Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZQHOKIfuYRtWYDkDs_Q9uZyZfWE.roa
File:                     ZQHOKIfuYRtWYDkDs_Q9uZyZfWE.roa (raw, json)
Hash identifier:          MHYMdrMNaFke1iPuhKUUftlhwmSm3P3gtFCyJ6WrMF8=
Subject key identifier:   65:01:CE:28:87:EE:61:1B:56:60:39:03:B3:F4:3D:B9:9C:99:7D:61
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018DBD87AE55365EEF90F1A42E3A27F3A318
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZQHOKIfuYRtWYDkDs_Q9uZyZfWE.roa
Signing time:             Sun 18 Feb 2024 18:43:22 +0000
ROA not before:           Sun 18 Feb 2024 18:43:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215491
IP address blocks:        2a06:de00:40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:38:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:bd:87:ae:55:36:5e:ef:90:f1:a4:2e:3a:27:f3:a3:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb 18 18:43:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6501ce2887ee611b56603903b3f43db99c997d61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:5a:82:47:e1:c4:9f:b3:0b:1e:a2:f4:5e:d9:
                    a9:35:d5:b7:a7:85:58:ac:f1:96:78:72:93:dc:22:
                    5e:56:f3:04:b7:40:28:c6:99:7f:85:68:55:c9:3f:
                    fb:6a:11:88:88:5e:54:42:40:8d:d1:05:78:0f:40:
                    eb:56:94:1b:5c:ba:8f:23:7a:c5:96:95:63:fa:c5:
                    2c:21:a2:1e:ce:b3:2d:43:04:18:8d:f7:ff:e1:2a:
                    f2:fe:b1:89:06:8a:6a:20:24:50:87:49:f9:59:42:
                    d3:b3:9c:77:36:6d:4a:46:1d:c1:36:94:e5:56:d7:
                    4c:b4:e7:0e:7c:41:5b:bb:3f:68:4a:01:ec:7c:89:
                    f3:a5:c7:0f:b5:83:98:24:3f:dd:fe:90:2d:a7:72:
                    2e:2b:f7:3c:74:9d:c6:e7:43:0e:c1:d5:fc:22:e2:
                    bb:6f:95:59:ab:35:f7:18:85:aa:f2:a1:d9:dc:c3:
                    1b:e3:ea:1c:df:3f:12:be:c7:48:51:17:5a:7f:7b:
                    a8:de:14:6b:d9:3b:1b:ae:cc:d3:41:0e:16:7e:41:
                    26:f2:03:69:90:f9:e1:70:92:d2:ee:18:3e:d5:c5:
                    3b:c6:06:d3:04:42:08:9e:61:c1:27:28:20:c6:40:
                    70:d1:26:04:1a:8a:0f:ce:56:e7:b0:b5:e7:3c:ae:
                    a2:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:01:CE:28:87:EE:61:1B:56:60:39:03:B3:F4:3D:B9:9C:99:7D:61
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZQHOKIfuYRtWYDkDs_Q9uZyZfWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de00:40::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:e7:d9:aa:63:d7:e8:20:b2:39:bc:9a:b6:3c:b8:c3:45:43:
         82:8b:9b:a5:a4:c9:00:22:1c:df:41:3a:77:ab:84:97:66:37:
         80:36:bb:c0:5e:8e:f5:f7:bc:3e:38:ee:9a:94:c7:de:b0:af:
         eb:1f:05:de:cf:14:ff:a6:75:99:c3:a8:9b:92:43:ce:9d:ed:
         05:9f:db:3e:e7:0d:2f:5b:22:7c:6c:dc:3f:e6:c3:58:58:a7:
         7e:75:0a:12:f3:be:47:70:6b:74:83:8f:fc:3a:0b:96:6e:27:
         f3:55:f5:a5:2d:1a:4b:5f:28:6c:5a:a1:b0:5b:74:0b:87:9f:
         b0:02:70:52:26:78:c3:db:4e:9b:1a:e3:c3:20:7f:9c:60:65:
         39:5d:49:7c:7a:c8:eb:e1:94:a4:d2:cc:d8:70:16:10:c9:d8:
         e4:e1:98:a2:8f:04:b9:74:22:14:f0:37:8f:48:b8:23:2f:83:
         94:ba:f7:d3:d9:cd:d2:b9:c0:c3:13:a4:ee:24:8b:af:7a:0c:
         d8:05:cb:ad:94:e7:98:c3:bd:c2:6e:a2:c4:d7:21:ed:40:98:
         b5:33:81:34:34:3d:3c:fe:7f:8a:05:36:39:d4:cc:4a:1a:5b:
         1f:54:70:32:b2:61:88:42:5a:7d:74:64:bf:c3:6e:ec:41:22:
         fd:9c:b3:73
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY29h65VNl7vkPGkLjon86MYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMjE4MTg0MzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTAxY2UyODg3ZWU2MTFiNTY2MDM5MDNiM2Y0M2RiOTljOTk3ZDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFqCR+HEn7MLHqL0XtmpNdW3p4VY
rPGWeHKT3CJeVvMEt0Aoxpl/hWhVyT/7ahGIiF5UQkCN0QV4D0DrVpQbXLqPI3rF
lpVj+sUsIaIezrMtQwQYjff/4Sry/rGJBopqICRQh0n5WULTs5x3Nm1KRh3BNpTl
VtdMtOcOfEFbuz9oSgHsfInzpccPtYOYJD/d/pAtp3IuK/c8dJ3G50MOwdX8IuK7
b5VZqzX3GIWq8qHZ3MMb4+oc3z8SvsdIURdaf3uo3hRr2TsbrszTQQ4WfkEm8gNp
kPnhcJLS7hg+1cU7xgbTBEIInmHBJyggxkBw0SYEGooPzlbnsLXnPK6iNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGUBziiH7mEbVmA5A7P0PbmcmX1hMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWlFIT0tJZnVZUnRXWURrRHNfUTl1WnlaZldFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgbeAABA
MA0GCSqGSIb3DQEBCwUAA4IBAQBb59mqY9foILI5vJq2PLjDRUOCi5ulpMkAIhzf
QTp3q4SXZjeANrvAXo7197w+OO6alMfesK/rHwXezxT/pnWZw6ibkkPOne0Fn9s+
5w0vWyJ8bNw/5sNYWKd+dQoS875HcGt0g4/8OguWbifzVfWlLRpLXyhsWqGwW3QL
h5+wAnBSJnjD206bGuPDIH+cYGU5XUl8esjr4ZSk0szYcBYQydjk4ZiijwS5dCIU
8DePSLgjL4OUuvfT2c3SucDDE6TuJIuvegzYBcutlOeYw73CbqLE1yHtQJi1M4E0
ND08/n+KBTY51MxKGlsfVHAysmGIQlp9dGS/w27sQSL9nLNz
-----END CERTIFICATE-----