Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/aAb6BZfXMuSdM6htsa8uygIL-EM.roa
File:                     aAb6BZfXMuSdM6htsa8uygIL-EM.roa (raw, json)
Hash identifier:          6JDXSe5HBpJdJggIW5sfSUCvG2T4unQfxf1GgQxOBv4=
Subject key identifier:   68:06:FA:05:97:D7:32:E4:9D:33:A8:6D:B1:AF:2E:CA:02:0B:F8:43
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD4EF9D86E4BC0E1141040F1C9C72A
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/aAb6BZfXMuSdM6htsa8uygIL-EM.roa
Signing time:             Tue 02 Jan 2024 10:34:36 +0000
ROA not before:           Tue 02 Jan 2024 10:34:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213316
IP address blocks:        2a10:2f01:240::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:4e:f9:d8:6e:4b:c0:e1:14:10:40:f1:c9:c7:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6806fa0597d732e49d33a86db1af2eca020bf843
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:bd:9d:ea:24:6d:da:9c:71:53:b9:23:28:c0:
                    22:45:92:a2:e6:8d:52:ec:53:aa:25:be:c7:39:68:
                    d9:74:5c:43:31:a4:6e:79:c8:49:38:6d:0f:4f:7c:
                    83:51:b1:17:a1:74:91:37:79:0e:00:53:16:0e:fd:
                    4d:33:a2:82:47:78:6f:8b:ec:b2:dd:f8:ab:ec:9f:
                    30:bc:cc:cc:02:09:f6:0a:3e:57:c3:fa:ce:2d:6c:
                    35:fc:8b:f1:6f:ec:68:26:c3:c5:0b:e2:07:5b:d7:
                    f9:f2:c7:9f:ef:80:e2:e4:41:f7:15:10:aa:9d:d7:
                    99:35:9c:0b:71:17:3a:82:b4:ed:21:8e:ff:76:09:
                    4d:21:5c:e8:bf:eb:6e:24:1c:2c:1d:4c:ad:1e:1c:
                    f1:d2:ba:f1:97:5f:21:43:3f:a3:90:f7:e1:80:2f:
                    57:3d:14:2b:7e:b0:94:a3:a2:9b:ea:cf:fc:22:86:
                    26:b0:d2:bb:19:26:59:27:a1:98:0f:cc:e3:4d:06:
                    f1:07:60:58:74:8c:5e:f4:1a:1a:2e:ab:ee:2d:82:
                    5e:9f:65:ad:85:ee:41:9a:01:cc:8a:00:14:c1:8a:
                    4b:b9:ef:48:2e:37:2e:ac:16:2b:55:47:5b:a7:c6:
                    5d:1b:8c:5d:34:24:49:67:63:36:0f:a1:4a:a1:16:
                    e3:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:06:FA:05:97:D7:32:E4:9D:33:A8:6D:B1:AF:2E:CA:02:0B:F8:43
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/aAb6BZfXMuSdM6htsa8uygIL-EM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f01:240::/44

    Signature Algorithm: sha256WithRSAEncryption
         1f:e8:be:ca:b0:87:ad:de:05:40:0e:cb:ac:71:5a:c5:0f:6b:
         e5:99:c6:4b:2f:09:58:71:dc:ae:fe:5a:a4:ad:c6:17:b5:4f:
         e7:7e:14:2c:c0:5a:ea:b2:00:f0:b0:d5:24:d6:ef:76:80:a3:
         7c:37:8d:bf:06:aa:33:f6:bb:e5:e3:16:bf:07:76:c8:fd:2f:
         ef:8d:2a:c3:7f:04:10:f0:1b:6b:f9:ed:c1:00:e1:2a:f3:ed:
         2e:67:29:d7:20:85:36:8b:36:c3:64:34:c9:3c:92:15:2f:d3:
         b5:5c:43:47:0f:aa:d5:81:ab:c1:0d:ef:30:59:ec:0f:05:09:
         e3:5d:1b:53:a1:bb:7e:0e:e0:fb:cc:b6:57:db:d5:59:cd:63:
         86:43:7f:1b:88:e5:58:ce:3e:bd:c1:3e:42:d5:f1:f3:4d:c0:
         88:37:07:91:9d:e2:73:34:b1:14:18:04:9c:f1:8c:5d:6b:63:
         f9:a8:9c:9d:aa:55:31:51:ef:3d:03:76:3b:13:b1:a1:3c:70:
         96:a0:82:c0:aa:9b:ff:53:a3:b5:b7:92:6d:e8:c6:e8:1f:96:
         c3:6b:eb:8f:2f:2f:43:ed:ad:fd:31:09:23:b8:9a:19:37:c7:
         34:f1:9a:fb:cd:5d:57:11:f2:d5:6e:f1:a3:89:ea:ad:45:82:
         0f:8a:fe:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvU752G5LwOEUEEDxyccqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODA2ZmEwNTk3ZDczMmU0OWQzM2E4NmRiMWFmMmVjYTAyMGJmODQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjr2d6iRt2pxxU7kjKMAiRZKi5o1S
7FOqJb7HOWjZdFxDMaRuechJOG0PT3yDUbEXoXSRN3kOAFMWDv1NM6KCR3hvi+yy
3fir7J8wvMzMAgn2Cj5Xw/rOLWw1/Ivxb+xoJsPFC+IHW9f58sef74Di5EH3FRCq
ndeZNZwLcRc6grTtIY7/dglNIVzov+tuJBwsHUytHhzx0rrxl18hQz+jkPfhgC9X
PRQrfrCUo6Kb6s/8IoYmsNK7GSZZJ6GYD8zjTQbxB2BYdIxe9BoaLqvuLYJen2Wt
he5BmgHMigAUwYpLue9ILjcurBYrVUdbp8ZdG4xdNCRJZ2M2D6FKoRbjyQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGgG+gWX1zLknTOobbGvLsoCC/hDMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvYUFiNkJaZlhNdVNkTTZodHNhOHV5Z0lMLUVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhAvAQJA
MA0GCSqGSIb3DQEBCwUAA4IBAQAf6L7KsIet3gVADsuscVrFD2vlmcZLLwlYcdyu
/lqkrcYXtU/nfhQswFrqsgDwsNUk1u92gKN8N42/Bqoz9rvl4xa/B3bI/S/vjSrD
fwQQ8Btr+e3BAOEq8+0uZynXIIU2izbDZDTJPJIVL9O1XENHD6rVgavBDe8wWewP
BQnjXRtTobt+DuD7zLZX29VZzWOGQ38biOVYzj69wT5C1fHzTcCINweRneJzNLEU
GASc8Yxda2P5qJydqlUxUe89A3Y7E7GhPHCWoILAqpv/U6O1t5Jt6MboH5bDa+uP
Ly9D7a39MQkjuJoZN8c08Zr7zV1XEfLVbvGjieqtRYIPiv7J
-----END CERTIFICATE-----