Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8FQfyzGHh7HOQh2yFtUEJgZoImc.roa
File:                     8FQfyzGHh7HOQh2yFtUEJgZoImc.roa (raw, json)
Hash identifier:          jKnDDg+uExPCRLn7m0Ee3/HqgmHNTQLxsuN0JV42f80=
Subject key identifier:   F0:54:1F:CB:31:87:87:B1:CE:42:1D:B2:16:D5:04:26:06:68:22:67
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019180D18FAA1FE7AC79A35E195B04CB0CC2
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8FQfyzGHh7HOQh2yFtUEJgZoImc.roa
Signing time:             Fri 23 Aug 2024 19:58:23 +0000
ROA not before:           Fri 23 Aug 2024 19:58:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        2a0e:97c0:b18::/48 maxlen: 48
                          2a0e:b107:27c7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:80:d1:8f:aa:1f:e7:ac:79:a3:5e:19:5b:04:cb:0c:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Aug 23 19:58:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0541fcb318787b1ce421db216d5042606682267
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:f4:86:61:b6:53:67:7a:90:3d:04:46:2a:fa:
                    af:c7:84:78:f4:fc:f2:64:93:4b:9f:8b:2b:05:3e:
                    c9:db:71:54:dd:39:49:0c:20:3b:1e:b3:3c:dc:f5:
                    e5:5a:06:6f:4b:be:df:46:c8:6c:c4:16:7d:6d:ed:
                    91:5d:3a:3b:fd:2d:73:de:41:1f:12:e4:9f:aa:2e:
                    2b:43:5b:24:89:ea:ca:11:e5:56:32:01:41:bc:da:
                    66:6e:1c:4d:d5:e2:ee:56:19:e6:7c:cc:31:31:e0:
                    c0:42:69:2f:f5:af:59:d7:d9:03:53:38:4e:9a:12:
                    b4:5c:df:6a:a0:cb:8d:70:a1:bd:db:f0:f4:26:7f:
                    a3:8f:51:5f:a2:b0:9e:cb:dd:26:05:2b:86:e8:c8:
                    a1:57:9a:5d:38:b3:4a:a7:4e:bb:97:5e:8f:db:7a:
                    9a:45:7c:cd:57:25:40:2f:86:52:ab:be:51:6e:0c:
                    c7:e6:11:21:57:b7:cd:7b:65:3f:99:30:2f:22:d6:
                    5a:51:34:44:34:33:46:a5:3d:b6:1d:b6:ac:74:99:
                    12:0c:ed:41:e1:77:bd:97:15:89:ac:5a:12:5a:71:
                    c5:e4:86:5c:d5:d0:b6:30:a8:0f:dd:0b:0f:77:26:
                    54:8b:4c:81:ee:f6:71:68:40:62:69:ce:2b:ac:80:
                    4e:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:54:1F:CB:31:87:87:B1:CE:42:1D:B2:16:D5:04:26:06:68:22:67
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8FQfyzGHh7HOQh2yFtUEJgZoImc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:b18::/48
                  2a0e:b107:27c7::/48

    Signature Algorithm: sha256WithRSAEncryption
         c2:72:f2:06:ac:14:e7:04:a8:0c:0f:90:20:8d:39:be:f5:1e:
         10:39:1f:a2:ae:84:80:12:19:aa:88:6e:99:3d:49:59:8b:d3:
         3f:31:0d:c8:8e:ee:5c:4c:7e:17:ee:29:20:0e:57:92:5c:08:
         9b:4f:81:fa:ed:9f:27:55:43:ee:45:68:25:94:20:a4:18:4c:
         25:fb:54:51:c5:07:60:ac:d6:c0:22:0d:45:62:7b:c1:55:7d:
         fc:54:21:a9:2f:b7:17:4c:34:41:28:a2:25:75:81:f3:5e:fc:
         50:a4:d3:c6:08:6d:b5:69:d6:b9:0b:29:63:7a:4d:2a:9e:cc:
         ff:eb:76:b5:f8:53:f1:13:55:5c:79:78:87:5c:86:47:8b:59:
         20:aa:c1:9b:4e:71:12:b8:79:d3:7d:46:e5:c6:f3:41:94:a9:
         66:8c:1c:74:f1:f5:ac:0b:48:11:e4:e5:49:e0:c4:30:e9:3d:
         f9:46:fb:55:19:66:99:de:b7:93:59:7a:52:42:d0:09:89:8f:
         76:6a:94:3b:4c:9e:92:01:7b:ce:cf:e4:d9:9a:78:a7:98:66:
         c7:34:34:fd:69:35:32:61:5e:47:5a:2f:83:76:2c:ff:f9:c5:
         ad:0a:41:c1:15:9a:a6:61:d0:2c:d9:72:6a:24:5b:70:e4:02:
         1b:17:a3:75
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZGA0Y+qH+eseaNeGVsEywzCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwODIzMTk1ODIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDU0MWZjYjMxODc4N2IxY2U0MjFkYjIxNmQ1MDQyNjA2NjgyMjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPSGYbZTZ3qQPQRGKvqvx4R49Pzy
ZJNLn4srBT7J23FU3TlJDCA7HrM83PXlWgZvS77fRshsxBZ9be2RXTo7/S1z3kEf
EuSfqi4rQ1skierKEeVWMgFBvNpmbhxN1eLuVhnmfMwxMeDAQmkv9a9Z19kDUzhO
mhK0XN9qoMuNcKG92/D0Jn+jj1FforCey90mBSuG6MihV5pdOLNKp067l16P23qa
RXzNVyVAL4ZSq75RbgzH5hEhV7fNe2U/mTAvItZaUTRENDNGpT22HbasdJkSDO1B
4Xe9lxWJrFoSWnHF5IZc1dC2MKgP3QsPdyZUi0yB7vZxaEBiac4rrIBOvwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPBUH8sxh4exzkIdshbVBCYGaCJnMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOEZRZnl6R0hoN0hPUWgyeUZ0VUVKZ1pvSW1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6XwAsY
AwcAKg6xByfHMA0GCSqGSIb3DQEBCwUAA4IBAQDCcvIGrBTnBKgMD5AgjTm+9R4Q
OR+iroSAEhmqiG6ZPUlZi9M/MQ3Iju5cTH4X7ikgDleSXAibT4H67Z8nVUPuRWgl
lCCkGEwl+1RRxQdgrNbAIg1FYnvBVX38VCGpL7cXTDRBKKIldYHzXvxQpNPGCG21
ada5Cyljek0qnsz/63a1+FPxE1VceXiHXIZHi1kgqsGbTnESuHnTfUblxvNBlKlm
jBx08fWsC0gR5OVJ4MQw6T35RvtVGWaZ3reTWXpSQtAJiY92apQ7TJ6SAXvOz+TZ
mninmGbHNDT9aTUyYV5HWi+Ddiz/+cWtCkHBFZqmYdAs2XJqJFtw5AIbF6N1
-----END CERTIFICATE-----