Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/w91-LaWKQApsb4xAFkghrck2Pp4.roa
File:                     w91-LaWKQApsb4xAFkghrck2Pp4.roa (raw, json)
Hash identifier:          3pOEYFjAe7bNQvd0ZFQe/eZ5HemGtIRoKbsTexWioCY=
Subject key identifier:   C3:DD:7E:2D:A5:8A:40:0A:6C:6F:8C:40:16:48:21:AD:C9:36:3E:9E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD14A0DF7E54C1FC8F3463028CAE33
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/w91-LaWKQApsb4xAFkghrck2Pp4.roa
Signing time:             Tue 02 Jan 2024 10:34:21 +0000
ROA not before:           Tue 02 Jan 2024 10:34:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207662
IP address blocks:        2a0e:97c0:760::/44 maxlen: 48
                          2a0e:97c0:76f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:14:a0:df:7e:54:c1:fc:8f:34:63:02:8c:ae:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3dd7e2da58a400a6c6f8c40164821adc9363e9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ea:a0:c2:da:56:71:0f:45:48:fd:c7:1a:12:
                    1f:e0:50:0e:28:97:f9:b2:eb:5d:30:ac:da:2f:c7:
                    64:b5:38:b5:a7:59:c5:49:a5:e5:c3:ae:16:8e:60:
                    00:f1:61:c2:cf:41:c8:e6:63:ef:fe:8f:f0:d2:eb:
                    45:75:97:a5:81:19:f7:0a:f7:72:78:f4:6f:91:b1:
                    59:cc:90:a4:74:b1:8b:bc:7b:44:6d:4a:70:f2:22:
                    0b:1e:f0:63:03:52:ca:f7:98:99:5c:5c:23:70:2a:
                    fc:9f:bb:b4:70:02:43:36:44:4f:16:40:17:ce:90:
                    d6:d1:f7:19:41:29:32:23:4f:31:dd:1a:b6:09:be:
                    24:4e:68:f2:68:51:b6:85:bd:e0:13:e9:81:11:fd:
                    ab:51:9f:51:f6:41:0d:cc:de:81:8d:52:80:8b:e0:
                    e3:98:76:8b:7f:55:f1:07:a0:17:8a:29:7e:f7:1e:
                    e7:6c:ca:8d:d1:3f:e5:fa:23:f1:69:1d:32:62:3f:
                    25:2e:4b:df:15:1f:ad:e2:df:3b:51:0f:5d:f2:24:
                    0b:ff:46:33:44:d3:04:3b:d4:12:e8:b8:68:5e:c2:
                    65:62:2a:aa:17:b5:22:1d:23:d7:2b:ca:bd:3c:f9:
                    45:25:9a:a1:60:f0:38:cd:81:d8:35:02:e3:25:57:
                    a1:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:DD:7E:2D:A5:8A:40:0A:6C:6F:8C:40:16:48:21:AD:C9:36:3E:9E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/w91-LaWKQApsb4xAFkghrck2Pp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:760::/44

    Signature Algorithm: sha256WithRSAEncryption
         5b:11:7d:71:18:ad:6d:ba:27:df:67:53:37:98:a1:c8:83:d1:
         37:5e:ca:d7:ff:d5:63:9f:9f:f6:e9:d7:7f:1c:fd:44:c3:11:
         a7:9d:e9:37:b2:fc:e4:28:bf:a9:fe:43:a2:00:37:b9:0a:f9:
         76:b1:2d:4b:be:8e:0d:12:8f:a4:51:ff:f7:20:46:1d:c3:a2:
         23:1d:11:47:fe:e2:a4:91:ca:0d:55:07:8c:b8:a7:a5:89:6c:
         d0:80:11:ec:d2:f1:84:60:4d:bd:53:bd:30:55:64:24:f0:96:
         ab:9f:48:c3:91:8a:a4:7a:35:51:12:73:ad:b6:bb:96:8a:14:
         33:a4:ce:4f:bb:ee:fc:fe:6c:0d:d6:14:34:ba:af:b2:81:47:
         bc:55:68:af:74:76:cb:62:3e:72:c8:93:f6:0b:8b:8a:8a:0c:
         06:74:b7:4c:d7:22:84:64:ae:53:5b:49:47:8c:01:2f:ee:02:
         64:1f:73:63:97:ad:f1:ff:09:38:c3:43:66:d5:d0:c7:95:d4:
         05:45:79:2d:ea:b8:88:53:cb:36:74:5c:f4:7b:66:5c:b3:b2:
         74:f5:ff:89:43:68:08:23:f4:98:e8:00:82:8e:a3:1c:ce:57:
         86:a3:18:b6:09:47:61:49:2f:29:64:63:00:05:12:a2:e2:17:
         dd:f7:76:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvRSg335UwfyPNGMCjK4zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2RkN2UyZGE1OGE0MDBhNmM2ZjhjNDAxNjQ4MjFhZGM5MzYzZTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeqgwtpWcQ9FSP3HGhIf4FAOKJf5
sutdMKzaL8dktTi1p1nFSaXlw64WjmAA8WHCz0HI5mPv/o/w0utFdZelgRn3Cvdy
ePRvkbFZzJCkdLGLvHtEbUpw8iILHvBjA1LK95iZXFwjcCr8n7u0cAJDNkRPFkAX
zpDW0fcZQSkyI08x3Rq2Cb4kTmjyaFG2hb3gE+mBEf2rUZ9R9kENzN6BjVKAi+Dj
mHaLf1XxB6AXiil+9x7nbMqN0T/l+iPxaR0yYj8lLkvfFR+t4t87UQ9d8iQL/0Yz
RNMEO9QS6LhoXsJlYiqqF7UiHSPXK8q9PPlFJZqhYPA4zYHYNQLjJVehUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMPdfi2likAKbG+MQBZIIa3JNj6eMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdzkxLUxhV0tRQXBzYjR4QUZrZ2hyY2syUHA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAdg
MA0GCSqGSIb3DQEBCwUAA4IBAQBbEX1xGK1tuiffZ1M3mKHIg9E3XsrX/9Vjn5/2
6dd/HP1EwxGnnek3svzkKL+p/kOiADe5Cvl2sS1Lvo4NEo+kUf/3IEYdw6IjHRFH
/uKkkcoNVQeMuKeliWzQgBHs0vGEYE29U70wVWQk8Jarn0jDkYqkejVREnOttruW
ihQzpM5Pu+78/mwN1hQ0uq+ygUe8VWivdHbLYj5yyJP2C4uKigwGdLdM1yKEZK5T
W0lHjAEv7gJkH3Njl63x/wk4w0Nm1dDHldQFRXkt6riIU8s2dFz0e2Zcs7J09f+J
Q2gII/SY6ACCjqMczleGoxi2CUdhSS8pZGMABRKi4hfd93Y9
-----END CERTIFICATE-----