Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ynK1SMacqS_MJKOD7x68Wd04l2Q.roa
File:                     ynK1SMacqS_MJKOD7x68Wd04l2Q.roa (raw, json)
Hash identifier:          k6RgysCtN5d+xIX/cMJ8kEpGfCeV5ESxwVvZbwWwReg=
Subject key identifier:   CA:72:B5:48:C6:9C:A9:2F:CC:24:A3:83:EF:1E:BC:59:DD:38:97:64
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCE01815C9C55A010E9FCE3B70A9F6
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ynK1SMacqS_MJKOD7x68Wd04l2Q.roa
Signing time:             Tue 02 Jan 2024 10:34:07 +0000
ROA not before:           Tue 02 Jan 2024 10:34:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142282
IP address blocks:        2a0e:b107:120f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e0:18:15:c9:c5:5a:01:0e:9f:ce:3b:70:a9:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca72b548c69ca92fcc24a383ef1ebc59dd389764
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7b:94:30:6d:3c:2a:c9:62:1f:46:f5:26:8f:
                    f2:b5:f3:c7:cf:24:e6:0b:1f:5a:f2:8b:09:c4:43:
                    56:9f:8d:ca:69:99:da:f9:d2:48:a3:26:24:78:91:
                    3b:6e:e9:3d:2d:a7:d4:63:02:47:a1:2c:44:3b:0b:
                    25:97:14:4c:6f:ce:16:0a:3e:f4:19:46:71:ad:e8:
                    62:2d:b9:94:17:63:be:48:b9:18:7c:cf:ab:63:0b:
                    82:d7:55:2c:f1:08:b4:9c:2c:87:fe:31:be:37:e9:
                    1b:4a:22:91:a6:04:ba:ff:38:4f:cb:54:8e:a7:1a:
                    75:15:98:e7:0d:e7:65:da:40:56:11:6e:31:8b:58:
                    75:98:a9:16:b5:03:ea:f0:26:ba:2d:35:90:57:bd:
                    a8:bb:c7:5b:14:0a:dc:8c:c0:97:ff:b9:ab:5a:77:
                    a2:5a:8f:cd:bf:e4:21:86:e9:6f:5a:8a:4b:c6:1a:
                    c9:f5:e1:28:94:5a:9e:8c:61:35:64:61:a9:3f:63:
                    9e:65:30:4b:e5:98:05:65:26:2b:70:ab:6c:60:a6:
                    5c:18:ea:7d:19:46:6b:5c:2c:05:6a:ad:2f:a6:49:
                    f8:ff:67:c0:e1:09:b7:64:1d:5a:55:f7:88:d4:d1:
                    f1:0d:0b:c6:f0:5c:68:e1:45:9f:5d:2b:0a:dd:a7:
                    53:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:72:B5:48:C6:9C:A9:2F:CC:24:A3:83:EF:1E:BC:59:DD:38:97:64
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ynK1SMacqS_MJKOD7x68Wd04l2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:120f::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:aa:0b:be:8a:b5:e0:e5:d7:d4:42:a4:ed:bd:00:b6:6c:94:
         7d:3f:4f:06:c4:62:63:c8:c7:2e:e5:a7:a9:6d:f1:ad:29:9c:
         eb:67:6b:85:10:e0:8d:2a:11:0c:ec:4d:7c:ba:0c:ed:64:8f:
         44:6c:bb:91:5e:47:60:c9:77:14:f3:57:d6:35:bb:61:94:6c:
         c9:dd:4b:b0:bf:02:8a:c3:68:63:6a:a9:59:7f:c8:9a:f1:64:
         22:96:ef:2b:1c:d1:dc:d7:95:72:d3:0d:53:ba:41:1f:80:b5:
         2d:f2:0d:b5:7f:88:0c:83:01:88:17:96:84:e7:0d:dd:04:a6:
         c4:8f:3f:13:12:ea:57:cd:32:15:67:51:5f:50:da:a9:13:68:
         45:da:80:5f:29:59:31:98:31:79:0c:c4:c7:07:ca:43:7a:8b:
         dc:cd:92:ed:94:53:a1:4e:a2:ac:3d:01:15:4c:be:49:4e:f8:
         49:0a:ce:14:15:ef:a7:e3:97:e8:6f:d0:d0:0a:59:92:03:ab:
         69:48:64:61:ea:f9:45:20:2a:a9:97:a1:16:55:db:31:33:db:
         58:3c:2e:fa:f9:2e:70:41:74:d0:5f:a3:34:c6:90:ab:da:22:
         5f:3f:48:1c:66:7a:25:0a:21:11:5e:ac:3e:65:ba:be:de:2a:
         a9:26:b6:c0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvOAYFcnFWgEOn847cKn2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTcyYjU0OGM2OWNhOTJmY2MyNGEzODNlZjFlYmM1OWRkMzg5NzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHuUMG08KsliH0b1Jo/ytfPHzyTm
Cx9a8osJxENWn43KaZna+dJIoyYkeJE7buk9LafUYwJHoSxEOwsllxRMb84WCj70
GUZxrehiLbmUF2O+SLkYfM+rYwuC11Us8Qi0nCyH/jG+N+kbSiKRpgS6/zhPy1SO
pxp1FZjnDedl2kBWEW4xi1h1mKkWtQPq8Ca6LTWQV72ou8dbFArcjMCX/7mrWnei
Wo/Nv+QhhulvWopLxhrJ9eEolFqejGE1ZGGpP2OeZTBL5ZgFZSYrcKtsYKZcGOp9
GUZrXCwFaq0vpkn4/2fA4Qm3ZB1aVfeI1NHxDQvG8Fxo4UWfXSsK3adTNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMpytUjGnKkvzCSjg+8evFndOJdkMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEveW5LMVNNYWNxU19NSktPRDd4NjhXZDA0bDJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBxIP
MA0GCSqGSIb3DQEBCwUAA4IBAQCMqgu+irXg5dfUQqTtvQC2bJR9P08GxGJjyMcu
5aepbfGtKZzrZ2uFEOCNKhEM7E18ugztZI9EbLuRXkdgyXcU81fWNbthlGzJ3Uuw
vwKKw2hjaqlZf8ia8WQilu8rHNHc15Vy0w1TukEfgLUt8g21f4gMgwGIF5aE5w3d
BKbEjz8TEupXzTIVZ1FfUNqpE2hF2oBfKVkxmDF5DMTHB8pDeovczZLtlFOhTqKs
PQEVTL5JTvhJCs4UFe+n45fob9DQClmSA6tpSGRh6vlFICqpl6EWVdsxM9tYPC76
+S5wQXTQX6M0xpCr2iJfP0gcZnolCiERXqw+Zbq+3iqpJrbA
-----END CERTIFICATE-----