Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/nCK2ZMt7NcV-YlDLkXOBEN06324.roa
File:                     nCK2ZMt7NcV-YlDLkXOBEN06324.roa (raw, json)
Hash identifier:          7JeUxubhA3BJ6iTpFHFTrikAIMz5rh9zyOVF7GVJeO4=
Subject key identifier:   9C:22:B6:64:CB:7B:35:C5:7E:62:50:CB:91:73:81:10:DD:3A:DF:6E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0190753757B70CBDB2C143D8C0FD149A26A5
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/nCK2ZMt7NcV-YlDLkXOBEN06324.roa
Signing time:             Tue 02 Jul 2024 20:51:19 +0000
ROA not before:           Tue 02 Jul 2024 20:51:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214592
IP address blocks:        2a0e:97c0:420::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:75:37:57:b7:0c:bd:b2:c1:43:d8:c0:fd:14:9a:26:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jul  2 20:51:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c22b664cb7b35c57e6250cb91738110dd3adf6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:8a:a7:55:aa:99:ba:79:93:09:d2:01:2d:16:
                    f3:c8:d9:a9:61:db:14:4f:ea:5a:60:d7:ab:a0:ca:
                    74:bf:33:3c:79:26:37:a1:d7:66:99:85:fc:ab:62:
                    b0:49:e5:b2:eb:52:cf:02:0f:51:55:dc:47:c4:fb:
                    d7:3d:f4:c2:07:88:25:2f:1f:01:1e:ea:24:ce:bd:
                    24:ca:ce:f8:3d:db:3c:fb:fd:f3:f8:43:6a:7b:35:
                    d5:7d:e7:61:ed:68:a9:08:c0:3d:ca:40:f2:74:d3:
                    b8:74:aa:9f:d3:6e:a5:48:57:ff:ac:d6:97:30:2f:
                    74:df:d7:8f:09:04:0f:1b:da:b9:35:58:d5:3f:62:
                    af:20:37:4c:db:e0:cf:84:dc:bb:86:56:db:a3:71:
                    cf:da:22:49:54:54:15:9f:93:8c:17:0f:9c:d1:f7:
                    14:ff:88:43:c4:1d:ae:0f:64:c3:08:b4:92:46:99:
                    73:74:39:40:30:fb:9f:d3:9d:c9:a1:b7:ce:ff:24:
                    41:81:21:95:6f:80:bf:70:cd:38:40:d4:e6:ef:aa:
                    1d:78:96:38:e8:8b:f8:ca:82:bf:18:5b:b1:16:de:
                    c6:a3:f5:1a:ae:29:21:33:46:f0:ab:a9:41:ca:1f:
                    94:2a:b1:49:4a:c4:76:da:c0:20:65:30:3d:88:e5:
                    15:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:22:B6:64:CB:7B:35:C5:7E:62:50:CB:91:73:81:10:DD:3A:DF:6E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/nCK2ZMt7NcV-YlDLkXOBEN06324.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:420::/44

    Signature Algorithm: sha256WithRSAEncryption
         b1:a0:80:7f:28:cb:74:40:39:16:44:72:73:ad:8a:39:78:23:
         05:68:70:83:a5:d3:df:04:3d:37:50:2c:67:39:31:0a:92:a3:
         8e:23:ef:92:a1:25:e6:e1:bf:92:82:7f:c7:02:84:2c:99:5c:
         d4:e6:c6:91:13:41:8d:47:82:ca:6f:2e:08:dc:75:e2:e7:1b:
         a3:f8:c5:22:04:61:cf:3f:c7:cf:d4:44:57:4f:9c:b6:93:38:
         fa:dd:c7:c6:ef:2d:00:45:27:db:e5:ad:f1:8c:46:aa:39:9d:
         3c:76:91:d5:ff:c4:b2:2e:3a:86:2f:28:23:cf:6c:2e:be:dd:
         3e:ac:53:38:b8:7c:84:30:9b:04:ff:d8:b2:e6:57:95:ce:26:
         90:26:7d:0d:f8:5d:a5:b3:bb:d7:56:f7:aa:44:9e:27:da:99:
         2b:37:4c:1d:8d:8c:0f:be:26:bf:8e:22:40:0b:88:18:0b:13:
         c0:ff:4b:f7:4e:89:b6:90:73:47:a7:c6:27:68:61:38:09:70:
         31:9b:43:b6:b9:a4:db:18:3d:1e:bc:14:6c:c8:8f:4e:60:47:
         42:8b:f9:f3:14:dc:0f:d0:9f:7c:08:19:a3:6c:ea:17:dc:d8:
         43:c7:3a:b1:e5:98:72:dc:e1:7e:34:94:89:fb:5d:c1:6c:ac:
         b4:de:2e:ea
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZB1N1e3DL2ywUPYwP0UmialMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNzAyMjA1MTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzIyYjY2NGNiN2IzNWM1N2U2MjUwY2I5MTczODExMGRkM2FkZjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4qnVaqZunmTCdIBLRbzyNmpYdsU
T+paYNeroMp0vzM8eSY3oddmmYX8q2KwSeWy61LPAg9RVdxHxPvXPfTCB4glLx8B
Huokzr0kys74Pds8+/3z+ENqezXVfedh7WipCMA9ykDydNO4dKqf026lSFf/rNaX
MC9039ePCQQPG9q5NVjVP2KvIDdM2+DPhNy7hlbbo3HP2iJJVFQVn5OMFw+c0fcU
/4hDxB2uD2TDCLSSRplzdDlAMPuf053JobfO/yRBgSGVb4C/cM04QNTm76odeJY4
6Iv4yoK/GFuxFt7Go/UarikhM0bwq6lByh+UKrFJSsR22sAgZTA9iOUVMQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJwitmTLezXFfmJQy5FzgRDdOt9uMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbkNLMlpNdDdOY1YtWWxETGtYT0JFTjA2MzI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAQg
MA0GCSqGSIb3DQEBCwUAA4IBAQCxoIB/KMt0QDkWRHJzrYo5eCMFaHCDpdPfBD03
UCxnOTEKkqOOI++SoSXm4b+Sgn/HAoQsmVzU5saRE0GNR4LKby4I3HXi5xuj+MUi
BGHPP8fP1ERXT5y2kzj63cfG7y0ARSfb5a3xjEaqOZ08dpHV/8SyLjqGLygjz2wu
vt0+rFM4uHyEMJsE/9iy5leVziaQJn0N+F2ls7vXVveqRJ4n2pkrN0wdjYwPvia/
jiJAC4gYCxPA/0v3Tom2kHNHp8YnaGE4CXAxm0O2uaTbGD0evBRsyI9OYEdCi/nz
FNwP0J98CBmjbOoX3NhDxzqx5Zhy3OF+NJSJ+13BbKy03i7q
-----END CERTIFICATE-----