Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XQEWXlYZa1sKFexOkD0rZv9JV2A.roa
File:                     XQEWXlYZa1sKFexOkD0rZv9JV2A.roa (raw, json)
Hash identifier:          bw/7a3hGtaj3OZotzEw+1pzRfHGB70dmXgs+V1ogrJg=
Subject key identifier:   5D:01:16:5E:56:19:6B:5B:0A:15:EC:4E:90:3D:2B:66:FF:49:57:60
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01938E33A8FA59C297F9B445C278BB69B54A
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XQEWXlYZa1sKFexOkD0rZv9JV2A.roa
Signing time:             Tue 03 Dec 2024 20:26:10 +0000
ROA not before:           Tue 03 Dec 2024 20:26:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39351
IP address blocks:        2a06:de00:10::/44 maxlen: 48
                          2a10:ccc2:20::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 13:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:8e:33:a8:fa:59:c2:97:f9:b4:45:c2:78:bb:69:b5:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Dec  3 20:26:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d01165e56196b5b0a15ec4e903d2b66ff495760
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:6b:a0:e9:95:92:de:b2:e2:24:97:5e:e5:ac:
                    82:46:23:77:43:f1:cb:f4:36:31:9c:0b:a0:c1:da:
                    b7:8a:61:b8:00:23:c0:56:d5:7e:d9:c7:4a:93:4c:
                    1a:13:73:f5:17:0a:76:d5:20:0c:fc:53:4e:2e:58:
                    bc:2d:3e:7d:33:bf:16:01:6c:0a:6c:a3:c4:22:19:
                    6e:a4:95:ec:eb:c2:6b:fd:92:e7:45:12:2b:ce:bb:
                    5a:14:d2:cd:04:da:b8:f5:32:2f:b9:1b:7e:e8:18:
                    04:b7:62:71:4f:a9:a4:05:8f:c5:81:6a:de:cc:3d:
                    ca:7e:37:5c:b5:37:1f:5b:18:b0:df:62:cd:cd:1d:
                    6b:69:a0:6d:77:68:a7:14:05:7c:6a:8f:3c:3d:66:
                    fa:03:60:94:6b:57:ad:fc:81:b3:81:c9:3e:23:1a:
                    21:bf:6d:e5:13:d8:b9:64:87:2a:48:3d:fa:df:ef:
                    65:d8:f3:5a:df:92:3a:57:f6:a2:ae:61:ff:d7:27:
                    6e:1e:c6:99:e4:f8:fe:ee:ca:e7:15:75:e7:61:5c:
                    00:d6:73:a2:a8:c4:ab:32:45:88:24:62:a4:f8:6d:
                    d3:5c:69:dc:d9:02:05:3b:00:3e:ee:82:b7:33:7b:
                    5a:91:a3:32:5b:48:21:db:86:dd:60:e6:1f:11:e1:
                    11:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:01:16:5E:56:19:6B:5B:0A:15:EC:4E:90:3D:2B:66:FF:49:57:60
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XQEWXlYZa1sKFexOkD0rZv9JV2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de00:10::/44
                  2a10:ccc2:20::/44

    Signature Algorithm: sha256WithRSAEncryption
         7f:06:84:05:70:2f:94:c2:ad:a1:57:1c:28:e8:bf:e2:f2:8e:
         7e:cf:95:70:52:ac:49:ab:84:f2:8f:05:d5:cc:68:b5:dc:58:
         a6:cb:a4:9d:53:27:2d:74:b4:a2:3a:0e:ea:2a:35:ca:fe:4c:
         60:c3:aa:75:f9:66:e7:22:3f:24:33:71:1d:a0:a8:5d:af:03:
         55:19:7a:99:ef:ce:cf:35:47:64:0b:6a:bc:17:32:8c:07:37:
         f2:be:f3:6b:2a:cf:bd:b3:4d:47:5c:30:94:08:e8:25:d3:dd:
         f1:31:f2:32:8a:b8:db:4e:f1:4c:d2:a7:b1:a2:6c:45:fd:10:
         a7:75:6f:ce:bf:23:cd:50:5c:7f:96:92:1b:1e:0f:16:58:33:
         10:0f:13:88:ce:92:fb:df:27:21:2e:f0:07:19:86:d9:23:3d:
         4c:e9:dc:3f:c5:2d:c9:40:89:65:de:db:ba:70:49:4b:e1:d1:
         95:a5:17:bd:1f:48:b1:30:69:b2:6d:72:e6:b4:e8:71:dc:b6:
         7a:de:e3:46:02:f0:ca:b6:5d:63:09:88:ac:8d:69:48:23:14:
         aa:70:26:ec:f0:58:db:57:28:2d:bb:c4:e2:71:42:5d:fa:35:
         34:20:c4:50:c4:86:0d:89:4e:c3:f0:3b:67:d1:ff:e3:ec:0b:
         45:d8:0c:e9
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZOOM6j6WcKX+bRFwni7abVKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQxMjAzMjAyNjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDAxMTY1ZTU2MTk2YjViMGExNWVjNGU5MDNkMmI2NmZmNDk1NzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Wug6ZWS3rLiJJde5ayCRiN3Q/HL
9DYxnAugwdq3imG4ACPAVtV+2cdKk0waE3P1Fwp21SAM/FNOLli8LT59M78WAWwK
bKPEIhlupJXs68Jr/ZLnRRIrzrtaFNLNBNq49TIvuRt+6BgEt2JxT6mkBY/FgWre
zD3KfjdctTcfWxiw32LNzR1raaBtd2inFAV8ao88PWb6A2CUa1et/IGzgck+Ixoh
v23lE9i5ZIcqSD363+9l2PNa35I6V/airmH/1yduHsaZ5Pj+7srnFXXnYVwA1nOi
qMSrMkWIJGKk+G3TXGnc2QIFOwA+7oK3M3takaMyW0gh24bdYOYfEeERRwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFF0BFl5WGWtbChXsTpA9K2b/SVdgMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWFFFV1hsWVphMXNLRmV4T2tEMHJadjlKVjJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKgbeAAAQ
AwcEKhDMwgAgMA0GCSqGSIb3DQEBCwUAA4IBAQB/BoQFcC+Uwq2hVxwo6L/i8o5+
z5VwUqxJq4TyjwXVzGi13Fimy6SdUyctdLSiOg7qKjXK/kxgw6p1+WbnIj8kM3Ed
oKhdrwNVGXqZ787PNUdkC2q8FzKMBzfyvvNrKs+9s01HXDCUCOgl093xMfIyirjb
TvFM0qexomxF/RCndW/OvyPNUFx/lpIbHg8WWDMQDxOIzpL73ychLvAHGYbZIz1M
6dw/xS3JQIll3tu6cElL4dGVpRe9H0ixMGmybXLmtOhx3LZ63uNGAvDKtl1jCYis
jWlIIxSqcCbs8FjbVygtu8TicUJd+jU0IMRQxIYNiU7D8Dtn0f/j7AtF2Azp
-----END CERTIFICATE-----