Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/uVUdkC5ElHkPtoPdL17cOfSFLjc.roa
File:                     uVUdkC5ElHkPtoPdL17cOfSFLjc.roa (raw, json)
Hash identifier:          tUa6PtyHZuCNS4uybKW+aYg3uRE3mA54XcUmaLVBT9Q=
Subject key identifier:   B9:55:1D:90:2E:44:94:79:0F:B6:83:DD:2F:5E:DC:39:F4:85:2E:37
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD1FD9EFE694A89C46F9F08444641F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/uVUdkC5ElHkPtoPdL17cOfSFLjc.roa
Signing time:             Tue 02 Jan 2024 10:34:24 +0000
ROA not before:           Tue 02 Jan 2024 10:34:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209859
IP address blocks:        2a0e:b102:140::/43 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:1f:d9:ef:e6:94:a8:9c:46:f9:f0:84:44:64:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9551d902e4494790fb683dd2f5edc39f4852e37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ab:1f:33:ad:38:26:45:52:7a:09:cf:f8:06:
                    6f:29:6b:ad:31:48:43:52:1a:43:1b:7b:5b:df:e5:
                    a2:7c:58:1b:a4:b2:30:cb:80:5b:6d:94:a7:92:08:
                    f5:ac:d0:38:7e:72:be:42:51:20:ae:aa:0f:a1:f4:
                    58:53:e5:93:63:11:6e:6e:46:1e:ad:e6:f5:1e:2b:
                    c7:08:59:7d:a0:33:1b:9a:8b:9b:19:09:d9:47:98:
                    c2:85:74:45:8a:5f:af:ce:67:32:ec:7b:2f:fe:c4:
                    17:c9:bd:8f:18:76:0c:32:5f:cc:b9:1d:86:dc:1b:
                    74:be:f1:fa:5e:99:c2:f8:fd:1c:4a:05:3f:1d:34:
                    ff:a6:26:df:74:e0:bb:e7:17:f3:0d:c0:d7:8d:d9:
                    49:65:13:9a:97:76:33:32:cb:b7:85:d6:c8:12:e1:
                    30:60:e7:66:d7:f0:7e:d6:2c:e1:d3:c6:35:a2:33:
                    4a:6e:da:13:59:3f:1d:e4:36:f0:39:6a:c2:54:7f:
                    bd:17:aa:09:0d:02:ed:c7:df:86:eb:00:6e:98:38:
                    6f:54:51:5b:f2:cf:2e:c8:99:23:06:c0:a2:24:da:
                    3e:fa:6f:39:7b:19:21:53:28:59:ec:cd:3d:83:6f:
                    1a:40:78:bc:5b:42:bc:c2:b9:46:d9:88:84:ad:86:
                    5d:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:55:1D:90:2E:44:94:79:0F:B6:83:DD:2F:5E:DC:39:F4:85:2E:37
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/uVUdkC5ElHkPtoPdL17cOfSFLjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b102:140::/43

    Signature Algorithm: sha256WithRSAEncryption
         25:38:96:b3:30:e1:92:88:1c:d6:e7:69:d4:47:2a:cb:3f:d0:
         ca:fe:cb:8c:b5:76:1b:39:ec:0c:b0:f7:f2:21:23:3a:e1:6e:
         b9:da:c0:12:2a:18:b4:eb:f2:75:8a:4c:e8:e0:ff:8e:6f:e4:
         24:d2:74:f0:ea:34:96:c7:08:12:80:55:2a:b5:54:a0:fe:c2:
         fa:4d:e2:97:78:fb:9d:ba:0b:41:a0:d7:90:2e:fd:15:c2:8f:
         7e:6e:e2:77:3e:b3:2e:25:17:7e:c0:11:1e:87:4b:74:3f:ed:
         b2:49:dc:39:fe:b4:5b:af:46:51:e2:6f:df:28:02:a2:df:39:
         e0:80:3b:72:e0:6d:a7:3c:a9:a2:72:72:b9:a3:f1:5a:0d:78:
         eb:03:d7:f0:65:fc:a9:9c:00:35:ec:18:03:21:1d:ca:93:3d:
         df:a1:6d:1a:6c:90:51:48:56:30:cf:09:d8:2f:20:48:9c:e0:
         25:a1:56:90:f2:41:97:75:84:40:12:eb:25:fa:e9:74:f6:ca:
         f9:59:0c:a6:d8:4b:26:4b:1f:1c:79:2b:26:f3:14:a1:ab:c0:
         3d:c4:19:f9:91:cd:b0:31:24:d4:81:02:72:25:64:af:37:03:
         37:f3:41:d1:9e:cd:e4:20:f2:45:5a:ea:05:80:9c:36:7a:40:
         a7:30:95:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvR/Z7+aUqJxG+fCERGQfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTU1MWQ5MDJlNDQ5NDc5MGZiNjgzZGQyZjVlZGMzOWY0ODUyZTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqsfM604JkVSegnP+AZvKWutMUhD
UhpDG3tb3+WifFgbpLIwy4BbbZSnkgj1rNA4fnK+QlEgrqoPofRYU+WTYxFubkYe
reb1HivHCFl9oDMbmoubGQnZR5jChXRFil+vzmcy7Hsv/sQXyb2PGHYMMl/MuR2G
3Bt0vvH6XpnC+P0cSgU/HTT/pibfdOC75xfzDcDXjdlJZROal3YzMsu3hdbIEuEw
YOdm1/B+1izh08Y1ojNKbtoTWT8d5DbwOWrCVH+9F6oJDQLtx9+G6wBumDhvVFFb
8s8uyJkjBsCiJNo++m85exkhUyhZ7M09g28aQHi8W0K8wrlG2YiErYZdFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLlVHZAuRJR5D7aD3S9e3Dn0hS43MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdVZVZGtDNUVsSGtQdG9QZEwxN2NPZlNGTGpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcFKg6xAgFA
MA0GCSqGSIb3DQEBCwUAA4IBAQAlOJazMOGSiBzW52nURyrLP9DK/suMtXYbOewM
sPfyISM64W652sASKhi06/J1ikzo4P+Ob+Qk0nTw6jSWxwgSgFUqtVSg/sL6TeKX
ePudugtBoNeQLv0Vwo9+buJ3PrMuJRd+wBEeh0t0P+2ySdw5/rRbr0ZR4m/fKAKi
3znggDty4G2nPKmicnK5o/FaDXjrA9fwZfypnAA17BgDIR3Kkz3foW0abJBRSFYw
zwnYLyBInOAloVaQ8kGXdYRAEusl+ul09sr5WQym2EsmSx8ceSsm8xShq8A9xBn5
kc2wMSTUgQJyJWSvNwM380HRns3kIPJFWuoFgJw2ekCnMJWK
-----END CERTIFICATE-----