Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/yZwTmsG0Zg_VqODGQxGUkSZUEBU.roa
File:                     yZwTmsG0Zg_VqODGQxGUkSZUEBU.roa (raw, json)
Hash identifier:          CK+Djrjsr0xHqX/wTakH2+DePm77BaXqbxRRDg2/JhU=
Subject key identifier:   C9:9C:13:9A:C1:B4:66:0F:D5:A8:E0:C6:43:11:94:91:26:54:10:15
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019026B8E6A05AAD9BC19AF54AB7EE95A2AF
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/yZwTmsG0Zg_VqODGQxGUkSZUEBU.roa
Signing time:             Mon 17 Jun 2024 15:02:50 +0000
ROA not before:           Mon 17 Jun 2024 15:02:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214701
IP address blocks:        2a0e:97c0:1d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:26:b8:e6:a0:5a:ad:9b:c1:9a:f5:4a:b7:ee:95:a2:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun 17 15:02:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c99c139ac1b4660fd5a8e0c64311949126541015
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c8:0a:f8:4c:75:8d:ca:94:66:7e:1f:06:6f:
                    4d:c3:cc:10:0f:19:d9:b8:ad:53:22:d6:72:34:0e:
                    4a:d5:c2:9c:fa:42:d7:ac:54:05:4d:6b:db:f7:1b:
                    29:1c:e6:f1:3e:ba:57:87:c7:75:69:ca:e4:5e:9c:
                    f6:0e:43:5d:ad:b8:e5:5f:fd:50:30:bb:9c:8d:29:
                    1f:d3:f5:f1:de:d7:06:eb:fb:04:71:cc:d9:49:23:
                    bb:87:0f:be:26:ea:41:02:d4:3d:0b:ca:c0:eb:d3:
                    21:5e:e7:5b:52:91:0a:63:c2:8e:bf:9b:f7:d8:e4:
                    93:ba:90:31:46:86:aa:93:36:19:51:fb:d4:f4:ff:
                    14:8b:09:95:de:7b:0b:b4:82:65:fc:c7:77:bd:f1:
                    36:1b:c9:99:c1:6c:8d:2d:7f:51:ad:57:bf:36:74:
                    d0:32:96:dc:df:d7:b8:4b:86:5e:06:ea:03:dd:7f:
                    cf:73:e3:a8:be:ef:bb:4b:fe:c1:d2:53:21:2b:55:
                    51:8f:3f:d9:c4:08:44:f4:62:61:4f:64:6e:19:21:
                    be:99:ca:f8:b6:55:cb:bb:b5:bf:fa:81:95:ff:1b:
                    20:47:3b:12:6c:c2:bd:c5:a7:54:79:7a:09:7c:43:
                    df:21:bc:b2:58:70:e7:2f:78:06:db:7d:48:93:57:
                    3d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:9C:13:9A:C1:B4:66:0F:D5:A8:E0:C6:43:11:94:91:26:54:10:15
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/yZwTmsG0Zg_VqODGQxGUkSZUEBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:1d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         85:0f:5d:19:41:92:0a:24:57:91:39:a6:1d:ca:f1:ad:59:e8:
         d0:4d:a6:ae:12:41:6c:86:2b:3c:ee:89:86:ac:d4:ed:ce:1e:
         63:29:d9:2d:69:76:06:74:4c:fc:56:7c:8e:1c:8e:fc:15:73:
         4f:d3:e4:d7:4f:77:5d:c8:6c:a2:49:b5:f2:e9:c4:aa:f4:9a:
         18:58:7d:48:39:2e:55:23:39:bf:31:8f:2c:44:a4:75:4c:b2:
         af:ba:67:eb:b4:36:41:e5:c1:8e:51:4c:61:60:74:3d:3b:66:
         3a:2c:45:17:61:fa:57:28:08:45:a5:bc:fe:f6:43:dc:79:76:
         7f:2c:db:c4:fb:a8:d9:8b:c2:55:e2:f1:41:5e:ec:11:dc:9f:
         5c:f4:82:d8:93:c2:5d:ef:cf:7e:3b:e8:e5:dd:af:f9:5c:1c:
         2d:1a:d5:36:73:ec:5a:59:d8:f4:6e:fa:d3:81:d2:10:f9:14:
         5c:b9:3e:35:3c:6c:ad:2e:39:3a:23:45:47:8e:fa:5d:2b:c3:
         9f:b5:77:73:2e:1f:1f:38:12:58:a8:98:b1:75:dc:55:8d:a3:
         c0:90:c9:05:8a:e8:60:93:7e:cb:77:b0:00:99:56:54:86:16:
         bd:b6:c9:a2:fb:98:ab:66:20:59:26:d9:bd:36:eb:2f:56:42:
         ed:98:ce:a7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAmuOagWq2bwZr1SrfulaKvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNjE3MTUwMjUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTljMTM5YWMxYjQ2NjBmZDVhOGUwYzY0MzExOTQ5MTI2NTQxMDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8gK+Ex1jcqUZn4fBm9Nw8wQDxnZ
uK1TItZyNA5K1cKc+kLXrFQFTWvb9xspHObxPrpXh8d1acrkXpz2DkNdrbjlX/1Q
MLucjSkf0/Xx3tcG6/sEcczZSSO7hw++JupBAtQ9C8rA69MhXudbUpEKY8KOv5v3
2OSTupAxRoaqkzYZUfvU9P8UiwmV3nsLtIJl/Md3vfE2G8mZwWyNLX9RrVe/NnTQ
Mpbc39e4S4ZeBuoD3X/Pc+Oovu+7S/7B0lMhK1VRjz/ZxAhE9GJhT2RuGSG+mcr4
tlXLu7W/+oGV/xsgRzsSbMK9xadUeXoJfEPfIbyyWHDnL3gG231Ik1c9TwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMmcE5rBtGYP1ajgxkMRlJEmVBAVMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEveVp3VG1zRzBaZ19WcU9ER1F4R1VrU1pVRUJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAHQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCFD10ZQZIKJFeROaYdyvGtWejQTaauEkFshis8
7omGrNTtzh5jKdktaXYGdEz8VnyOHI78FXNP0+TXT3ddyGyiSbXy6cSq9JoYWH1I
OS5VIzm/MY8sRKR1TLKvumfrtDZB5cGOUUxhYHQ9O2Y6LEUXYfpXKAhFpbz+9kPc
eXZ/LNvE+6jZi8JV4vFBXuwR3J9c9ILYk8Jd789+O+jl3a/5XBwtGtU2c+xaWdj0
bvrTgdIQ+RRcuT41PGytLjk6I0VHjvpdK8OftXdzLh8fOBJYqJixddxVjaPAkMkF
iuhgk37Ld7AAmVZUhha9tsmi+5irZiBZJtm9NusvVkLtmM6n
-----END CERTIFICATE-----