Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/NKuMQFxvmybG-m3mXwwf2p18RBk.roa
File:                     NKuMQFxvmybG-m3mXwwf2p18RBk.roa (raw, json)
Hash identifier:          IPwwMjnq0YSGvTNuN1mg/kYLIJC0yrIzjOjuXrtJCtg=
Subject key identifier:   34:AB:8C:40:5C:6F:9B:26:C6:FA:6D:E6:5F:0C:1F:DA:9D:7C:44:19
Certificate issuer:       /CN=63883a79789d9f65815292f18d4980ba9c5ed221
Certificate serial:       018CC4933E4806607063803EB940F9675CC8
Authority key identifier: 63:88:3A:79:78:9D:9F:65:81:52:92:F1:8D:49:80:BA:9C:5E:D2:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/NKuMQFxvmybG-m3mXwwf2p18RBk.roa
Signing time:             Mon 01 Jan 2024 10:30:33 +0000
ROA not before:           Mon 01 Jan 2024 10:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49915
IP address blocks:        2a0a:1800::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:3e:48:06:60:70:63:80:3e:b9:40:f9:67:5c:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63883a79789d9f65815292f18d4980ba9c5ed221
        Validity
            Not Before: Jan  1 10:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34ab8c405c6f9b26c6fa6de65f0c1fda9d7c4419
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:4c:a0:04:ea:c5:9b:d7:32:a3:f0:c4:0a:1f:
                    1a:c6:75:92:a1:21:f7:6f:a7:4a:be:ae:6e:8e:a1:
                    6c:c8:21:10:7e:ec:2b:e0:ea:b1:57:25:36:aa:08:
                    31:47:20:a8:63:9d:8c:8b:92:09:1f:94:10:94:2e:
                    2c:1c:9b:d5:ca:0c:a0:96:f7:ce:7f:e9:68:8a:39:
                    5a:4b:24:53:5e:b8:fa:35:6e:93:da:5e:c4:f3:ac:
                    d7:93:9a:b0:5e:f4:76:21:1a:55:c6:4e:b8:de:3a:
                    84:1f:18:64:f1:13:8b:70:9f:c1:53:c1:e2:5c:42:
                    c9:4a:e0:e2:ca:71:55:40:59:5e:c4:07:47:e1:2a:
                    f1:89:17:98:9a:fd:83:66:6a:46:8c:24:93:68:43:
                    f0:5c:b0:5a:84:07:74:87:38:14:98:5f:1d:3a:c6:
                    9e:34:a3:f5:76:a8:1d:1b:fc:f8:fc:5c:bc:de:73:
                    62:a6:ec:37:a9:dc:7e:c2:8c:a8:12:32:bf:ce:b8:
                    43:79:91:67:96:8d:37:a2:7a:8f:b9:71:f1:d4:92:
                    1e:df:20:30:b0:2b:3c:b7:a9:05:d9:9b:e4:da:e8:
                    65:d2:05:45:78:15:24:ef:67:89:20:8b:e0:f3:ed:
                    7e:f7:e7:e1:b4:f0:1b:f3:af:d0:c1:79:ea:d0:b2:
                    11:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:AB:8C:40:5C:6F:9B:26:C6:FA:6D:E6:5F:0C:1F:DA:9D:7C:44:19
            X509v3 Authority Key Identifier:
                keyid:63:88:3A:79:78:9D:9F:65:81:52:92:F1:8D:49:80:BA:9C:5E:D2:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y4g6eXidn2WBUpLxjUmAupxe0iE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/NKuMQFxvmybG-m3mXwwf2p18RBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/ca0228-57ee-4f65-962f-35d0595e12f0/1/Y4g6eXidn2WBUpLxjUmAupxe0iE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:1800::/32

