70:32:42:f1:33:9f:82:fe:19:4a:00:43:b3:
         21:aa:ab:9b:48:e9:7c:aa:21:47:6d:fc:2d:ca:79:8c:e5:1e:
         cc:0e:03:b3:47:39:4e:f0:91:c8:23:0d:6c:12:83:7d:de:1a:
         3d:4d:c8:db:73:95:44:6f:25:41:8f:9b:ea:21:9e:9d:e7:a3:
         de:78:94:c0:90:7b:1e:aa:55:83:90:7f:86:22:89:66:57:f3:
         7b:1d:3a:5b:c5:f0:72:6a:d8:81:68:56:76:76:e7:51:0e:95:
         93:ca:6b:42:46:f3:53:ff:8a:79:e5:bb:d0:0b:b3:03:87:4b:
         fa:7b:c3:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2OW8jP49fZPA6bYbGVNKcUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMjA5MTQ1MzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTBjMzgyYjNiNjFmMzI1YzkwNTRmNzQ0OTVkMWRkMTFhNzYwOTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk97VE1E4O7wLQVrN4ut/GntsdDTg
dxsw1676kspvwv+c1hz8wd1SCgrLPa+XcQiaz577vXxt6+zvoGzTFh/iP+PA4cGm
bzGZzoiuCWWC1+qKBmypMFxLYx39BF9Z/rwMKUIRHKyT9ecHn0NIdPLxfPjsa/PH
mGEKQIQpg5QyJ3Ux+xSt1t9yWHJbcl8DS2Cvre+pdJyYPNnm1Q0iE17akTS3wRcL
5sK8ThBNtN2w3+mKD5tNc/oehjDVEYe1M9nVWfjfVDckTOVmEUK7QjaxfR6T9sH/
+1yHO6gudNwfkbwgjswroBBGarJveGHaHoyNrn5Yu/xgsjNc8angSyE/1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLUMOCs7YfMlyQVPdEldHdEadglaMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdFF3NEt6dGg4eVhKQlU5MFNWMGQwUnAyQ1ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAiw
MA0GCSqGSIb3DQEBCwUAA4IBAQBOv61XSmRIs8YVdW6WyGBhWm5QButWAk9JWogA
ypQDezm8l7HWXApn2S+tvOg8G7N0UoV0aU91jL14XBuLdbNF76VFMFeGL3QhGPHf
8ddkSotQKeRbA9HrCQRtQbf35YnFgNaGAnYMuHk9n2j7ozzYbqgj40MVNPeWnhqr
302CkfrkwHAyQvEzn4L+GUoAQ7MhqqubSOl8qiFHbfwtynmM5R7MDgOzRzlO8JHI
Iw1sEoN93ho9Tcjbc5VEbyVBj5vqIZ6d56PeeJTAkHseqlWDkH+GIolmV/N7HTpb
xfByatiBaFZ2dudRDpWTymtCRvNT/4p55bvQC7MDh0v6e8ML
-----END CERTIFICATE-----