Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/mqc-X3Z5kSvigJBGFIhMk0d_unQ.roa
File:                     mqc-X3Z5kSvigJBGFIhMk0d_unQ.roa (raw, json)
Hash identifier:          w2OZaPAIv9BtQQM62baB854rIuLU8FH2CJNMQyK1gGw=
Subject key identifier:   9A:A7:3E:5F:76:79:91:2B:E2:80:90:46:14:88:4C:93:47:7F:BA:74
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD310D2B32A0622521F19099411A5C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/mqc-X3Z5kSvigJBGFIhMk0d_unQ.roa
Signing time:             Tue 02 Jan 2024 10:34:28 +0000
ROA not before:           Tue 02 Jan 2024 10:34:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211168
IP address blocks:        2a0e:b107:13d6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:31:0d:2b:32:a0:62:25:21:f1:90:99:41:1a:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9aa73e5f7679912be280904614884c93477fba74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:b0:4d:75:36:39:9e:3a:8b:28:67:b2:dd:ad:
                    f8:c3:07:01:e1:2b:a3:7b:bb:1d:31:4c:7f:8a:c7:
                    d7:72:0e:0c:9d:f4:c4:05:9e:27:4d:19:e6:3b:65:
                    38:0c:0f:9c:0f:03:c8:15:b5:22:07:27:db:80:63:
                    0e:55:e0:2f:37:6b:1f:ac:46:ac:65:d6:fa:df:30:
                    43:26:24:a4:17:07:e7:76:d3:2b:6f:02:b2:e7:99:
                    2b:93:b4:7d:b5:ca:41:c3:70:fb:9b:6d:3a:30:72:
                    a7:21:7c:cc:7d:88:a5:f4:13:a7:f4:28:82:08:c0:
                    3f:17:6a:a2:c1:b1:d1:85:73:9f:e4:ab:b7:bb:0c:
                    f1:ee:8a:6a:32:4c:cf:9f:61:d3:5e:4a:ba:6f:44:
                    11:05:b2:82:ab:c9:73:dd:93:99:6b:c4:d0:f8:8d:
                    4a:7b:83:d9:2d:31:26:88:17:8b:c0:cd:11:1e:74:
                    48:4a:78:54:ad:51:f7:a2:49:f5:cc:b2:6e:80:b0:
                    d3:b7:30:34:0d:8c:d9:31:74:74:04:40:89:59:51:
                    76:48:01:ca:73:d3:be:75:e3:19:49:e0:7d:0f:68:
                    99:33:7f:a8:6d:e5:f9:29:df:2b:89:2e:a8:fa:2d:
                    d4:76:fb:ba:da:9e:8f:2e:e1:77:75:98:66:f6:23:
                    ac:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:A7:3E:5F:76:79:91:2B:E2:80:90:46:14:88:4C:93:47:7F:BA:74
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/mqc-X3Z5kSvigJBGFIhMk0d_unQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:13d6::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:c8:f9:21:af:0d:02:5a:eb:1c:be:a1:df:11:94:6f:1a:50:
         01:f2:d4:4e:b0:fc:c2:d9:11:37:80:93:e4:ae:75:4e:51:e2:
         27:fa:06:b8:08:62:ea:94:0c:bd:95:3d:44:58:5a:40:18:e7:
         47:c6:bc:e6:d3:99:ec:ff:1c:26:61:b6:42:d0:1e:51:73:64:
         01:22:b4:9e:5d:94:75:5b:dd:9d:11:7f:7f:58:77:4d:03:72:
         f9:2c:4c:77:37:c9:60:5c:e2:cd:fd:44:87:b9:61:70:f3:8c:
         26:3f:6a:ef:a5:b8:44:b4:b9:f0:02:65:02:ed:7b:9c:44:c7:
         c6:a4:5f:9d:a4:32:4d:b3:aa:34:02:37:22:55:4f:26:a5:1c:
         c7:ed:a8:33:af:d8:f5:07:ef:11:da:84:2d:66:fc:b2:72:30:
         d5:82:a0:66:c6:bc:bf:f3:a5:ba:2b:42:54:58:82:83:5d:1a:
         fc:15:d4:e8:48:98:95:86:4b:e0:91:53:cc:6d:82:f7:40:db:
         5d:dd:4c:b2:f0:1e:b1:45:ab:82:a3:36:9d:b5:4d:ce:90:91:
         f5:c3:ea:61:dd:e3:af:df:81:42:f4:40:c3:87:4d:73:de:c4:
         ec:d3:a9:1f:a0:37:e2:f8:9e:83:6c:91:4b:62:bd:95:66:c9:
         9f:6a:30:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvTENKzKgYiUh8ZCZQRpcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWE3M2U1Zjc2Nzk5MTJiZTI4MDkwNDYxNDg4NGM5MzQ3N2ZiYTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3bBNdTY5njqLKGey3a34wwcB4Suj
e7sdMUx/isfXcg4MnfTEBZ4nTRnmO2U4DA+cDwPIFbUiByfbgGMOVeAvN2sfrEas
Zdb63zBDJiSkFwfndtMrbwKy55krk7R9tcpBw3D7m206MHKnIXzMfYil9BOn9CiC
CMA/F2qiwbHRhXOf5Ku3uwzx7opqMkzPn2HTXkq6b0QRBbKCq8lz3ZOZa8TQ+I1K
e4PZLTEmiBeLwM0RHnRISnhUrVH3okn1zLJugLDTtzA0DYzZMXR0BECJWVF2SAHK
c9O+deMZSeB9D2iZM3+obeX5Kd8riS6o+i3Udvu62p6PLuF3dZhm9iOspQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJqnPl92eZEr4oCQRhSITJNHf7p0MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbXFjLVgzWjVrU3ZpZ0pCR0ZJaE1rMGRfdW5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBxPW
MA0GCSqGSIb3DQEBCwUAA4IBAQCeyPkhrw0CWuscvqHfEZRvGlAB8tROsPzC2RE3
gJPkrnVOUeIn+ga4CGLqlAy9lT1EWFpAGOdHxrzm05ns/xwmYbZC0B5Rc2QBIrSe
XZR1W92dEX9/WHdNA3L5LEx3N8lgXOLN/USHuWFw84wmP2rvpbhEtLnwAmUC7Xuc
RMfGpF+dpDJNs6o0AjciVU8mpRzH7agzr9j1B+8R2oQtZvyycjDVgqBmxry/86W6
K0JUWIKDXRr8FdToSJiVhkvgkVPMbYL3QNtd3Uyy8B6xRauCozadtU3OkJH1w+ph
3eOv34FC9EDDh01z3sTs06kfoDfi+J6DbJFLYr2VZsmfajD6
-----END CERTIFICATE-----