Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZlriwIj0Npae629iMINVOAzzOFA.roa
File:                     ZlriwIj0Npae629iMINVOAzzOFA.roa (raw, json)
Hash identifier:          Fw0XocTvNJpGZTZgw++qJy+TXqZVG0kGtSIVl1UkJp8=
Subject key identifier:   66:5A:E2:C0:88:F4:36:96:9E:EB:6F:62:30:83:55:38:0C:F3:38:50
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD4D410E3F8BF49A363DC2A7E973BF
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZlriwIj0Npae629iMINVOAzzOFA.roa
Signing time:             Tue 02 Jan 2024 10:34:35 +0000
ROA not before:           Tue 02 Jan 2024 10:34:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213244
IP address blocks:        2a0e:b107:d91::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:4d:41:0e:3f:8b:f4:9a:36:3d:c2:a7:e9:73:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=665ae2c088f436969eeb6f62308355380cf33850
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ea:f8:d4:c1:a1:6f:85:97:23:c9:b1:eb:46:
                    66:b2:3d:72:ac:f7:29:76:54:34:ba:aa:3b:78:d4:
                    12:b0:08:06:ae:e6:5d:4f:93:6f:5b:64:6b:2a:5a:
                    56:72:e4:19:0a:3d:54:27:f2:1a:8e:eb:fc:af:ef:
                    51:9a:c3:8e:b3:55:5c:a7:5a:75:71:8f:04:b4:66:
                    77:b9:67:d0:96:cd:12:a7:9e:17:6b:86:65:7e:31:
                    c3:48:51:9f:98:b7:29:ac:9d:f1:5b:76:d1:dd:0d:
                    b7:ea:ca:a1:a6:35:74:4a:ff:5f:6d:cf:24:d6:f7:
                    d5:1e:40:7b:64:0b:e5:54:cf:8b:05:47:a6:92:d6:
                    e8:66:73:1c:e2:2c:f8:48:89:08:d8:16:5f:a6:e5:
                    67:dd:ae:cb:16:bc:67:e6:49:26:f1:bf:f0:0e:cd:
                    4b:2e:2b:e0:00:85:64:eb:d2:c8:24:3f:c5:92:c9:
                    b8:2a:b9:0b:fb:5d:80:e0:35:72:df:ef:e7:93:b9:
                    ee:15:ff:a6:0b:cd:66:40:11:b4:19:c0:2c:e3:c7:
                    81:fa:75:f6:7e:3a:a7:b4:5d:7d:51:fd:dd:d7:52:
                    1d:96:c6:cb:7e:ad:83:7f:44:4c:f7:26:ce:df:27:
                    7f:06:b6:25:c7:5b:d8:7f:f2:68:08:17:1f:57:50:
                    0e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:5A:E2:C0:88:F4:36:96:9E:EB:6F:62:30:83:55:38:0C:F3:38:50
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZlriwIj0Npae629iMINVOAzzOFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:d91::/48

    Signature Algorithm: sha256WithRSAEncryption
         cd:71:2f:47:d6:41:46:d5:b8:31:dd:b2:15:83:37:d4:b0:60:
         41:24:3c:7f:65:fc:34:22:3a:1c:c4:8d:13:d7:3f:38:12:2e:
         9e:f0:6f:39:7d:91:8a:f6:4c:72:cc:6e:b5:bb:98:ed:83:ca:
         8c:c6:b2:7b:6c:99:81:b6:d1:6f:2a:e9:8a:bf:ad:e1:9b:fc:
         e0:26:2c:f5:47:83:fd:6c:12:14:6b:26:0f:07:b6:38:9b:a2:
         5c:83:0c:2e:27:dd:87:5b:bb:49:e7:54:4f:ff:89:d2:e9:6f:
         cf:69:5a:d7:d8:86:f6:24:ef:fc:e9:ac:ea:1b:75:d9:2b:6f:
         ee:12:94:74:05:e4:c4:54:a6:73:6b:11:73:a2:19:38:86:63:
         43:48:66:1e:b6:ec:f1:b9:58:a5:a5:0b:14:11:5e:d3:3b:d7:
         71:cc:f7:6e:e9:62:4a:c5:2f:9c:87:b0:f7:a1:ec:0a:e8:dd:
         39:ed:21:a5:44:27:62:13:ce:7a:52:39:95:0f:18:85:f8:e2:
         fe:d0:66:73:03:34:05:08:36:b0:49:db:22:a3:51:8a:eb:48:
         f2:37:ab:56:4d:88:e0:95:41:d1:66:2c:ea:8c:4e:25:48:e1:
         bb:79:e5:c6:96:12:d8:7e:e8:d2:4e:d8:89:d3:ef:c0:a7:7a:
         b5:98:12:68
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvU1BDj+L9Jo2PcKn6XO/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjVhZTJjMDg4ZjQzNjk2OWVlYjZmNjIzMDgzNTUzODBjZjMzODUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjur41MGhb4WXI8mx60Zmsj1yrPcp
dlQ0uqo7eNQSsAgGruZdT5NvW2RrKlpWcuQZCj1UJ/Iajuv8r+9RmsOOs1Vcp1p1
cY8EtGZ3uWfQls0Sp54Xa4ZlfjHDSFGfmLcprJ3xW3bR3Q236sqhpjV0Sv9fbc8k
1vfVHkB7ZAvlVM+LBUemktboZnMc4iz4SIkI2BZfpuVn3a7LFrxn5kkm8b/wDs1L
LivgAIVk69LIJD/Fksm4KrkL+12A4DVy3+/nk7nuFf+mC81mQBG0GcAs48eB+nX2
fjqntF19Uf3d11IdlsbLfq2Df0RM9ybO3yd/BrYlx1vYf/JoCBcfV1AOkQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGZa4sCI9DaWnutvYjCDVTgM8zhQMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWmxyaXdJajBOcGFlNjI5aU1JTlZPQXp6T0ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBw2R
MA0GCSqGSIb3DQEBCwUAA4IBAQDNcS9H1kFG1bgx3bIVgzfUsGBBJDx/Zfw0Ijoc
xI0T1z84Ei6e8G85fZGK9kxyzG61u5jtg8qMxrJ7bJmBttFvKumKv63hm/zgJiz1
R4P9bBIUayYPB7Y4m6JcgwwuJ92HW7tJ51RP/4nS6W/PaVrX2Ib2JO/86azqG3XZ
K2/uEpR0BeTEVKZzaxFzohk4hmNDSGYetuzxuVilpQsUEV7TO9dxzPdu6WJKxS+c
h7D3oewK6N057SGlRCdiE856UjmVDxiF+OL+0GZzAzQFCDawSdsio1GK60jyN6tW
TYjglUHRZizqjE4lSOG7eeXGlhLYfujSTtiJ0+/Ap3q1mBJo
-----END CERTIFICATE-----