Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/wjomMyLcr2ga8aY6VZ0uh4VmJ9Q.roa
File:                     wjomMyLcr2ga8aY6VZ0uh4VmJ9Q.roa (raw, json)
Hash identifier:          ymx4AwGx4uQz/RkBfbztY2JvZSpuL5Cv+QWu0ROp/bI=
Subject key identifier:   C2:3A:26:33:22:DC:AF:68:1A:F1:A6:3A:55:9D:2E:87:85:66:27:D4
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD589CE1873EFFE7F391D831741FC2
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/wjomMyLcr2ga8aY6VZ0uh4VmJ9Q.roa
Signing time:             Tue 02 Jan 2024 10:34:38 +0000
ROA not before:           Tue 02 Jan 2024 10:34:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216375
IP address blocks:        2a0e:b107:27e8::/45 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:58:9c:e1:87:3e:ff:e7:f3:91:d8:31:74:1f:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c23a263322dcaf681af1a63a559d2e87856627d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:e3:97:6a:95:b2:03:94:ca:c1:b9:f2:c6:0a:
                    71:7a:a9:d2:4e:90:70:47:67:7f:c9:f5:68:4e:bb:
                    8f:d8:e6:70:19:36:fb:a1:5a:27:41:02:cf:33:ef:
                    33:87:ca:a6:25:3c:d0:ee:89:8f:40:98:40:f0:72:
                    a6:e4:7c:87:15:82:10:0e:0d:78:d7:da:5d:fc:55:
                    e3:16:11:7c:52:ff:33:20:74:51:e3:96:8c:56:81:
                    9c:7c:00:2a:51:fd:be:e6:b9:55:8e:a9:00:44:e3:
                    d9:43:f0:e7:99:e2:e1:40:c3:6e:07:13:99:f3:db:
                    fa:3b:87:87:db:4f:fd:50:de:12:cc:91:b5:56:35:
                    c5:37:21:e4:e3:da:e2:1b:c1:36:e7:8d:ce:d3:96:
                    c6:5c:92:95:9a:f0:ba:db:ea:be:ff:3a:4c:f6:a1:
                    73:47:b4:7f:da:4e:11:3d:2a:81:e7:19:ae:d0:c9:
                    e6:8a:94:c6:b2:36:72:0f:8f:4e:c5:a3:4e:87:12:
                    e6:2a:d9:15:2b:eb:c2:e8:ff:84:78:6a:2e:6b:44:
                    07:18:b6:bc:85:4f:02:26:b8:d4:83:02:c9:18:49:
                    72:90:21:2b:08:43:ae:3a:79:7c:32:4e:d5:5e:c9:
                    93:df:93:5b:f1:26:a2:39:9c:02:79:49:c2:78:e3:
                    52:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:3A:26:33:22:DC:AF:68:1A:F1:A6:3A:55:9D:2E:87:85:66:27:D4
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/wjomMyLcr2ga8aY6VZ0uh4VmJ9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:27e8::/45

    Signature Algorithm: sha256WithRSAEncryption
         bd:80:ae:4f:c5:cc:2a:0c:9c:96:10:55:68:32:b6:53:96:d6:
         5d:81:0b:ad:ef:d8:e6:e6:be:8d:f6:1c:11:96:06:ea:b1:6c:
         ed:24:4e:7c:7f:c1:4e:53:59:93:fe:33:86:23:9f:71:a0:81:
         6f:7e:17:7f:d4:ea:b4:9f:7d:f8:6e:97:32:d0:26:07:a9:87:
         41:e7:3b:b4:68:13:c4:e7:ca:1a:14:3e:16:c1:20:c9:ae:e4:
         4b:f3:22:03:be:ce:d0:fd:6a:94:81:1b:65:a9:9a:83:c8:3a:
         88:32:9f:49:23:df:e5:e0:9c:63:01:b5:5a:1a:6a:44:f8:db:
         cb:27:68:29:f6:4c:d3:7e:ec:2a:9e:9c:6a:1a:0a:10:6f:fa:
         a8:aa:e7:51:cf:c6:2e:e0:f2:30:69:de:b4:ff:01:59:64:27:
         c3:a2:c0:8e:e0:11:6e:3d:68:98:44:3c:af:3c:31:35:c9:27:
         31:d3:cf:57:cb:59:58:12:3a:b7:a1:3e:51:78:72:e2:c6:d3:
         03:72:ca:91:1a:ba:c7:ec:52:75:70:d9:e2:8a:34:9d:14:9d:
         30:6f:47:33:12:6e:94:ec:ff:9f:79:1e:a1:16:87:84:27:2e:
         53:cf:73:c8:8c:f1:59:0f:7b:9a:83:ee:fa:cc:3c:9f:ea:d7:
         f3:94:a7:19
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvVic4Yc+/+fzkdgxdB/CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjNhMjYzMzIyZGNhZjY4MWFmMWE2M2E1NTlkMmU4Nzg1NjYyN2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOOXapWyA5TKwbnyxgpxeqnSTpBw
R2d/yfVoTruP2OZwGTb7oVonQQLPM+8zh8qmJTzQ7omPQJhA8HKm5HyHFYIQDg14
19pd/FXjFhF8Uv8zIHRR45aMVoGcfAAqUf2+5rlVjqkAROPZQ/DnmeLhQMNuBxOZ
89v6O4eH20/9UN4SzJG1VjXFNyHk49riG8E2543O05bGXJKVmvC62+q+/zpM9qFz
R7R/2k4RPSqB5xmu0MnmipTGsjZyD49OxaNOhxLmKtkVK+vC6P+EeGoua0QHGLa8
hU8CJrjUgwLJGElykCErCEOuOnl8Mk7VXsmT35Nb8SaiOZwCeUnCeONS7QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMI6JjMi3K9oGvGmOlWdLoeFZifUMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvd2pvbU15TGNyMmdhOGFZNlZaMHVoNFZtSjlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcDKg6xByfo
MA0GCSqGSIb3DQEBCwUAA4IBAQC9gK5PxcwqDJyWEFVoMrZTltZdgQut79jm5r6N
9hwRlgbqsWztJE58f8FOU1mT/jOGI59xoIFvfhd/1Oq0n334bpcy0CYHqYdB5zu0
aBPE58oaFD4WwSDJruRL8yIDvs7Q/WqUgRtlqZqDyDqIMp9JI9/l4JxjAbVaGmpE
+NvLJ2gp9kzTfuwqnpxqGgoQb/qoqudRz8Yu4PIwad60/wFZZCfDosCO4BFuPWiY
RDyvPDE1yScx089Xy1lYEjq3oT5ReHLixtMDcsqRGrrH7FJ1cNniijSdFJ0wb0cz
Em6U7P+feR6hFoeEJy5Tz3PIjPFZD3uag+76zDyf6tfzlKcZ
-----END CERTIFICATE-----