Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/yjCOx07PA9azFUI3Yl6FnxKU0WA.roa
File:                     yjCOx07PA9azFUI3Yl6FnxKU0WA.roa (raw, json)
Hash identifier:          wf+2z8exCDrerAdS/HFcHKU5tG5Q19KS4obfMcFml10=
Subject key identifier:   CA:30:8E:C7:4E:CF:03:D6:B3:15:42:37:62:5E:85:9F:12:94:D1:60
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD070CAE52C877F8546A7DA6C59C29
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/yjCOx07PA9azFUI3Yl6FnxKU0WA.roa
Signing time:             Tue 02 Jan 2024 10:34:17 +0000
ROA not before:           Tue 02 Jan 2024 10:34:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204051
IP address blocks:        2a0e:97c0:b90::/44 maxlen: 48
                          2a10:2f00:186::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:07:0c:ae:52:c8:77:f8:54:6a:7d:a6:c5:9c:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca308ec74ecf03d6b3154237625e859f1294d160
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:00:75:e4:59:c2:69:ea:0e:80:31:92:34:e5:
                    e2:01:85:6a:88:d8:ee:e6:d4:0d:b0:81:68:63:e1:
                    ec:56:36:2c:df:2c:17:f8:d7:6e:d8:dc:54:3d:8a:
                    b1:7f:71:1e:f8:3f:96:0d:a5:6f:18:78:c8:07:ee:
                    b8:82:00:c2:c6:02:1a:3f:04:73:dd:33:90:74:fd:
                    f5:c7:4b:da:02:ba:a5:0e:e0:e3:6f:97:b7:a2:5e:
                    c8:75:2d:1f:01:45:cf:e1:17:a0:89:00:38:96:88:
                    89:4e:94:f9:c0:5a:63:5b:26:52:ac:75:74:85:7e:
                    c4:83:f9:4e:95:74:e8:62:11:f4:5e:aa:64:1e:af:
                    75:c8:7b:46:ed:54:a1:b2:1d:61:d3:1b:26:93:10:
                    7d:11:c3:e9:c4:fa:e7:be:9a:0e:a8:1a:14:79:81:
                    3d:43:54:ad:04:68:8c:99:b4:9d:61:8e:70:02:fe:
                    40:8d:27:83:94:88:69:bd:f7:c9:5a:47:39:6d:6e:
                    9b:0a:19:96:5b:c4:6f:3b:6e:45:f4:30:d7:64:88:
                    b2:04:14:bd:a2:52:3b:e0:47:8a:fb:4a:c7:92:c0:
                    99:d8:73:f0:84:0a:f9:81:0f:bc:81:d9:34:a9:e2:
                    56:87:63:6a:67:2f:9a:4c:16:38:ea:b1:dd:d6:38:
                    0c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:30:8E:C7:4E:CF:03:D6:B3:15:42:37:62:5E:85:9F:12:94:D1:60
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/yjCOx07PA9azFUI3Yl6FnxKU0WA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:b90::/44
                  2a10:2f00:186::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:6c:92:5d:bb:70:fd:9c:33:72:a8:d4:f1:8f:77:2d:82:9b:
         9d:83:96:3e:c5:2b:f0:a4:0b:74:eb:3d:1e:36:cb:7a:f4:6d:
         7a:3e:77:51:29:55:3f:50:93:c5:12:cf:4a:7b:09:10:50:9b:
         65:e4:83:f6:c9:02:55:89:bd:fb:09:a1:a9:69:a8:7b:a9:aa:
         ad:4a:27:c9:fb:7e:e5:9b:27:62:68:73:52:f8:d1:32:8b:6e:
         2f:d7:ff:19:89:51:ee:c1:83:e1:e7:8e:9d:35:be:9f:41:fd:
         c7:8c:ec:50:94:43:e5:88:b3:61:ac:63:42:ac:fb:de:7f:0a:
         75:e0:da:6a:89:40:d2:af:93:d9:e0:16:7f:5a:0d:7d:b2:a9:
         c1:30:ec:62:9c:5b:36:69:c9:0f:e8:6b:f2:ea:9a:15:0f:e4:
         d5:8f:83:4e:21:49:bc:bd:48:08:cd:7b:cf:68:b4:db:af:0b:
         03:d9:2e:ac:16:ed:87:72:13:7e:4a:3d:44:37:bd:f5:c4:45:
         db:32:5a:e3:f0:75:b5:db:c8:8e:89:96:e3:61:1a:2e:99:0b:
         92:d6:10:d2:38:7c:bf:ca:bc:a3:81:9c:7b:d9:4c:fd:0c:55:
         e8:ae:5e:fa:74:e1:33:53:5b:15:01:ad:57:46:65:e1:10:5e:
         21:61:72:44
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvQcMrlLId/hUan2mxZwpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTMwOGVjNzRlY2YwM2Q2YjMxNTQyMzc2MjVlODU5ZjEyOTRkMTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAB15FnCaeoOgDGSNOXiAYVqiNju
5tQNsIFoY+HsVjYs3ywX+Ndu2NxUPYqxf3Ee+D+WDaVvGHjIB+64ggDCxgIaPwRz
3TOQdP31x0vaArqlDuDjb5e3ol7IdS0fAUXP4RegiQA4loiJTpT5wFpjWyZSrHV0
hX7Eg/lOlXToYhH0XqpkHq91yHtG7VShsh1h0xsmkxB9EcPpxPrnvpoOqBoUeYE9
Q1StBGiMmbSdYY5wAv5AjSeDlIhpvffJWkc5bW6bChmWW8RvO25F9DDXZIiyBBS9
olI74EeK+0rHksCZ2HPwhAr5gQ+8gdk0qeJWh2NqZy+aTBY46rHd1jgMbwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMowjsdOzwPWsxVCN2JehZ8SlNFgMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEveWpDT3gwN1BBOWF6RlVJM1lsNkZueEtVMFdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6XwAuQ
AwcAKhAvAAGGMA0GCSqGSIb3DQEBCwUAA4IBAQBUbJJdu3D9nDNyqNTxj3ctgpud
g5Y+xSvwpAt06z0eNst69G16PndRKVU/UJPFEs9KewkQUJtl5IP2yQJVib37CaGp
aah7qaqtSifJ+37lmydiaHNS+NEyi24v1/8ZiVHuwYPh546dNb6fQf3HjOxQlEPl
iLNhrGNCrPvefwp14NpqiUDSr5PZ4BZ/Wg19sqnBMOxinFs2ackP6Gvy6poVD+TV
j4NOIUm8vUgIzXvPaLTbrwsD2S6sFu2HchN+Sj1EN731xEXbMlrj8HW128iOiZbj
YRoumQuS1hDSOHy/yryjgZx72Uz9DFXorl76dOEzU1sVAa1XRmXhEF4hYXJE
-----END CERTIFICATE-----