Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BQtaAYnq0F_pRsC6f_pHxr6AuNA.roa
File:                     BQtaAYnq0F_pRsC6f_pHxr6AuNA.roa (raw, json)
Hash identifier:          P796shiEQgyTY7U9ZI8a8Pub77OF+EmVIV5xcl6FC8E=
Subject key identifier:   05:0B:5A:01:89:EA:D0:5F:E9:46:C0:BA:7F:FA:47:C6:BE:80:B8:D0
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019335DE22474642644972B9460631568209
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BQtaAYnq0F_pRsC6f_pHxr6AuNA.roa
Signing time:             Sat 16 Nov 2024 16:46:10 +0000
ROA not before:           Sat 16 Nov 2024 16:46:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151194
IP address blocks:        2a06:de00:de00::/44 maxlen: 48
                          2a06:de00:de0f::/48 maxlen: 48
                          2a10:ccc0:ccc0::/44 maxlen: 48
                          2a10:ccc0:ccc0::/46 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:35:de:22:47:46:42:64:49:72:b9:46:06:31:56:82:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Nov 16 16:46:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=050b5a0189ead05fe946c0ba7ffa47c6be80b8d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:85:ab:11:27:27:ad:47:f9:30:78:4b:c4:e6:
                    57:e0:d0:46:42:f0:69:5d:3e:31:5f:bd:94:7f:59:
                    2b:8f:4e:1f:51:5d:e8:3a:b0:b5:1f:81:cb:bc:9e:
                    0c:ee:dc:28:2c:90:dc:ac:71:28:d5:e1:55:0d:4d:
                    cd:0b:31:38:57:5e:88:58:bd:52:48:49:b5:40:40:
                    90:1c:b6:91:aa:82:e5:19:a8:12:fd:1e:8a:a1:c3:
                    d1:56:d7:81:58:c3:36:88:f2:2b:09:dd:6c:54:92:
                    9e:83:e4:0e:06:90:c3:b9:db:8f:62:41:2e:51:48:
                    c0:95:05:1a:16:c0:c2:9d:6f:02:1c:81:62:0a:6d:
                    3a:35:8d:75:bb:56:53:ef:08:2f:d8:e2:17:24:71:
                    f9:ab:87:5c:92:d5:87:ac:74:00:43:9c:3d:a8:03:
                    37:7f:b3:a9:30:b2:cc:eb:70:1d:f6:a1:d6:55:3a:
                    53:1c:c1:af:66:0a:9e:12:c1:05:a3:71:b6:03:37:
                    b0:9e:ec:a9:27:d2:b0:fa:53:82:2b:49:06:d4:09:
                    c1:2f:01:64:f7:26:40:48:88:ef:c6:ed:0d:03:ed:
                    dc:91:ca:86:f0:d6:f6:3d:2e:2d:1d:ef:74:6e:2b:
                    da:97:cd:69:d9:18:04:06:50:c4:24:75:e6:18:a1:
                    19:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:0B:5A:01:89:EA:D0:5F:E9:46:C0:BA:7F:FA:47:C6:BE:80:B8:D0
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BQtaAYnq0F_pRsC6f_pHxr6AuNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de00:de00::/44
                  2a10:ccc0:ccc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         94:4d:a0:57:aa:6d:ec:6f:1a:d8:38:66:c2:ac:a4:0d:22:ef:
         1a:c6:52:85:e6:55:44:ec:e8:cc:2c:15:3c:1b:14:dd:db:34:
         f6:b1:0d:ec:d7:52:d8:09:f6:01:ab:ff:46:34:62:67:e9:f7:
         24:2c:13:09:9c:ba:5f:c0:03:f4:9e:69:ca:e4:75:11:63:63:
         16:ff:3f:63:4f:6c:61:37:e6:13:20:30:88:d4:bc:a3:a3:65:
         47:df:86:8e:94:92:28:2e:3a:4a:c6:4f:37:ec:8c:fb:6f:fd:
         67:05:94:fa:e5:95:29:20:ca:ab:8b:60:8e:47:54:46:42:0b:
         ca:94:49:8a:66:41:eb:20:12:ef:7b:35:40:cc:bf:5a:ed:c5:
         d7:45:dc:d9:72:95:ff:de:8a:ff:23:b8:b7:e3:59:eb:bf:3f:
         7c:23:6a:c6:99:9e:44:06:a8:d6:38:39:b3:26:ca:cf:fb:27:
         f2:b4:2e:77:00:62:be:36:65:06:f2:8f:e7:97:8c:01:bf:6f:
         e7:ea:1f:63:1a:62:bc:4a:a9:fd:a9:66:61:c7:63:18:5c:8d:
         6d:96:22:04:c4:2c:22:99:ed:94:62:88:a6:9b:e0:0d:7e:2e:
         31:e7:f7:e1:9f:16:a1:e5:94:62:5b:36:2c:83:93:ea:b4:fc:
         ac:2e:f3:b2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZM13iJHRkJkSXK5RgYxVoIJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQxMTE2MTY0NjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTBiNWEwMTg5ZWFkMDVmZTk0NmMwYmE3ZmZhNDdjNmJlODBiOGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/IWrEScnrUf5MHhLxOZX4NBGQvBp
XT4xX72Uf1krj04fUV3oOrC1H4HLvJ4M7twoLJDcrHEo1eFVDU3NCzE4V16IWL1S
SEm1QECQHLaRqoLlGagS/R6KocPRVteBWMM2iPIrCd1sVJKeg+QOBpDDuduPYkEu
UUjAlQUaFsDCnW8CHIFiCm06NY11u1ZT7wgv2OIXJHH5q4dcktWHrHQAQ5w9qAM3
f7OpMLLM63Ad9qHWVTpTHMGvZgqeEsEFo3G2AzewnuypJ9Kw+lOCK0kG1AnBLwFk
9yZASIjvxu0NA+3ckcqG8Nb2PS4tHe90bival81p2RgEBlDEJHXmGKEZcwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAULWgGJ6tBf6UbAun/6R8a+gLjQMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQlF0YUFZbnEwRl9wUnNDNmZfcEh4cjZBdU5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKgbeAN4A
AwcEKhDMwMzAMA0GCSqGSIb3DQEBCwUAA4IBAQCUTaBXqm3sbxrYOGbCrKQNIu8a
xlKF5lVE7OjMLBU8GxTd2zT2sQ3s11LYCfYBq/9GNGJn6fckLBMJnLpfwAP0nmnK
5HURY2MW/z9jT2xhN+YTIDCI1Lyjo2VH34aOlJIoLjpKxk837Iz7b/1nBZT65ZUp
IMqri2COR1RGQgvKlEmKZkHrIBLvezVAzL9a7cXXRdzZcpX/3or/I7i341nrvz98
I2rGmZ5EBqjWODmzJsrP+yfytC53AGK+NmUG8o/nl4wBv2/n6h9jGmK8Sqn9qWZh
x2MYXI1tliIExCwime2UYoimm+ANfi4x5/fhnxah5ZRiWzYsg5PqtPysLvOy
-----END CERTIFICATE-----