    Signature Algorithm: sha256WithRSAEncryption
         23:28:3f:97:a4:8e:cc:56:26:f2:fd:d7:ee:6d:1b:22:b1:71:
         8d:59:43:cc:0a:8b:e2:81:3c:be:b7:86:ec:3e:c6:38:83:df:
         db:b1:80:64:2d:8a:5b:48:31:b3:dd:4e:99:92:35:77:c4:bd:
         dc:e4:a2:1a:7b:65:16:ac:a1:51:61:c9:25:af:0a:cc:3d:fb:
         60:ac:35:ef:03:30:ed:83:2d:d7:d4:bd:80:55:51:03:fd:5f:
         aa:c8:8a:18:db:9b:cc:8b:37:ec:aa:65:28:72:2d:43:fb:33:
         23:6f:c4:a7:f1:0c:31:8b:c4:72:47:f4:d1:fe:c4:87:89:95:
         68:b3:a5:76:75:83:13:00:1c:1c:5b:f0:cc:df:ad:9c:98:03:
         54:7f:00:17:bf:12:b6:24:f6:2c:6b:69:08:97:f4:8c:49:ab:
         17:8b:31:dc:59:06:6e:6d:c4:b7:7d:8b:04:17:f0:3b:ec:2b:
         5f:f2:24:f8:69:ca:f7:45:57:3a:d5:55:ed:ce:d8:73:fa:68:
         e2:5f:09:c2:4c:9f:7d:95:70:14:f5:78:89:53:59:85:29:7c:
         0a:ef:26:0d:bf:bb:d8:d3:d7:3a:65:e5:43:b3:80:7a:ad:da:
         20:35:c3:fd:bb:03:98:8d:89:78:85:b3:8c:9c:89:fe:b8:ea:
         90:23:ea:87
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEkz5IBmBwY4A+uUD5Z1zIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzODgzYTc5Nzg5ZDlmNjU4MTUyOTJmMThkNDk4MGJhOWM1
ZWQyMjEwHhcNMjQwMTAxMTAzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGFiOGM0MDVjNmY5YjI2YzZmYTZkZTY1ZjBjMWZkYTlkN2M0NDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgkygBOrFm9cyo/DECh8axnWSoSH3
b6dKvq5ujqFsyCEQfuwr4OqxVyU2qggxRyCoY52Mi5IJH5QQlC4sHJvVygyglvfO
f+loijlaSyRTXrj6NW6T2l7E86zXk5qwXvR2IRpVxk643jqEHxhk8ROLcJ/BU8Hi
XELJSuDiynFVQFlexAdH4SrxiReYmv2DZmpGjCSTaEPwXLBahAd0hzgUmF8dOsae
NKP1dqgdG/z4/Fy83nNipuw3qdx+woyoEjK/zrhDeZFnlo03onqPuXHx1JIe3yAw
sCs8t6kF2Zvk2uhl0gVFeBUk72eJIIvg8+1+9+fhtPAb86/QwXnq0LIRmwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDSrjEBcb5smxvpt5l8MH9qdfEQZMB8GA1UdIwQY
MBaAFGOIOnl4nZ9lgVKS8Y1JgLqcXtIhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTRnNmVYaWRuMldCVXBMeGpVbUF1cHhlMGlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9jYTAyMjgtNTdlZS00ZjY1LTk2MmYt
MzVkMDU5NWUxMmYwLzEvTkt1TVFGeHZteWJHLW0zbVh3d2YycDE4UkJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9jYTAyMjgtNTdlZS00ZjY1LTk2MmYtMzVkMDU5NWUxMmYw
LzEvWTRnNmVYaWRuMldCVXBMeGpVbUF1cHhlMGlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgoYADAN
BgkqhkiG9w0BAQsFAAOCAQEAIyg/l6SOzFYm8v3X7m0bIrFxjVlDzAqL4oE8vreG
7D7GOIPf27GAZC2KW0gxs91OmZI1d8S93OSiGntlFqyhUWHJJa8KzD37YKw17wMw
7YMt19S9gFVRA/1fqsiKGNubzIs37KplKHItQ/szI2/Ep/EMMYvEckf00f7Eh4mV
aLOldnWDEwAcHFvwzN+tnJgDVH8AF78StiT2LGtpCJf0jEmrF4sx3FkGbm3Et32L
BBfwO+wrX/Ik+GnK90VXOtVV7c7Yc/po4l8JwkyffZVwFPV4iVNZhSl8Cu8mDb+7
2NPXOmXlQ7OAeq3aIDXD/bsDmI2JeIWzjJyJ/rjqkCPqhw==
-----END CERTIFICATE-----