Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/QuyOQz1iV6u3KR2JJp84o33LOZE.roa
File:                     QuyOQz1iV6u3KR2JJp84o33LOZE.roa (raw, json)
Hash identifier:          2uZs3CGR+BD9spVrA5qzxjYTc1pD0W/7nLUbyPsNFPM=
Subject key identifier:   42:EC:8E:43:3D:62:57:AB:B7:29:1D:89:26:9F:38:A3:7D:CB:39:91
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD4238ABC46F07D0BB34A67EF4B97D
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/QuyOQz1iV6u3KR2JJp84o33LOZE.roa
Signing time:             Tue 02 Jan 2024 10:34:32 +0000
ROA not before:           Tue 02 Jan 2024 10:34:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212227
IP address blocks:        2a0e:b107:139::/48 maxlen: 48
                          2a10:2f00:15e::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:42:38:ab:c4:6f:07:d0:bb:34:a6:7e:f4:b9:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=42ec8e433d6257abb7291d89269f38a37dcb3991
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:78:1e:cc:76:3d:02:00:00:87:6d:03:c0:12:
                    24:2f:14:cb:23:3e:1c:eb:e4:58:06:55:a4:92:32:
                    c5:f8:ab:4f:52:1e:5e:c2:41:be:54:26:47:b7:6c:
                    43:c8:01:e5:79:5d:e6:b4:3f:5b:6c:b9:86:5f:e7:
                    91:74:b3:2e:bc:af:44:d1:21:3e:bb:eb:2f:ef:d2:
                    dc:99:c2:f7:98:63:3b:80:27:59:05:b8:97:1f:cf:
                    17:80:a3:3f:c6:39:d3:97:85:62:fc:b5:08:ec:4d:
                    0a:33:27:e1:0d:d5:32:70:11:a6:dd:af:d6:53:c1:
                    e4:49:84:da:26:02:0b:91:cb:35:55:36:f7:31:00:
                    f9:2a:6b:6d:7e:fb:48:7c:6d:00:fc:06:f8:93:e3:
                    84:0d:da:a9:82:7b:c9:50:d2:81:82:03:74:14:8a:
                    13:b5:1a:16:a2:73:90:40:35:2b:70:a5:c6:66:6a:
                    3e:c8:10:77:8d:fc:fc:30:51:52:80:ca:0f:70:8c:
                    2f:b0:76:a8:d6:64:6f:a9:a3:06:51:75:b9:b8:71:
                    62:68:0d:b7:82:92:03:9c:4d:fc:aa:b0:5a:2b:9d:
                    fb:eb:20:5e:de:2e:8c:a3:fa:64:87:88:e9:59:de:
                    7f:e1:7f:57:ef:70:b5:cc:46:57:70:63:06:46:80:
                    88:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:EC:8E:43:3D:62:57:AB:B7:29:1D:89:26:9F:38:A3:7D:CB:39:91
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/QuyOQz1iV6u3KR2JJp84o33LOZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:139::/48
                  2a10:2f00:15e::/48

    Signature Algorithm: sha256WithRSAEncryption
         b7:49:e0:f5:eb:e7:12:84:00:cf:07:67:c7:24:38:29:6d:5b:
         6f:09:3d:bf:3a:e7:d6:4c:39:7e:b1:53:54:9a:9c:b0:f8:04:
         9c:4e:bf:fd:e4:12:35:55:49:3d:4a:18:e3:df:bf:36:fb:ff:
         78:69:aa:9d:55:50:a7:c2:f1:e7:c8:a3:74:71:74:92:a7:96:
         39:54:d3:cb:2d:4e:22:ea:dc:75:58:02:4b:1a:aa:2b:fb:e5:
         5a:3e:76:13:2e:1d:74:ea:a0:da:52:b3:99:b6:a2:9a:75:8b:
         56:67:93:04:8d:71:19:55:b7:36:af:35:c3:34:ac:db:c6:51:
         6f:a6:87:2b:77:e1:32:23:fe:83:27:6a:13:c0:e9:ec:23:d6:
         87:09:a6:80:89:88:c7:c6:dc:74:94:2d:cb:4e:76:4c:87:dd:
         e6:95:ce:f0:ad:12:e8:b9:af:88:a1:0a:8e:ec:8b:8d:cc:6c:
         42:ae:97:9b:5d:ee:6a:da:b1:19:f6:05:da:fd:df:14:fb:67:
         38:7f:3a:7d:e0:02:0b:54:29:c1:53:cc:ec:4f:b5:b7:21:94:
         ba:40:07:05:86:9c:01:29:c7:c4:f3:c6:e9:3c:4e:1b:e8:1b:
         89:ab:31:f6:80:13:d1:ea:07:ac:49:5c:04:f5:32:2c:ec:25:
         d0:28:a2:ec
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvUI4q8RvB9C7NKZ+9Ll9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmVjOGU0MzNkNjI1N2FiYjcyOTFkODkyNjlmMzhhMzdkY2IzOTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkHgezHY9AgAAh20DwBIkLxTLIz4c
6+RYBlWkkjLF+KtPUh5ewkG+VCZHt2xDyAHleV3mtD9bbLmGX+eRdLMuvK9E0SE+
u+sv79LcmcL3mGM7gCdZBbiXH88XgKM/xjnTl4Vi/LUI7E0KMyfhDdUycBGm3a/W
U8HkSYTaJgILkcs1VTb3MQD5KmttfvtIfG0A/Ab4k+OEDdqpgnvJUNKBggN0FIoT
tRoWonOQQDUrcKXGZmo+yBB3jfz8MFFSgMoPcIwvsHao1mRvqaMGUXW5uHFiaA23
gpIDnE38qrBaK5376yBe3i6Mo/pkh4jpWd5/4X9X73C1zEZXcGMGRoCIXwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFELsjkM9YlertykdiSafOKN9yzmRMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUXV5T1F6MWlWNnUzS1IySkpwODRvMzNMT1pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6xBwE5
AwcAKhAvAAFeMA0GCSqGSIb3DQEBCwUAA4IBAQC3SeD16+cShADPB2fHJDgpbVtv
CT2/OufWTDl+sVNUmpyw+AScTr/95BI1VUk9Shjj3782+/94aaqdVVCnwvHnyKN0
cXSSp5Y5VNPLLU4i6tx1WAJLGqor++VaPnYTLh106qDaUrOZtqKadYtWZ5MEjXEZ
Vbc2rzXDNKzbxlFvpocrd+EyI/6DJ2oTwOnsI9aHCaaAiYjHxtx0lC3LTnZMh93m
lc7wrRLoua+IoQqO7IuNzGxCrpebXe5q2rEZ9gXa/d8U+2c4fzp94AILVCnBU8zs
T7W3IZS6QAcFhpwBKcfE88bpPE4b6BuJqzH2gBPR6gesSVwE9TIs7CXQKKLs
-----END CERTIFICATE-----