Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/v0Ct4EK_XtNFlDtpdk6F9SRXhrg.roa
File:                     v0Ct4EK_XtNFlDtpdk6F9SRXhrg.roa (raw, json)
Hash identifier:          Oe+oekaLrWGVOLK/tFmgDTvphgqW7SKDZb2vyBOxSYM=
Subject key identifier:   BF:40:AD:E0:42:BF:5E:D3:45:94:3B:69:76:4E:85:F5:24:57:86:B8
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018D96A33B3339C287931819FACF1B4978C8
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/v0Ct4EK_XtNFlDtpdk6F9SRXhrg.roa
Signing time:             Sun 11 Feb 2024 05:28:16 +0000
ROA not before:           Sun 11 Feb 2024 05:28:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198316
IP address blocks:        2a0e:b107:1a60::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:96:a3:3b:33:39:c2:87:93:18:19:fa:cf:1b:49:78:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb 11 05:28:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf40ade042bf5ed345943b69764e85f5245786b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f0:aa:82:86:b5:eb:ae:56:be:31:fe:16:3a:
                    a9:53:a2:9b:62:11:bd:f1:08:ba:6a:5c:54:fb:9c:
                    97:0f:c8:36:f1:3a:ae:5b:cf:13:43:3d:9c:47:07:
                    36:50:07:06:05:91:10:63:4c:a4:5f:f7:3b:d1:62:
                    14:40:0a:27:22:4f:46:f5:03:71:de:2b:ea:fe:78:
                    b4:39:a3:f1:c8:0a:88:66:a2:b4:e3:66:78:e3:10:
                    49:3a:86:05:61:8c:bf:34:42:bd:da:3c:f6:40:67:
                    2b:b5:e3:47:7c:ce:1e:d8:08:0e:e2:1e:9a:71:fb:
                    8d:43:ac:5b:02:21:42:f2:34:b4:c2:0f:70:e9:49:
                    2c:88:0d:62:cb:b5:db:b9:60:b5:1c:4a:78:5a:88:
                    dd:ca:ae:24:32:55:af:79:79:07:67:2a:31:7a:6b:
                    81:f6:8a:1a:5f:99:be:18:7e:1c:99:15:66:52:c1:
                    24:af:41:f8:ff:52:92:63:d6:22:c6:ec:bc:3d:16:
                    af:1f:60:44:8a:8a:3b:69:57:bb:e6:bf:91:1a:3e:
                    84:0e:59:a5:3d:10:fd:2e:16:87:12:c5:3b:25:77:
                    01:4e:13:32:38:c5:22:07:2a:9f:d8:44:44:e4:8b:
                    d7:5e:c3:28:16:60:0c:db:b3:81:7c:f4:f1:1f:44:
                    39:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:40:AD:E0:42:BF:5E:D3:45:94:3B:69:76:4E:85:F5:24:57:86:B8
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/v0Ct4EK_XtNFlDtpdk6F9SRXhrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1a60::/44

    Signature Algorithm: sha256WithRSAEncryption
         46:e9:41:cb:0d:9e:4f:59:fd:db:6c:97:4e:2f:38:28:c5:f2:
         31:63:99:2c:e3:b8:4a:df:10:9c:48:a4:49:9b:5a:a2:db:be:
         40:1d:61:ee:3a:0e:2f:8c:9e:cb:a6:05:59:4d:cd:d8:d8:ce:
         ad:a0:fd:35:e5:b5:97:1f:94:88:b7:31:5e:65:b4:9f:b5:96:
         ed:57:a5:7c:61:6d:47:ce:87:2d:46:e7:39:1a:7d:c1:6b:f2:
         ea:94:0f:58:d7:2d:57:e9:30:1d:aa:a1:de:f0:8a:53:16:7d:
         83:31:0d:30:a0:52:3a:d5:d3:38:18:bf:69:8b:86:b2:98:3c:
         a1:60:6c:a9:5a:89:66:fc:73:88:1c:43:a1:58:c9:7d:d3:91:
         c2:fe:bc:1f:2c:87:8c:11:95:e2:39:74:70:72:1c:b1:2a:46:
         e3:04:fc:19:6c:83:ee:5a:48:4d:20:ae:d0:ca:8f:3c:79:5d:
         57:5d:d3:67:e1:60:9c:fd:36:db:86:8d:89:ef:1f:18:32:62:
         fd:5e:41:b9:18:ac:8d:01:86:40:58:e2:25:87:08:56:41:81:
         93:11:3c:4f:d7:10:d0:30:5b:29:2c:b7:a7:3d:9e:93:99:8f:
         c3:6e:59:7e:77:68:7a:b8:a2:16:33:d3:f3:6e:7e:6d:94:8e:
         cd:66:86:d0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2WozszOcKHkxgZ+s8bSXjIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMjExMDUyODE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjQwYWRlMDQyYmY1ZWQzNDU5NDNiNjk3NjRlODVmNTI0NTc4NmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfCqgoa1665WvjH+FjqpU6KbYhG9
8Qi6alxU+5yXD8g28TquW88TQz2cRwc2UAcGBZEQY0ykX/c70WIUQAonIk9G9QNx
3ivq/ni0OaPxyAqIZqK042Z44xBJOoYFYYy/NEK92jz2QGcrteNHfM4e2AgO4h6a
cfuNQ6xbAiFC8jS0wg9w6UksiA1iy7XbuWC1HEp4Wojdyq4kMlWveXkHZyoxemuB
9ooaX5m+GH4cmRVmUsEkr0H4/1KSY9Yixuy8PRavH2BEioo7aVe75r+RGj6EDlml
PRD9LhaHEsU7JXcBThMyOMUiByqf2ERE5IvXXsMoFmAM27OBfPTxH0Q5zQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL9AreBCv17TRZQ7aXZOhfUkV4a4MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdjBDdDRFS19YdE5GbER0cGRrNkY5U1JYaHJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxpg
MA0GCSqGSIb3DQEBCwUAA4IBAQBG6UHLDZ5PWf3bbJdOLzgoxfIxY5ks47hK3xCc
SKRJm1qi275AHWHuOg4vjJ7LpgVZTc3Y2M6toP015bWXH5SItzFeZbSftZbtV6V8
YW1HzoctRuc5Gn3Ba/LqlA9Y1y1X6TAdqqHe8IpTFn2DMQ0woFI61dM4GL9pi4ay
mDyhYGypWolm/HOIHEOhWMl905HC/rwfLIeMEZXiOXRwchyxKkbjBPwZbIPuWkhN
IK7Qyo88eV1XXdNn4WCc/Tbbho2J7x8YMmL9XkG5GKyNAYZAWOIlhwhWQYGTETxP
1xDQMFspLLenPZ6TmY/Dbll+d2h6uKIWM9Pzbn5tlI7NZobQ
-----END CERTIFICATE-----