Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZVdYVdG_8nfH6UivdMj761gaINI.roa
File:                     ZVdYVdG_8nfH6UivdMj761gaINI.roa (raw, json)
Hash identifier:          8TEEy0LIKEzPcWj/vrizJXaC3rUidMdJPtX1S1uwvME=
Subject key identifier:   65:57:58:55:D1:BF:F2:77:C7:E9:48:AF:74:C8:FB:EB:58:1A:20:D2
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019156B7A0C716FD3BDD7364B41A38CB25DB
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZVdYVdG_8nfH6UivdMj761gaINI.roa
Signing time:             Thu 15 Aug 2024 15:46:00 +0000
ROA not before:           Thu 15 Aug 2024 15:46:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198747
IP address blocks:        2a0e:97c0:388::/48 maxlen: 48
                          2a0e:97c0:38f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:56:b7:a0:c7:16:fd:3b:dd:73:64:b4:1a:38:cb:25:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Aug 15 15:46:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65575855d1bff277c7e948af74c8fbeb581a20d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:fb:72:19:5b:72:fe:ac:d2:18:12:67:a8:f0:
                    52:7a:8a:27:7a:85:c2:84:ca:98:6b:20:af:84:58:
                    de:bf:40:c8:07:ce:e4:a1:b6:b3:6e:87:8e:c6:95:
                    fe:cf:11:43:59:a5:4b:0d:3d:a2:f2:c0:f3:a1:c5:
                    92:84:9d:b7:b5:a4:4d:d0:03:c2:ec:29:41:e8:27:
                    0a:22:2c:c1:d2:f1:2d:0b:2d:64:bd:9b:e7:8c:b2:
                    b7:fb:91:7e:93:5e:8f:37:cb:b5:f3:69:5f:63:e9:
                    24:7f:34:be:e6:7d:2b:b6:8a:57:bf:c4:bf:39:2b:
                    76:e7:fe:ff:5b:b1:41:1a:bb:45:9b:ab:30:07:42:
                    04:ff:b4:e0:36:26:f4:21:a6:79:45:ff:e6:f6:bb:
                    00:09:57:d5:f1:65:dc:2d:76:19:75:27:88:75:d7:
                    0f:7d:e4:52:8c:1d:c7:b7:68:61:43:b7:f7:6e:a9:
                    a9:a9:d9:ef:49:f2:15:80:a0:3f:90:b3:75:d5:52:
                    0f:25:59:84:b8:c2:c0:de:e8:92:b4:2f:14:e5:44:
                    57:65:b3:4a:14:56:9f:97:a0:1e:d3:10:9a:b2:bd:
                    47:cc:57:a5:e3:05:48:d1:e2:ea:32:c2:16:c0:d0:
                    14:e6:c3:c7:c8:28:a7:4f:f3:cf:03:a1:50:dd:b7:
                    90:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:57:58:55:D1:BF:F2:77:C7:E9:48:AF:74:C8:FB:EB:58:1A:20:D2
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZVdYVdG_8nfH6UivdMj761gaINI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:388::/48
                  2a0e:97c0:38f::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:20:a1:8a:7f:5d:df:17:8c:af:30:8e:89:18:80:3a:ba:76:
         7a:bc:a6:ce:dc:46:47:0a:c5:c7:86:6e:70:5d:bf:7b:1e:66:
         3c:0c:93:60:6f:d1:17:fd:4e:03:cf:9e:da:e9:a1:76:30:c5:
         be:9b:6c:e3:d2:42:b4:71:9b:8e:aa:eb:aa:0b:ee:d0:fb:25:
         93:2d:02:74:b5:dc:d9:d5:a1:13:f1:65:fc:7e:43:fd:b3:d1:
         84:f6:68:ec:06:a8:ba:03:5e:e6:18:a3:16:17:0f:e8:c9:65:
         60:b1:7b:3b:78:bd:b2:d3:b4:1a:e4:d7:82:c6:6f:4a:b7:48:
         9d:4b:38:ba:13:53:9c:b8:ab:b2:a1:75:a0:bb:b2:fa:ad:68:
         b6:b6:44:4f:46:bc:0c:43:49:79:1d:e1:c4:e7:b2:23:ab:47:
         4d:65:bb:e0:82:f5:8a:83:33:61:76:c3:c2:90:77:30:d1:15:
         1e:3f:b1:ea:01:99:d5:d5:5a:e8:14:50:de:f2:05:e1:c7:bd:
         f5:c2:09:05:b9:02:55:00:df:4a:73:20:f8:58:17:d3:3b:c1:
         eb:a0:8f:e1:d9:e0:64:6c:7f:73:f1:91:b5:0d:29:63:4c:e3:
         a3:88:25:00:bc:3a:50:9a:32:62:64:9e:c5:f9:a4:06:cf:97:
         29:09:04:fa
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZFWt6DHFv073XNktBo4yyXbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwODE1MTU0NjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTU3NTg1NWQxYmZmMjc3YzdlOTQ4YWY3NGM4ZmJlYjU4MWEyMGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPtyGVty/qzSGBJnqPBSeooneoXC
hMqYayCvhFjev0DIB87kobazboeOxpX+zxFDWaVLDT2i8sDzocWShJ23taRN0APC
7ClB6CcKIizB0vEtCy1kvZvnjLK3+5F+k16PN8u182lfY+kkfzS+5n0rtopXv8S/
OSt25/7/W7FBGrtFm6swB0IE/7TgNib0IaZ5Rf/m9rsACVfV8WXcLXYZdSeIddcP
feRSjB3Ht2hhQ7f3bqmpqdnvSfIVgKA/kLN11VIPJVmEuMLA3uiStC8U5URXZbNK
FFafl6Ae0xCasr1HzFel4wVI0eLqMsIWwNAU5sPHyCinT/PPA6FQ3beQzQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGVXWFXRv/J3x+lIr3TI++tYGiDSMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWlZkWVZkR184bmZINlVpdmRNajc2MWdhSU5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6XwAOI
AwcAKg6XwAOPMA0GCSqGSIb3DQEBCwUAA4IBAQAkIKGKf13fF4yvMI6JGIA6unZ6
vKbO3EZHCsXHhm5wXb97HmY8DJNgb9EX/U4Dz57a6aF2MMW+m2zj0kK0cZuOquuq
C+7Q+yWTLQJ0tdzZ1aET8WX8fkP9s9GE9mjsBqi6A17mGKMWFw/oyWVgsXs7eL2y
07Qa5NeCxm9Kt0idSzi6E1OcuKuyoXWgu7L6rWi2tkRPRrwMQ0l5HeHE57Ijq0dN
ZbvggvWKgzNhdsPCkHcw0RUeP7HqAZnV1VroFFDe8gXhx731wgkFuQJVAN9KcyD4
WBfTO8HroI/h2eBkbH9z8ZG1DSljTOOjiCUAvDpQmjJiZJ7F+aQGz5cpCQT6
-----END CERTIFICATE-----