Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EFNDn9ubBL0jOEO1xNd-NMeKqI4.roa
File:                     EFNDn9ubBL0jOEO1xNd-NMeKqI4.roa (raw, json)
Hash identifier:          4+Aoapwt+cu37MTP86FGSKNG6AygCcEv87/I60RJj28=
Subject key identifier:   10:53:43:9F:DB:9B:04:BD:23:38:43:B5:C4:D7:7E:34:C7:8A:A8:8E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019389C8FD0808E5D1EB5946307198668B96
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EFNDn9ubBL0jOEO1xNd-NMeKqI4.roa
Signing time:             Mon 02 Dec 2024 23:51:10 +0000
ROA not before:           Mon 02 Dec 2024 23:51:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216084
IP address blocks:        2a06:de01:200::/40 maxlen: 48
                          2a0e:97c0:ee0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 13:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:89:c8:fd:08:08:e5:d1:eb:59:46:30:71:98:66:8b:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Dec  2 23:51:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1053439fdb9b04bd233843b5c4d77e34c78aa88e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:92:7a:5b:66:7b:d3:fb:6d:89:98:3b:af:14:
                    69:18:6f:04:e3:7a:83:d7:ff:4f:81:5b:84:0d:8b:
                    02:39:b4:cc:dd:a1:11:09:1c:26:0b:40:51:a9:38:
                    77:07:2c:32:7d:2e:eb:09:43:f9:ec:ea:95:89:76:
                    72:a4:64:e3:de:de:be:16:cd:30:34:1e:26:cf:e2:
                    8e:ac:d4:c4:1f:b1:23:5b:69:55:20:86:1c:d8:f6:
                    24:07:04:8f:4e:cb:c5:96:1e:db:78:dc:c1:66:d7:
                    24:71:81:cd:4c:9f:6d:a7:7f:ea:5a:56:75:14:67:
                    28:35:8f:0a:9a:63:dd:a7:b2:80:d4:fb:9e:7f:2b:
                    3d:dd:5e:2c:4b:9a:9e:13:a8:c6:f5:62:90:da:65:
                    4b:0e:5d:03:67:f6:13:56:94:53:2a:ca:2e:2c:c7:
                    9c:50:35:c5:20:98:8a:44:70:b8:98:b9:1c:32:3c:
                    91:4a:1e:c8:f6:76:73:ab:35:f2:f7:9e:f6:a9:f6:
                    09:f1:62:86:9b:d1:74:5e:9d:06:3f:0d:e3:5b:18:
                    70:e7:be:f9:fc:2c:76:ff:b9:56:89:70:a6:a2:14:
                    3a:d7:70:ad:56:c4:b2:37:03:fd:bd:a2:e9:4e:fa:
                    d4:b8:a9:83:15:0a:ff:f8:ac:8c:f9:9b:37:aa:c2:
                    f6:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:53:43:9F:DB:9B:04:BD:23:38:43:B5:C4:D7:7E:34:C7:8A:A8:8E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EFNDn9ubBL0jOEO1xNd-NMeKqI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de01:200::/40
                  2a0e:97c0:ee0::/44

    Signature Algorithm: sha256WithRSAEncryption
         34:1d:22:ac:16:83:ca:0a:80:35:63:d6:95:ec:86:bd:04:cf:
         1f:d2:33:cc:d8:d1:88:8b:b6:03:38:43:23:1a:97:cb:ff:a2:
         09:ca:c6:0b:43:15:a4:05:3b:88:df:ee:cb:f6:ed:2e:78:19:
         f7:c9:1b:4d:6a:de:59:66:fb:e5:4e:ef:c7:a1:95:76:7b:dd:
         5a:4a:0c:b2:39:63:98:da:eb:a3:6a:a6:5a:80:a6:4e:c5:0c:
         17:97:43:71:fe:f9:a0:75:6c:b9:67:86:31:05:51:f1:67:55:
         13:ca:1e:3c:c9:d7:0e:e5:52:9c:a4:d6:f1:c7:32:82:ca:e4:
         98:a5:89:09:28:2a:ff:99:f4:6c:06:6e:dc:a8:97:d9:f1:39:
         0b:eb:f0:b5:e3:c3:93:62:4a:97:4f:8c:27:18:eb:d7:e3:49:
         fd:b9:eb:56:b6:2d:e3:97:8f:af:ed:ee:a0:86:52:0f:a5:f1:
         ba:ee:ef:ce:39:59:02:8c:8e:1f:45:51:f8:dd:ad:eb:6c:32:
         a1:b2:0c:2e:f2:ae:e5:55:c6:5c:97:16:c8:38:a2:11:ca:1e:
         26:66:77:86:8a:d2:a2:39:94:73:1d:56:dd:c3:a5:58:e5:6f:
         43:5f:aa:da:90:7a:a6:09:0c:bc:11:43:6c:53:29:90:ab:e4:
         d8:a7:89:53
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZOJyP0ICOXR61lGMHGYZouWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQxMjAyMjM1MTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDUzNDM5ZmRiOWIwNGJkMjMzODQzYjVjNGQ3N2UzNGM3OGFhODhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZJ6W2Z70/ttiZg7rxRpGG8E43qD
1/9PgVuEDYsCObTM3aERCRwmC0BRqTh3BywyfS7rCUP57OqViXZypGTj3t6+Fs0w
NB4mz+KOrNTEH7EjW2lVIIYc2PYkBwSPTsvFlh7beNzBZtckcYHNTJ9tp3/qWlZ1
FGcoNY8KmmPdp7KA1Puefys93V4sS5qeE6jG9WKQ2mVLDl0DZ/YTVpRTKsouLMec
UDXFIJiKRHC4mLkcMjyRSh7I9nZzqzXy9572qfYJ8WKGm9F0Xp0GPw3jWxhw5775
/Cx2/7lWiXCmohQ613CtVsSyNwP9vaLpTvrUuKmDFQr/+KyM+Zs3qsL2cQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFBBTQ5/bmwS9IzhDtcTXfjTHiqiOMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRUZORG45dWJCTDBqT0VPMXhOZC1OTWVLcUk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYAKgbeAQID
BwQqDpfADuAwDQYJKoZIhvcNAQELBQADggEBADQdIqwWg8oKgDVj1pXshr0Ezx/S
M8zY0YiLtgM4QyMal8v/ognKxgtDFaQFO4jf7sv27S54GffJG01q3llm++VO78eh
lXZ73VpKDLI5Y5ja66NqplqApk7FDBeXQ3H++aB1bLlnhjEFUfFnVRPKHjzJ1w7l
Upyk1vHHMoLK5JiliQkoKv+Z9GwGbtyol9nxOQvr8LXjw5NiSpdPjCcY69fjSf25
61a2LeOXj6/t7qCGUg+l8bru7845WQKMjh9FUfjdretsMqGyDC7yruVVxlyXFsg4
ohHKHiZmd4aK0qI5lHMdVt3DpVjlb0NfqtqQeqYJDLwRQ2xTKZCr5NiniVM=
-----END CERTIFICATE-----