Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/zN2Q7yrP7KCV-laGc6CR6lxX9OM.roa
File:                     zN2Q7yrP7KCV-laGc6CR6lxX9OM.roa (raw, json)
Hash identifier:          yCR9gPcb6ImK1qlBNlLh69wn5HJNiy+NiuslRW1OBEs=
Subject key identifier:   CC:DD:90:EF:2A:CF:EC:A0:95:FA:56:86:73:A0:91:EA:5C:57:F4:E3
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0190302F27FC70A297559D8B648C78426CE1
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/zN2Q7yrP7KCV-laGc6CR6lxX9OM.roa
Signing time:             Wed 19 Jun 2024 11:08:35 +0000
ROA not before:           Wed 19 Jun 2024 11:08:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212477
IP address blocks:        2a0e:97c0:180::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 04:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:30:2f:27:fc:70:a2:97:55:9d:8b:64:8c:78:42:6c:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun 19 11:08:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccdd90ef2acfeca095fa568673a091ea5c57f4e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:1c:3a:8e:6d:2e:11:73:d1:12:9a:ee:51:b0:
                    08:42:64:fa:ce:85:1d:84:0a:74:80:b7:5c:dc:7b:
                    90:a2:6c:58:29:68:01:ba:18:62:46:41:25:a1:fb:
                    1f:f5:75:46:ef:29:0b:14:05:35:03:15:3d:57:ce:
                    b7:1b:71:4c:04:f6:a6:98:32:43:bf:4c:85:04:9d:
                    bd:c9:d2:50:18:8a:c7:13:7f:e0:dc:6f:83:93:86:
                    49:1d:1a:82:d7:85:88:23:35:21:19:bb:a4:ed:f5:
                    f1:11:8d:9e:1d:c4:be:64:14:b5:40:3b:e6:47:50:
                    23:70:74:a5:4f:93:53:03:06:01:53:b1:48:b2:4c:
                    91:b5:fa:f3:0a:5b:b7:e7:7b:c4:11:40:aa:c2:7e:
                    ad:f6:d2:36:30:ad:22:70:55:21:ad:e7:60:74:56:
                    11:4b:2b:0d:83:99:bf:c5:ae:47:70:a9:10:84:a9:
                    fe:5f:eb:9b:fa:4d:f4:33:56:e3:8c:0d:3e:8e:37:
                    93:4c:c3:ef:cd:08:5e:cb:68:ce:e6:fb:e9:df:70:
                    24:48:4e:68:2b:75:3b:c6:f4:c2:08:fe:9e:f9:67:
                    0c:0d:ce:1c:4a:cd:05:ba:90:00:b1:7a:58:0f:c9:
                    64:e3:20:5a:7f:97:f5:4c:33:50:ca:66:6b:6c:51:
                    fe:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:DD:90:EF:2A:CF:EC:A0:95:FA:56:86:73:A0:91:EA:5C:57:F4:E3
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/zN2Q7yrP7KCV-laGc6CR6lxX9OM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:180::/44

    Signature Algorithm: sha256WithRSAEncryption
         93:0b:16:b0:a6:c9:ec:3b:6d:dd:3b:cb:56:55:89:59:ab:25:
         42:5e:89:97:06:fc:ad:6e:b1:7c:a2:c6:3d:ca:f2:2c:50:4d:
         5e:e2:2e:60:a4:f0:15:55:99:00:e9:dc:9b:bd:07:f3:dd:ab:
         c4:9e:18:c7:71:18:5a:6e:0b:e4:91:5f:1f:86:54:9f:a0:35:
         9a:85:fc:c4:f1:f6:86:c7:af:23:b6:b1:6d:3f:7b:4f:ef:dc:
         da:f5:7a:20:89:46:ae:c6:83:1d:3a:d6:1b:fb:b3:52:90:a9:
         e4:3d:07:e7:67:d2:58:92:c8:96:40:ec:2b:24:56:d2:1a:37:
         9d:c1:a1:ca:3f:a5:69:81:09:fd:3f:ff:17:df:94:6c:d6:49:
         b9:f5:e5:0e:ef:16:eb:81:84:ae:de:88:94:4f:f7:bb:74:f6:
         c3:63:3d:33:1a:e4:9a:82:50:a3:23:f1:8b:7e:8d:97:8f:16:
         44:3a:5d:39:36:7c:9a:d0:13:62:fa:20:e9:d3:c4:18:db:32:
         75:dd:4b:c9:6e:23:c9:0d:38:41:57:0a:37:53:6b:bd:a1:e9:
         01:31:62:dd:4e:3b:2c:16:0b:d8:9e:eb:da:a8:95:a2:4d:3d:
         cb:74:c3:c6:a4:d0:23:be:cf:d4:c8:d6:19:13:b2:7a:10:d2:
         3a:2b:af:d8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAwLyf8cKKXVZ2LZIx4QmzhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNjE5MTEwODM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2RkOTBlZjJhY2ZlY2EwOTVmYTU2ODY3M2EwOTFlYTVjNTdmNGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6hw6jm0uEXPREpruUbAIQmT6zoUd
hAp0gLdc3HuQomxYKWgBuhhiRkElofsf9XVG7ykLFAU1AxU9V863G3FMBPammDJD
v0yFBJ29ydJQGIrHE3/g3G+Dk4ZJHRqC14WIIzUhGbuk7fXxEY2eHcS+ZBS1QDvm
R1AjcHSlT5NTAwYBU7FIskyRtfrzClu353vEEUCqwn6t9tI2MK0icFUhredgdFYR
SysNg5m/xa5HcKkQhKn+X+ub+k30M1bjjA0+jjeTTMPvzQhey2jO5vvp33AkSE5o
K3U7xvTCCP6e+WcMDc4cSs0FupAAsXpYD8lk4yBaf5f1TDNQymZrbFH+qwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMzdkO8qz+yglfpWhnOgkepcV/TjMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvek4yUTd5clA3S0NWLWxhR2M2Q1I2bHhYOU9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAGA
MA0GCSqGSIb3DQEBCwUAA4IBAQCTCxawpsnsO23dO8tWVYlZqyVCXomXBvytbrF8
osY9yvIsUE1e4i5gpPAVVZkA6dybvQfz3avEnhjHcRhabgvkkV8fhlSfoDWahfzE
8faGx68jtrFtP3tP79za9XogiUauxoMdOtYb+7NSkKnkPQfnZ9JYksiWQOwrJFbS
GjedwaHKP6VpgQn9P/8X35Rs1km59eUO7xbrgYSu3oiUT/e7dPbDYz0zGuSaglCj
I/GLfo2XjxZEOl05Nnya0BNi+iDp08QY2zJ13UvJbiPJDThBVwo3U2u9oekBMWLd
TjssFgvYnuvaqJWiTT3LdMPGpNAjvs/UyNYZE7J6ENI6K6/Y
-----END CERTIFICATE-----