Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/vUaFj57mmzdrplmpAmsYVmJZxJg.roa
File:                     vUaFj57mmzdrplmpAmsYVmJZxJg.roa (raw, json)
Hash identifier:          hQ0PzqcVDJJnOKMQdTzH6ouIlKKF/uPZbtkGUbzntEc=
Subject key identifier:   BD:46:85:8F:9E:E6:9B:37:6B:A6:59:A9:02:6B:18:56:62:59:C4:98
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCDDD3BF82B3029C218CC13CF7EC4D
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/vUaFj57mmzdrplmpAmsYVmJZxJg.roa
Signing time:             Tue 02 Jan 2024 10:34:07 +0000
ROA not before:           Tue 02 Jan 2024 10:34:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     140936
IP address blocks:        2a0e:b107:bd0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:dd:d3:bf:82:b3:02:9c:21:8c:c1:3c:f7:ec:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd46858f9ee69b376ba659a9026b18566259c498
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8a:5f:e8:af:4b:8a:42:6a:99:b7:69:bb:fc:
                    5a:24:b8:25:75:7a:d4:03:ee:18:42:e7:9b:73:ce:
                    e8:5e:72:bc:e0:4b:30:2e:cf:3a:6a:61:0b:26:ea:
                    dc:9b:bb:df:8c:13:5b:98:dc:57:a5:80:ae:52:f0:
                    7f:f8:56:6d:9f:7c:03:26:a2:97:a0:d5:bd:8c:6c:
                    51:ff:7a:76:44:f6:3e:fd:40:45:62:92:49:d2:80:
                    27:b8:23:1d:4c:be:6f:d4:2d:e5:6a:0d:f7:de:d6:
                    ec:f9:02:fc:f8:14:ea:9e:35:e7:c4:7b:c0:c1:b3:
                    b0:c8:a1:15:70:5a:bf:0b:1f:3b:23:13:32:f5:e2:
                    2e:e9:56:16:f5:33:15:14:9d:61:6f:c6:19:98:dc:
                    3f:56:0a:29:5f:c9:40:58:df:59:7a:f1:73:f6:b3:
                    94:67:f7:93:8c:7b:48:79:3b:2d:2e:7e:f7:11:60:
                    df:6b:01:ec:7e:13:8b:5b:39:e1:85:fc:57:7b:50:
                    2c:79:af:7d:80:68:0d:f3:25:d2:e5:46:de:fb:a1:
                    49:94:97:0d:21:c4:17:d2:cd:d3:97:8f:0c:5d:11:
                    56:6d:24:10:52:a0:8f:d5:9c:47:99:5c:89:11:09:
                    65:2c:36:07:a2:22:80:ca:3a:85:71:4e:2b:d9:33:
                    0a:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:46:85:8F:9E:E6:9B:37:6B:A6:59:A9:02:6B:18:56:62:59:C4:98
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/vUaFj57mmzdrplmpAmsYVmJZxJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:bd0::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:6a:35:78:2d:c3:28:d1:a8:39:83:ca:6b:97:51:48:28:73:
         97:86:a3:cf:11:93:d0:af:97:20:82:bd:b2:79:c9:9f:86:ed:
         9e:12:18:ec:b6:b2:4f:6e:a2:7d:38:f9:d2:1b:d8:65:3d:9b:
         58:6b:50:1c:71:20:c9:74:e9:80:78:5e:9f:1d:ad:a1:81:c5:
         14:3b:79:e2:7a:27:26:a0:a7:a9:9b:97:a4:a4:04:43:22:5f:
         14:68:99:23:8e:a4:e3:72:9c:7d:ee:25:73:aa:4f:c8:10:51:
         cc:45:01:fb:69:72:75:f7:ba:45:26:ae:a8:af:fc:ef:65:cc:
         a3:e8:96:18:0f:a2:59:55:27:5e:c1:b5:a0:fe:2b:33:d5:82:
         2f:64:29:e1:06:73:8a:35:fc:c8:7f:f8:5e:5a:00:d2:0c:b6:
         08:e2:76:7f:bb:c1:81:6a:3f:42:68:b6:52:8e:ad:f4:bc:70:
         ee:a3:3d:08:08:b2:04:86:6d:ca:4a:3f:e9:86:63:26:b9:c3:
         ea:0f:a4:cf:1c:c9:db:1d:c6:c9:c9:d3:e8:8b:0d:c5:87:51:
         67:32:b2:bd:02:0b:0b:ed:a4:65:26:c7:56:f0:bb:43:d5:bb:
         7a:7a:d7:97:29:b6:74:47:e6:ad:1c:58:c8:d6:70:b3:fb:dd:
         a7:b7:b1:91
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvN3Tv4KzApwhjME89+xNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDQ2ODU4ZjllZTY5YjM3NmJhNjU5YTkwMjZiMTg1NjYyNTljNDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4pf6K9LikJqmbdpu/xaJLgldXrU
A+4YQuebc87oXnK84EswLs86amELJurcm7vfjBNbmNxXpYCuUvB/+FZtn3wDJqKX
oNW9jGxR/3p2RPY+/UBFYpJJ0oAnuCMdTL5v1C3lag333tbs+QL8+BTqnjXnxHvA
wbOwyKEVcFq/Cx87IxMy9eIu6VYW9TMVFJ1hb8YZmNw/VgopX8lAWN9ZevFz9rOU
Z/eTjHtIeTstLn73EWDfawHsfhOLWznhhfxXe1Asea99gGgN8yXS5Ube+6FJlJcN
IcQX0s3Tl48MXRFWbSQQUqCP1ZxHmVyJEQllLDYHoiKAyjqFcU4r2TMKtQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL1GhY+e5ps3a6ZZqQJrGFZiWcSYMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdlVhRmo1N21temRycGxtcEFtc1lWbUpaeEpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBwvQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAWajV4LcMo0ag5g8prl1FIKHOXhqPPEZPQr5cg
gr2yecmfhu2eEhjstrJPbqJ9OPnSG9hlPZtYa1AccSDJdOmAeF6fHa2hgcUUO3ni
eicmoKepm5ekpARDIl8UaJkjjqTjcpx97iVzqk/IEFHMRQH7aXJ197pFJq6or/zv
Zcyj6JYYD6JZVSdewbWg/isz1YIvZCnhBnOKNfzIf/heWgDSDLYI4nZ/u8GBaj9C
aLZSjq30vHDuoz0ICLIEhm3KSj/phmMmucPqD6TPHMnbHcbJydPoiw3Fh1FnMrK9
AgsL7aRlJsdW8LtD1bt6eteXKbZ0R+atHFjI1nCz+92nt7GR
-----END CERTIFICATE-----