Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Nhe_3yexM-zX7garBZRXE8sANK8.roa
File:                     Nhe_3yexM-zX7garBZRXE8sANK8.roa (raw, json)
Hash identifier:          Zev2yHPv3izYCETqpnnuosCShFeuKxJYO62f+FejgK0=
Subject key identifier:   36:17:BF:DF:27:B1:33:EC:D7:EE:06:AB:05:94:57:13:CB:00:34:AF
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019334DBF5AE990EEDD9FD2E9559361D5EDC
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Nhe_3yexM-zX7garBZRXE8sANK8.roa
Signing time:             Sat 16 Nov 2024 12:04:10 +0000
ROA not before:           Sat 16 Nov 2024 12:04:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214194
IP address blocks:        2a06:de01:160::/44 maxlen: 48
                          2a06:de01:180::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:34:db:f5:ae:99:0e:ed:d9:fd:2e:95:59:36:1d:5e:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Nov 16 12:04:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3617bfdf27b133ecd7ee06ab05945713cb0034af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:a8:c2:36:89:d2:70:98:f4:ed:8b:c8:94:67:
                    b8:17:cc:bc:6f:78:5b:5c:a4:09:c2:47:6c:ac:bf:
                    32:ad:68:64:19:c7:cb:b0:bb:8d:ca:69:19:da:ab:
                    97:20:ba:fc:de:86:d7:ab:47:3d:9c:3e:36:98:02:
                    a3:27:84:21:87:9d:1c:e5:82:42:9f:c7:bf:d0:21:
                    fc:7a:3c:90:d8:8f:7f:7c:f9:53:e8:4a:b0:89:3a:
                    2e:51:d7:77:d6:99:5b:06:41:55:5e:e2:b9:ed:35:
                    8d:8e:8b:f6:39:82:f5:32:cd:37:75:f2:1c:8a:fe:
                    51:08:9b:1f:b6:ec:8f:51:00:13:bf:dd:15:a4:ac:
                    86:37:09:e4:c7:4b:96:94:9a:fa:0d:8f:f8:29:51:
                    4c:02:a3:2a:c1:ca:6c:31:f0:9f:e9:1a:c5:90:33:
                    48:71:1a:38:c0:8c:33:49:2c:7c:5a:00:84:db:12:
                    9d:18:08:1a:ed:eb:09:45:65:40:26:c1:35:67:6d:
                    60:7a:c6:5c:71:d4:2e:a6:11:72:64:99:4a:cc:e4:
                    e0:cd:5f:62:9a:12:05:ac:1c:bd:13:0b:f8:19:13:
                    ee:11:f6:47:27:b3:bf:8e:36:65:e6:9c:32:8e:6c:
                    eb:34:d9:4b:2d:aa:c5:a8:69:8f:95:52:46:74:59:
                    8c:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:17:BF:DF:27:B1:33:EC:D7:EE:06:AB:05:94:57:13:CB:00:34:AF
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Nhe_3yexM-zX7garBZRXE8sANK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de01:160::/44
                  2a06:de01:180::/44

    Signature Algorithm: sha256WithRSAEncryption
         22:eb:9c:d5:76:9f:da:99:52:3f:97:6d:86:b4:2c:21:4e:40:
         fd:44:50:73:ea:a3:c9:48:f2:20:8f:4f:5f:a2:c6:81:af:cb:
         e0:52:64:f7:58:73:ac:40:22:45:84:54:9d:2f:9f:02:8a:85:
         21:06:37:82:64:e8:08:26:fc:d3:b5:55:6b:a3:61:35:60:a8:
         03:72:b3:00:b5:14:46:2e:13:51:8f:de:c5:97:36:3b:e4:27:
         21:84:8a:69:4c:e4:4b:03:b7:89:3b:7a:05:f2:56:0f:9e:a2:
         f6:50:1e:a9:a5:8a:79:62:c6:35:cc:64:61:9f:aa:83:45:a3:
         d9:cc:a0:2d:97:43:3b:d2:85:36:45:74:cf:c1:d4:68:60:da:
         ea:53:e2:9c:25:3b:8f:c0:ca:42:6b:8b:49:9a:3d:25:df:19:
         3c:a9:eb:54:79:5e:f4:3d:eb:fc:cc:e4:73:2d:da:76:c6:07:
         ea:05:1e:fd:03:f3:24:45:3e:57:9b:ea:e7:95:12:da:d2:0b:
         0f:91:2b:52:a6:36:01:aa:3f:37:05:0f:3b:26:f4:3e:00:dd:
         93:38:56:10:f0:f0:02:23:4c:fb:40:a0:22:74:fc:4d:0e:42:
         88:da:c7:7a:0c:02:b1:82:e3:85:36:96:11:71:23:45:bd:34:
         73:e4:7f:b1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZM02/WumQ7t2f0ulVk2HV7cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQxMTE2MTIwNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjE3YmZkZjI3YjEzM2VjZDdlZTA2YWIwNTk0NTcxM2NiMDAzNGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqjCNonScJj07YvIlGe4F8y8b3hb
XKQJwkdsrL8yrWhkGcfLsLuNymkZ2quXILr83obXq0c9nD42mAKjJ4Qhh50c5YJC
n8e/0CH8ejyQ2I9/fPlT6EqwiTouUdd31plbBkFVXuK57TWNjov2OYL1Ms03dfIc
iv5RCJsftuyPUQATv90VpKyGNwnkx0uWlJr6DY/4KVFMAqMqwcpsMfCf6RrFkDNI
cRo4wIwzSSx8WgCE2xKdGAga7esJRWVAJsE1Z21gesZccdQuphFyZJlKzOTgzV9i
mhIFrBy9Ewv4GRPuEfZHJ7O/jjZl5pwyjmzrNNlLLarFqGmPlVJGdFmMYQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDYXv98nsTPs1+4GqwWUVxPLADSvMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTmhlXzN5ZXhNLXpYN2dhckJaUlhFOHNBTks4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKgbeAQFg
AwcEKgbeAQGAMA0GCSqGSIb3DQEBCwUAA4IBAQAi65zVdp/amVI/l22GtCwhTkD9
RFBz6qPJSPIgj09fosaBr8vgUmT3WHOsQCJFhFSdL58CioUhBjeCZOgIJvzTtVVr
o2E1YKgDcrMAtRRGLhNRj97FlzY75CchhIppTORLA7eJO3oF8lYPnqL2UB6ppYp5
YsY1zGRhn6qDRaPZzKAtl0M70oU2RXTPwdRoYNrqU+KcJTuPwMpCa4tJmj0l3xk8
qetUeV70Pev8zORzLdp2xgfqBR79A/MkRT5Xm+rnlRLa0gsPkStSpjYBqj83BQ87
JvQ+AN2TOFYQ8PACI0z7QKAidPxNDkKI2sd6DAKxguOFNpYRcSNFvTRz5H+x
-----END CERTIFICATE-----