Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9L9qWtM9stYArBRI8lETOjAEgSc.roa
File:                     9L9qWtM9stYArBRI8lETOjAEgSc.roa (raw, json)
Hash identifier:          +Nt/ObmpFDKeiJWtbSt9krwkWTGgEJeWXwlLrqmXHW8=
Subject key identifier:   F4:BF:6A:5A:D3:3D:B2:D6:00:AC:14:48:F2:51:13:3A:30:04:81:27
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01912EB87117F3C39FF7852622DBACD0FEFA
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9L9qWtM9stYArBRI8lETOjAEgSc.roa
Signing time:             Wed 07 Aug 2024 21:22:05 +0000
ROA not before:           Wed 07 Aug 2024 21:22:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200237
IP address blocks:        2a06:de01:f0::/48 maxlen: 48
                          2a06:de01:f1::/48 maxlen: 48
                          2a06:de01:fd::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:2e:b8:71:17:f3:c3:9f:f7:85:26:22:db:ac:d0:fe:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Aug  7 21:22:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4bf6a5ad33db2d600ac1448f251133a30048127
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a7:3e:03:f2:06:dc:c3:15:f5:ee:09:f7:0d:
                    4c:9a:c9:29:df:fc:ef:40:94:57:3a:78:bd:6c:44:
                    16:72:b3:eb:8d:b2:b5:a3:68:c1:6a:d0:e3:94:1d:
                    20:38:3b:cc:c8:01:69:79:d1:3e:66:eb:0d:7e:b5:
                    cc:69:25:ba:a3:c3:05:23:f8:45:b4:70:e3:f8:2c:
                    d4:10:ff:b2:88:ca:7d:32:ef:dc:bc:62:58:10:d1:
                    af:bc:ed:ae:f9:07:50:d8:e6:82:73:19:81:c3:4a:
                    24:a3:6d:93:41:23:61:fa:93:f7:84:82:0a:3e:59:
                    69:36:e3:c9:18:ca:62:e5:6e:0e:34:4c:46:9c:fe:
                    ce:40:95:86:ff:ff:f1:0f:ae:7a:82:47:6c:88:bd:
                    79:17:31:d8:a6:b9:49:03:7f:c0:bf:e9:4e:ea:fb:
                    61:35:9e:a3:44:87:c0:81:45:09:ac:f7:a3:f0:fd:
                    b1:6a:b5:35:cb:47:e4:f7:c6:10:72:49:75:9a:77:
                    2c:ed:61:fc:01:d0:8c:78:c7:fa:c6:9d:cf:bd:20:
                    dc:57:2f:dc:48:fb:66:b3:b9:e3:d3:0f:3f:bb:8f:
                    be:59:2d:d3:1d:07:38:c7:75:e2:28:0c:09:d8:ed:
                    dd:2a:ad:d1:9c:f8:fb:fa:38:be:cb:2b:39:0e:03:
                    da:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:BF:6A:5A:D3:3D:B2:D6:00:AC:14:48:F2:51:13:3A:30:04:81:27
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9L9qWtM9stYArBRI8lETOjAEgSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de01:f0::/47
                  2a06:de01:fd::/48

    Signature Algorithm: sha256WithRSAEncryption
         c7:b3:b9:9f:06:aa:fb:4a:ae:80:4e:26:4a:86:ec:dd:6d:63:
         0b:6c:37:28:1a:1a:e2:3a:f3:b3:66:3b:d4:0a:d1:b9:c9:ed:
         69:22:76:3c:b2:de:54:45:4e:f5:4a:9c:eb:8e:f5:4f:07:c0:
         01:0c:9e:e6:f1:da:37:6e:8a:f7:c3:d0:34:18:15:1a:a1:78:
         ac:cf:9d:5e:89:f7:1e:95:58:5c:7d:7e:10:00:09:3e:36:eb:
         69:e1:e9:ba:7e:55:a3:a2:c1:2a:74:28:1a:72:07:62:99:06:
         57:20:8e:26:d8:8e:e1:7f:23:43:8f:64:38:26:c2:e0:12:11:
         6b:fc:16:02:6e:fd:03:13:82:22:90:0d:e3:7d:d5:64:88:34:
         3d:4d:e1:9a:1e:3b:ce:da:bf:cf:3d:dd:d5:7c:54:72:b2:18:
         86:9e:d4:96:63:9b:84:31:88:d5:d9:a8:92:9d:a6:a3:fe:c4:
         3b:24:7a:63:c9:a2:fb:a0:1e:fb:7e:c1:43:33:e2:05:7c:42:
         45:99:fd:fd:af:21:09:10:c5:7f:8c:be:95:ed:12:6d:c9:bb:
         36:cf:9f:22:60:94:f4:1d:34:c5:5e:d6:cd:d0:d5:8e:32:d4:
         4f:65:f4:26:fb:60:cf:64:ef:9c:68:80:f9:af:fb:7d:49:2c:
         9b:78:30:82
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZEuuHEX88Of94UmItus0P76MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwODA3MjEyMjA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGJmNmE1YWQzM2RiMmQ2MDBhYzE0NDhmMjUxMTMzYTMwMDQ4MTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqc+A/IG3MMV9e4J9w1Mmskp3/zv
QJRXOni9bEQWcrPrjbK1o2jBatDjlB0gODvMyAFpedE+ZusNfrXMaSW6o8MFI/hF
tHDj+CzUEP+yiMp9Mu/cvGJYENGvvO2u+QdQ2OaCcxmBw0oko22TQSNh+pP3hIIK
PllpNuPJGMpi5W4ONExGnP7OQJWG///xD656gkdsiL15FzHYprlJA3/Av+lO6vth
NZ6jRIfAgUUJrPej8P2xarU1y0fk98YQckl1mncs7WH8AdCMeMf6xp3PvSDcVy/c
SPtms7nj0w8/u4++WS3THQc4x3XiKAwJ2O3dKq3RnPj7+ji+yys5DgPaGwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPS/alrTPbLWAKwUSPJREzowBIEnMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOUw5cVd0TTlzdFlBckJSSThsRVRPakFFZ1NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcBKgbeAQDw
AwcAKgbeAQD9MA0GCSqGSIb3DQEBCwUAA4IBAQDHs7mfBqr7Sq6ATiZKhuzdbWML
bDcoGhriOvOzZjvUCtG5ye1pInY8st5URU71SpzrjvVPB8ABDJ7m8do3bor3w9A0
GBUaoXisz51eifcelVhcfX4QAAk+Nutp4em6flWjosEqdCgacgdimQZXII4m2I7h
fyNDj2Q4JsLgEhFr/BYCbv0DE4IikA3jfdVkiDQ9TeGaHjvO2r/PPd3VfFRyshiG
ntSWY5uEMYjV2aiSnaaj/sQ7JHpjyaL7oB77fsFDM+IFfEJFmf39ryEJEMV/jL6V
7RJtybs2z58iYJT0HTTFXtbN0NWOMtRPZfQm+2DPZO+caID5r/t9SSybeDCC
-----END CERTIFICATE-----