Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/B5KJq-_70Zzaq4HZMkAZ4NXaY2Y.roa
File:                     B5KJq-_70Zzaq4HZMkAZ4NXaY2Y.roa (raw, json)
Hash identifier:          Z9nvtDloo5JekJlFRmYAEQXEA/w1QtprWopvcUcek9w=
Subject key identifier:   07:92:89:AB:EF:FB:D1:9C:DA:AB:81:D9:32:40:19:E0:D5:DA:63:66
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD4814FA1C8798C5557DF49331BB5E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/B5KJq-_70Zzaq4HZMkAZ4NXaY2Y.roa
Signing time:             Tue 02 Jan 2024 10:34:34 +0000
ROA not before:           Tue 02 Jan 2024 10:34:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212767
IP address blocks:        2a0e:b107:cc8::/48 maxlen: 48
                          2a10:2f00:14a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:38:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:48:14:fa:1c:87:98:c5:55:7d:f4:93:31:bb:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=079289abeffbd19cdaab81d9324019e0d5da6366
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:19:bc:7c:7b:6b:6c:16:12:1e:c0:b3:11:a8:
                    77:43:2a:c1:93:6c:d3:71:ea:52:94:8e:d4:cb:a9:
                    f3:df:95:00:de:47:e9:6f:ff:b5:1f:fe:42:d6:81:
                    7b:b1:22:04:ba:f1:74:39:1c:b2:4c:35:cc:03:a9:
                    fd:6c:98:23:5a:f0:10:30:62:27:8b:15:f3:c0:9c:
                    9e:23:be:e5:68:ea:49:e6:40:90:81:47:a6:42:21:
                    71:01:40:c6:05:b4:48:77:43:0e:17:9d:10:04:14:
                    51:a8:dd:b8:02:0c:97:e7:a0:c7:9f:8b:86:76:de:
                    31:66:f7:56:f2:65:d9:2d:30:7a:be:0e:8e:4c:ad:
                    f9:81:cc:d8:e4:a1:32:62:26:c6:b1:ac:d4:c8:9f:
                    9a:7d:c3:e0:11:4e:85:96:f4:27:06:79:6a:bb:97:
                    ae:0a:98:62:be:ac:c8:4a:be:6b:3c:8e:88:30:4d:
                    aa:a8:5f:cc:75:56:10:e1:b5:6a:16:4b:fd:6c:c3:
                    33:be:2e:4b:e7:92:9f:f0:b3:a8:fe:ce:42:53:35:
                    03:f7:6c:cd:a8:9a:b7:37:0f:51:15:ba:ec:de:20:
                    11:9b:ce:75:36:8a:4e:59:cd:a6:86:c8:1c:99:4e:
                    57:dd:67:b1:b5:8b:15:66:bb:1d:6e:e1:ea:f1:15:
                    af:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:92:89:AB:EF:FB:D1:9C:DA:AB:81:D9:32:40:19:E0:D5:DA:63:66
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/B5KJq-_70Zzaq4HZMkAZ4NXaY2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:cc8::/48
                  2a10:2f00:14a::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:cd:a3:56:74:2a:8c:64:77:e2:2e:00:8b:75:2b:a2:9f:3f:
         64:50:7c:12:21:12:9e:62:96:f3:a3:a6:12:c2:8b:e7:0d:92:
         13:d8:49:4b:ce:03:06:d3:59:05:a4:b5:6d:5f:f5:3d:52:13:
         8f:5f:76:fd:8c:00:1e:e2:e4:2a:99:6b:c8:51:fb:20:56:2a:
         32:f1:8b:05:33:df:5b:cf:33:b9:c5:e1:98:01:6e:2f:ff:a3:
         d8:74:26:84:8b:ee:aa:c5:48:02:ec:d9:2d:38:da:ad:a1:7d:
         8b:d2:ec:26:82:1c:84:80:28:b9:56:e4:2f:13:0b:45:f4:49:
         6b:ba:c2:f5:9a:8f:ac:06:b6:d3:c4:3a:44:9b:c6:cd:3d:cb:
         93:67:c6:d0:d3:e4:33:b1:33:9c:fa:e4:ae:89:a0:34:86:7f:
         56:6f:91:f6:ec:b2:72:aa:6e:55:23:48:11:18:80:77:75:b0:
         91:57:2a:00:ef:c1:fc:d5:9a:ff:02:76:aa:ea:3c:a2:3c:ad:
         a5:93:93:0a:88:8c:b5:cb:4d:9c:f1:a5:a9:bc:9b:c8:eb:14:
         52:a0:47:5b:d9:30:ea:6f:e5:20:3e:43:33:e4:8f:34:34:5a:
         85:7e:d6:dc:6c:50:b9:70:d3:56:77:e3:43:24:c3:6a:e8:54:
         d6:6a:22:4f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvUgU+hyHmMVVffSTMbteMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzkyODlhYmVmZmJkMTljZGFhYjgxZDkzMjQwMTllMGQ1ZGE2MzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgBm8fHtrbBYSHsCzEah3QyrBk2zT
cepSlI7Uy6nz35UA3kfpb/+1H/5C1oF7sSIEuvF0ORyyTDXMA6n9bJgjWvAQMGIn
ixXzwJyeI77laOpJ5kCQgUemQiFxAUDGBbRId0MOF50QBBRRqN24AgyX56DHn4uG
dt4xZvdW8mXZLTB6vg6OTK35gczY5KEyYibGsazUyJ+afcPgEU6FlvQnBnlqu5eu
CphivqzISr5rPI6IME2qqF/MdVYQ4bVqFkv9bMMzvi5L55Kf8LOo/s5CUzUD92zN
qJq3Nw9RFbrs3iARm851NopOWc2mhsgcmU5X3WextYsVZrsdbuHq8RWv7wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAeSiavv+9Gc2quB2TJAGeDV2mNmMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQjVLSnEtXzcwWnphcTRIWk1rQVo0TlhhWTJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6xBwzI
AwcAKhAvAAFKMA0GCSqGSIb3DQEBCwUAA4IBAQCVzaNWdCqMZHfiLgCLdSuinz9k
UHwSIRKeYpbzo6YSwovnDZIT2ElLzgMG01kFpLVtX/U9UhOPX3b9jAAe4uQqmWvI
UfsgVioy8YsFM99bzzO5xeGYAW4v/6PYdCaEi+6qxUgC7NktONqtoX2L0uwmghyE
gCi5VuQvEwtF9ElrusL1mo+sBrbTxDpEm8bNPcuTZ8bQ0+QzsTOc+uSuiaA0hn9W
b5H27LJyqm5VI0gRGIB3dbCRVyoA78H81Zr/Anaq6jyiPK2lk5MKiIy1y02c8aWp
vJvI6xRSoEdb2TDqb+UgPkMz5I80NFqFftbcbFC5cNNWd+NDJMNq6FTWaiJP
-----END CERTIFICATE-----