Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/q166g0BhUBoCRA7--Vazvtg6hvA.roa
File:                     q166g0BhUBoCRA7--Vazvtg6hvA.roa (raw, json)
Hash identifier:          +QzDrfWMTV2cLU+Khtvp6dvDbdhBaE0iM58Rthgof0k=
Subject key identifier:   AB:5E:BA:83:40:61:50:1A:02:44:0E:FE:F9:56:B3:BE:D8:3A:86:F0
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0191377CB5582DD90443226FC5397709B78B
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/q166g0BhUBoCRA7--Vazvtg6hvA.roa
Signing time:             Fri 09 Aug 2024 14:13:25 +0000
ROA not before:           Fri 09 Aug 2024 14:13:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214383
IP address blocks:        2a0e:97c0:a80::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:37:7c:b5:58:2d:d9:04:43:22:6f:c5:39:77:09:b7:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Aug  9 14:13:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab5eba834061501a02440efef956b3bed83a86f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:a5:b9:4d:6d:66:f0:98:24:e5:86:10:ea:0c:
                    7b:79:6f:dd:71:c2:bd:94:f1:7b:4c:0c:08:91:94:
                    c8:d8:77:60:3d:94:39:3b:2f:51:05:5c:fc:5f:6c:
                    8c:c4:ed:95:8f:d6:13:eb:b7:6d:16:53:95:4b:3d:
                    38:ba:3e:6d:f8:32:20:90:44:a8:98:20:26:94:87:
                    81:bf:b7:6b:93:2e:57:e0:98:b9:9a:6b:7b:f7:1c:
                    7f:8c:7e:e9:60:fa:9d:a2:b7:2a:c2:bb:6a:e9:1e:
                    0b:86:b1:f0:51:b6:1d:4c:82:57:04:04:fb:cf:be:
                    69:12:bf:0e:41:62:02:0d:7c:88:1e:f4:c1:a1:2e:
                    90:11:7a:a3:b7:01:c7:91:0a:99:ef:e5:5b:b5:39:
                    b0:72:71:4e:69:73:d6:eb:3e:8b:03:6a:8c:31:b3:
                    02:d8:67:19:ef:e5:1e:0e:05:84:d0:10:01:bd:af:
                    bc:93:5d:f3:51:48:f1:84:07:d8:c4:23:d5:7b:dc:
                    f9:bc:b0:be:10:77:3e:50:b4:87:0f:b6:1f:81:00:
                    4a:9e:13:74:f2:03:d9:39:2d:8c:68:0e:15:43:e7:
                    4c:0b:b4:24:ef:72:44:ca:c8:6e:59:a4:e8:84:48:
                    c2:dc:9e:88:8d:e1:10:6b:d0:37:bf:03:53:1e:8a:
                    94:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:5E:BA:83:40:61:50:1A:02:44:0E:FE:F9:56:B3:BE:D8:3A:86:F0
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/q166g0BhUBoCRA7--Vazvtg6hvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:a80::/44

    Signature Algorithm: sha256WithRSAEncryption
         c5:8a:6d:78:28:77:33:94:42:f1:00:81:de:98:cd:dd:38:de:
         f1:d8:b7:a0:69:2b:29:4a:2f:10:2f:91:35:b3:a1:b4:59:1c:
         74:1a:77:f1:e8:77:89:a4:0f:0a:d2:e1:23:75:2b:4b:7b:f5:
         f9:4a:47:45:30:12:dd:ca:73:62:0e:13:93:5b:ff:d3:1e:5e:
         bf:2d:86:bb:55:d1:97:5d:38:79:94:71:e8:6b:30:41:f0:24:
         34:d7:34:e0:51:e5:b0:eb:82:d0:dd:17:f5:6d:5c:51:02:ef:
         98:f3:c7:6e:66:98:c5:28:80:b7:dc:bd:2c:2c:b1:95:14:25:
         07:34:45:f2:b2:a5:4f:79:30:67:3f:c9:c1:45:e8:75:de:80:
         29:5d:99:9e:4f:9f:15:a7:be:05:32:5d:58:87:ac:7e:1c:1a:
         96:52:18:2a:a1:7d:3f:8c:c7:78:f8:38:15:0b:ca:e3:45:f3:
         dc:69:99:c1:61:96:24:83:7a:5c:4e:8c:cc:3c:46:34:7f:85:
         6f:4a:42:b6:6c:57:e5:ef:b7:ff:57:69:26:c4:fc:61:2a:d1:
         65:39:47:f3:98:a6:f2:bf:85:85:e6:b4:8c:8a:e5:0e:6d:08:
         2f:c4:db:f9:03:a9:99:23:9c:15:87:9a:75:82:da:e0:22:7d:
         96:9a:45:cb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZE3fLVYLdkEQyJvxTl3CbeLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwODA5MTQxMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjVlYmE4MzQwNjE1MDFhMDI0NDBlZmVmOTU2YjNiZWQ4M2E4NmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiaW5TW1m8Jgk5YYQ6gx7eW/dccK9
lPF7TAwIkZTI2HdgPZQ5Oy9RBVz8X2yMxO2Vj9YT67dtFlOVSz04uj5t+DIgkESo
mCAmlIeBv7drky5X4Ji5mmt79xx/jH7pYPqdorcqwrtq6R4LhrHwUbYdTIJXBAT7
z75pEr8OQWICDXyIHvTBoS6QEXqjtwHHkQqZ7+VbtTmwcnFOaXPW6z6LA2qMMbMC
2GcZ7+UeDgWE0BABva+8k13zUUjxhAfYxCPVe9z5vLC+EHc+ULSHD7YfgQBKnhN0
8gPZOS2MaA4VQ+dMC7Qk73JEyshuWaTohEjC3J6IjeEQa9A3vwNTHoqUawIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKteuoNAYVAaAkQO/vlWs77YOobwMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvcTE2NmcwQmhVQm9DUkE3LS1WYXp2dGc2aHZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAqA
MA0GCSqGSIb3DQEBCwUAA4IBAQDFim14KHczlELxAIHemM3dON7x2LegaSspSi8Q
L5E1s6G0WRx0Gnfx6HeJpA8K0uEjdStLe/X5SkdFMBLdynNiDhOTW//THl6/LYa7
VdGXXTh5lHHoazBB8CQ01zTgUeWw64LQ3Rf1bVxRAu+Y88duZpjFKIC33L0sLLGV
FCUHNEXysqVPeTBnP8nBReh13oApXZmeT58Vp74FMl1Yh6x+HBqWUhgqoX0/jMd4
+DgVC8rjRfPcaZnBYZYkg3pcTozMPEY0f4VvSkK2bFfl77f/V2kmxPxhKtFlOUfz
mKbyv4WF5rSMiuUObQgvxNv5A6mZI5wVh5p1gtrgIn2WmkXL
-----END CERTIFICATE-----