Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/qlcMvIDucivibTpx9_zy8mSBJHA.roa
File:                     qlcMvIDucivibTpx9_zy8mSBJHA.roa (raw, json)
Hash identifier:          Md5nxb2hm77wt/R1KKDAhuPOCzIFGegiiVLB/Fw7JX4=
Subject key identifier:   AA:57:0C:BC:80:EE:72:2B:E2:6D:3A:71:F7:FC:F2:F2:64:81:24:70
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0192FC131534D5D572EDC7962F616848DD50
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/qlcMvIDucivibTpx9_zy8mSBJHA.roa
Signing time:             Tue 05 Nov 2024 11:26:01 +0000
ROA not before:           Tue 05 Nov 2024 11:26:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213928
IP address blocks:        2a0e:97c0:190::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:fc:13:15:34:d5:d5:72:ed:c7:96:2f:61:68:48:dd:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Nov  5 11:26:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa570cbc80ee722be26d3a71f7fcf2f264812470
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:29:13:b8:05:b2:71:11:5c:ed:bd:80:b7:f9:
                    d8:09:80:23:f9:df:c1:38:37:3f:65:46:a9:a5:32:
                    89:4d:70:06:f3:e3:1c:a3:6c:0e:68:9b:09:60:b7:
                    36:d3:71:5d:c0:a8:6a:bf:6e:7b:2d:04:68:4e:b0:
                    f5:1d:81:a1:12:6f:04:5f:7f:51:4e:09:d1:36:ad:
                    01:84:98:5c:12:2e:e5:bf:6f:d6:0c:11:0a:e5:ad:
                    0e:b1:ae:12:87:b1:fa:b6:dc:3f:fb:4e:74:51:ca:
                    ca:3c:85:c3:96:33:98:8a:03:f3:a1:3e:37:87:ff:
                    23:6e:e5:11:30:87:ae:3f:1f:96:06:86:e5:e2:5c:
                    af:fe:12:86:2c:1b:f7:2a:e2:5b:be:4e:e9:38:5a:
                    e1:be:01:c0:b7:e5:79:54:7f:fe:c3:ed:fb:d6:6d:
                    fc:3a:f5:fa:e6:65:de:64:14:5c:4d:1c:15:85:19:
                    dc:73:92:d0:74:de:2e:c8:e5:bd:3f:fe:46:26:68:
                    6d:40:f8:85:6c:e1:5b:1b:66:0c:e0:e9:48:9f:7e:
                    5d:06:16:4f:54:fd:ec:a8:33:a3:a5:ee:a4:bb:1c:
                    a0:33:c4:27:31:32:f4:df:86:33:76:93:12:fe:2d:
                    6a:89:d5:f0:cc:27:68:d9:4e:5c:f9:d0:51:06:96:
                    91:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:57:0C:BC:80:EE:72:2B:E2:6D:3A:71:F7:FC:F2:F2:64:81:24:70
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/qlcMvIDucivibTpx9_zy8mSBJHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:190::/44

    Signature Algorithm: sha256WithRSAEncryption
         ac:8c:3f:a6:6f:62:25:6f:09:d5:8f:b9:6b:a2:9e:b0:90:9a:
         81:d3:b3:f4:00:41:d7:9e:94:dd:ca:91:95:a5:0c:02:5b:55:
         12:94:7e:b4:a9:4e:e7:3f:16:04:80:41:cf:71:6b:1b:2e:13:
         d1:04:99:b3:16:28:02:9e:39:51:ac:e9:69:bb:c4:e8:2b:b6:
         0c:4d:35:89:31:f9:d0:27:9b:c0:8d:b8:e6:96:ab:32:af:52:
         4c:d5:a0:13:cd:ea:50:d2:0d:28:29:b8:4e:9f:33:43:2f:92:
         68:28:d8:95:5a:6f:78:b6:d0:16:41:5d:eb:51:ee:fe:3c:8a:
         da:2f:fe:e6:a3:25:b5:d7:3b:ac:d8:4d:53:1e:89:14:e2:c3:
         cb:9c:4e:21:07:8f:ec:51:6b:a8:5f:98:1e:8f:53:91:23:62:
         af:18:df:be:68:1b:1d:e1:f2:43:eb:35:2e:5c:29:15:89:09:
         cb:52:e8:73:db:ab:c3:6b:43:b2:d6:ec:5f:4f:f3:9d:ce:9e:
         8c:23:6f:3a:90:76:56:19:9d:83:52:a6:79:74:a2:be:58:c3:
         85:1c:78:38:47:f7:ce:39:6f:f5:26:98:27:8f:93:02:1d:64:
         41:92:13:a4:ec:79:4b:29:88:11:bb:8a:87:66:26:8d:4f:84:
         73:0d:ad:35
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZL8ExU01dVy7ceWL2FoSN1QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQxMTA1MTEyNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTU3MGNiYzgwZWU3MjJiZTI2ZDNhNzFmN2ZjZjJmMjY0ODEyNDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtikTuAWycRFc7b2At/nYCYAj+d/B
ODc/ZUappTKJTXAG8+Mco2wOaJsJYLc203FdwKhqv257LQRoTrD1HYGhEm8EX39R
TgnRNq0BhJhcEi7lv2/WDBEK5a0Osa4Sh7H6ttw/+050UcrKPIXDljOYigPzoT43
h/8jbuURMIeuPx+WBobl4lyv/hKGLBv3KuJbvk7pOFrhvgHAt+V5VH/+w+371m38
OvX65mXeZBRcTRwVhRncc5LQdN4uyOW9P/5GJmhtQPiFbOFbG2YM4OlIn35dBhZP
VP3sqDOjpe6kuxygM8QnMTL034YzdpMS/i1qidXwzCdo2U5c+dBRBpaRyQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKpXDLyA7nIr4m06cff88vJkgSRwMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvcWxjTXZJRHVjaXZpYlRweDlfenk4bVNCSkhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAGQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCsjD+mb2IlbwnVj7lrop6wkJqB07P0AEHXnpTd
ypGVpQwCW1USlH60qU7nPxYEgEHPcWsbLhPRBJmzFigCnjlRrOlpu8ToK7YMTTWJ
MfnQJ5vAjbjmlqsyr1JM1aATzepQ0g0oKbhOnzNDL5JoKNiVWm94ttAWQV3rUe7+
PIraL/7moyW11zus2E1THokU4sPLnE4hB4/sUWuoX5gej1ORI2KvGN++aBsd4fJD
6zUuXCkViQnLUuhz26vDa0Oy1uxfT/Odzp6MI286kHZWGZ2DUqZ5dKK+WMOFHHg4
R/fOOW/1Jpgnj5MCHWRBkhOk7HlLKYgRu4qHZiaNT4RzDa01
-----END CERTIFICATE-----