Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/wI1fQOpUol1WWrWlwPRFiayq1zo.roa
File:                     wI1fQOpUol1WWrWlwPRFiayq1zo.roa (raw, json)
Hash identifier:          cxh9g4l79KKHfbZWHfR5mgtAxi46QrmSldclBGe4Cwc=
Subject key identifier:   C0:8D:5F:40:EA:54:A2:5D:56:5A:B5:A5:C0:F4:45:89:AC:AA:D7:3A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD26E1C8463551BCD6B6C6D11B947F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/wI1fQOpUol1WWrWlwPRFiayq1zo.roa
Signing time:             Tue 02 Jan 2024 10:34:25 +0000
ROA not before:           Tue 02 Jan 2024 10:34:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210633
IP address blocks:        2a0e:b107:1960::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:26:e1:c8:46:35:51:bc:d6:b6:c6:d1:1b:94:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c08d5f40ea54a25d565ab5a5c0f44589acaad73a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:cb:f6:23:29:7e:14:5f:42:59:de:ea:65:81:
                    16:69:16:39:93:97:3e:de:4b:a1:10:f6:d9:47:3b:
                    51:b1:89:3c:0a:da:8c:38:c7:f5:f1:1e:18:18:36:
                    a3:33:43:b5:e3:f2:a1:c5:26:e2:b0:d5:98:30:00:
                    61:8e:ee:5f:1a:fc:e7:41:c4:6d:11:9a:77:0a:11:
                    02:f0:28:17:76:60:a4:b0:03:87:7b:70:45:83:d5:
                    93:b0:a5:57:44:79:c7:96:e3:b6:3f:eb:83:49:86:
                    93:ed:c1:f2:13:8e:dc:b7:8f:43:37:96:17:74:b4:
                    41:86:f7:ef:69:ed:c2:67:62:5f:9a:dd:63:db:73:
                    b7:47:26:20:55:e8:ca:de:a3:5b:02:bc:a2:5c:51:
                    64:8a:d4:d5:fd:e7:b5:d0:b3:3f:05:44:66:63:a0:
                    89:a4:dc:1d:44:3a:39:cc:80:be:7a:9a:63:65:a1:
                    2a:4f:c9:c9:79:d8:39:9d:d4:e4:d7:e6:e6:e4:bf:
                    4c:e6:32:49:45:ac:09:59:5e:07:0e:7a:26:b6:ae:
                    f4:56:12:18:a6:8f:a7:2c:59:f1:03:12:05:f5:fd:
                    e1:d1:56:b3:8b:06:e4:96:fe:87:ad:35:f3:1f:5a:
                    70:12:ac:f4:a0:01:a0:ae:f1:35:f5:37:3e:38:87:
                    fb:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:8D:5F:40:EA:54:A2:5D:56:5A:B5:A5:C0:F4:45:89:AC:AA:D7:3A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/wI1fQOpUol1WWrWlwPRFiayq1zo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1960::/44

    Signature Algorithm: sha256WithRSAEncryption
         69:81:ac:65:cd:b8:6a:34:f9:61:e2:0c:68:91:1f:48:eb:7b:
         0c:35:f4:b3:dd:a9:63:f4:24:14:37:d2:62:ff:c4:0f:4f:87:
         79:45:36:89:c4:d8:80:d0:a4:49:0c:32:f2:91:6e:a7:96:d0:
         13:4b:12:23:c6:07:91:d4:c8:97:f2:97:ea:e8:ac:66:13:71:
         2d:9a:0b:be:be:6d:9d:88:d4:8a:4f:a2:27:9c:a3:b8:8f:1b:
         78:24:8b:d9:2b:c6:e6:60:24:4c:5a:55:46:9d:b0:4b:f8:28:
         02:4d:b3:24:2d:fd:40:1d:1c:7f:77:d6:35:35:b8:9a:02:c7:
         89:35:cc:30:64:4d:dd:87:10:e7:18:70:d3:d3:ee:03:81:bf:
         eb:0f:31:aa:85:ce:96:7b:36:40:76:a2:10:6e:9c:42:24:2d:
         b8:05:19:67:6b:c2:ca:97:4f:03:e1:9b:b3:f5:a4:a2:aa:95:
         73:46:d9:08:8b:1a:2d:e2:52:9e:3a:cc:e0:86:93:9e:5f:01:
         6d:ce:52:42:9a:21:08:41:de:b3:b5:b3:b1:c4:c1:96:69:1f:
         fc:2c:d9:01:e3:9b:a8:a1:92:cb:42:5a:88:6a:c6:97:40:28:
         49:45:38:f6:c2:35:f1:29:c3:6b:8a:ba:fe:db:a4:a0:14:78:
         63:b1:5e:d5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvSbhyEY1UbzWtsbRG5R/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDhkNWY0MGVhNTRhMjVkNTY1YWI1YTVjMGY0NDU4OWFjYWFkNzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhMv2Iyl+FF9CWd7qZYEWaRY5k5c+
3kuhEPbZRztRsYk8CtqMOMf18R4YGDajM0O14/KhxSbisNWYMABhju5fGvznQcRt
EZp3ChEC8CgXdmCksAOHe3BFg9WTsKVXRHnHluO2P+uDSYaT7cHyE47ct49DN5YX
dLRBhvfvae3CZ2Jfmt1j23O3RyYgVejK3qNbAryiXFFkitTV/ee10LM/BURmY6CJ
pNwdRDo5zIC+eppjZaEqT8nJedg5ndTk1+bm5L9M5jJJRawJWV4HDnomtq70VhIY
po+nLFnxAxIF9f3h0Vaziwbklv6HrTXzH1pwEqz0oAGgrvE19Tc+OIf79wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMCNX0DqVKJdVlq1pcD0RYmsqtc6MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvd0kxZlFPcFVvbDFXV3JXbHdQUkZpYXlxMXpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxlg
MA0GCSqGSIb3DQEBCwUAA4IBAQBpgaxlzbhqNPlh4gxokR9I63sMNfSz3alj9CQU
N9Ji/8QPT4d5RTaJxNiA0KRJDDLykW6nltATSxIjxgeR1MiX8pfq6KxmE3Etmgu+
vm2diNSKT6InnKO4jxt4JIvZK8bmYCRMWlVGnbBL+CgCTbMkLf1AHRx/d9Y1Nbia
AseJNcwwZE3dhxDnGHDT0+4Dgb/rDzGqhc6WezZAdqIQbpxCJC24BRlna8LKl08D
4Zuz9aSiqpVzRtkIixot4lKeOszghpOeXwFtzlJCmiEIQd6ztbOxxMGWaR/8LNkB
45uooZLLQlqIasaXQChJRTj2wjXxKcNrirr+26SgFHhjsV7V
-----END CERTIFICATE-----