Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/zsNlLVWeWoquEvAXefhr9zJ6OWY.roa
File:                     zsNlLVWeWoquEvAXefhr9zJ6OWY.roa (raw, json)
Hash identifier:          T9Nmqm2IZC9OKvnMGQqyfoakE17zYKG7r4QIEELgW70=
Subject key identifier:   CE:C3:65:2D:55:9E:5A:8A:AE:12:F0:17:79:F8:6B:F7:32:7A:39:66
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01926670AB68556C4626ABF916323CFA2B8D
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/zsNlLVWeWoquEvAXefhr9zJ6OWY.roa
Signing time:             Mon 07 Oct 2024 10:05:12 +0000
ROA not before:           Mon 07 Oct 2024 10:05:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215015
IP address blocks:        2a0e:97c0:260::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:66:70:ab:68:55:6c:46:26:ab:f9:16:32:3c:fa:2b:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Oct  7 10:05:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cec3652d559e5a8aae12f01779f86bf7327a3966
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:21:ad:92:68:96:e6:f0:14:00:97:c7:a3:3d:
                    db:0a:f5:dd:da:c1:20:25:78:a8:a2:2b:1d:7c:2a:
                    6d:bf:0b:38:9e:87:d1:f0:78:51:91:85:8f:29:9e:
                    b4:54:7f:23:d8:b1:c4:38:ce:81:c2:81:10:f9:75:
                    dc:12:57:35:a2:6c:e7:55:4b:5c:78:e8:ac:07:f0:
                    c1:2d:d0:b9:3a:ea:92:77:94:bb:46:72:27:35:bd:
                    4e:2b:aa:a7:eb:6f:61:34:a3:35:02:50:61:03:6b:
                    7c:83:13:cf:f0:65:c6:0c:85:0d:d9:a6:dc:69:98:
                    25:ec:5b:ad:fe:ae:b4:1f:ac:9d:96:dd:40:e0:dc:
                    52:39:2c:28:88:2f:db:a0:3b:e8:f4:37:da:08:b7:
                    5e:f1:08:c8:2e:5c:cc:68:92:b0:2d:f6:6d:03:59:
                    e0:ea:fc:89:ad:10:9f:d8:71:5e:d2:61:f1:5e:68:
                    a7:14:bd:d8:46:2c:35:c6:db:0e:39:00:5c:b2:56:
                    17:d7:7f:ef:eb:dd:6b:5d:1b:d6:42:31:fe:b8:7a:
                    d6:b6:bc:17:af:69:a5:69:a3:6b:cb:c8:92:88:e0:
                    c0:c4:60:d8:85:0c:76:5d:5b:90:d8:c1:97:7e:02:
                    6f:3d:d4:d5:87:75:94:50:f4:ac:3b:9a:69:3a:b5:
                    9a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:C3:65:2D:55:9E:5A:8A:AE:12:F0:17:79:F8:6B:F7:32:7A:39:66
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/zsNlLVWeWoquEvAXefhr9zJ6OWY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:260::/44

    Signature Algorithm: sha256WithRSAEncryption
         4c:d6:80:15:61:03:cb:16:7f:bc:3c:e5:27:da:03:35:25:53:
         43:7d:0a:ff:b3:bc:0e:ae:bd:6d:3f:76:04:ca:11:04:00:72:
         8d:78:41:56:2c:b2:62:59:89:f1:b1:07:cd:16:89:82:1b:cf:
         87:5e:43:e6:d3:be:01:db:70:d2:cc:b3:b6:c6:5a:6a:26:d6:
         75:8f:48:e0:37:49:d4:d0:76:14:ac:ff:5b:e3:48:53:5e:53:
         89:17:6f:d3:1e:50:41:3a:e1:00:5e:bd:f8:85:77:ab:14:bc:
         3c:a5:f8:39:c0:c3:9a:1c:e5:3f:6a:e8:00:dd:11:bc:80:b2:
         fc:b4:41:a1:f8:9d:be:62:6c:5a:1a:49:21:50:9c:1e:0e:f5:
         7e:d5:4a:59:56:7f:40:97:0b:29:f0:25:66:03:6f:4c:b4:30:
         30:a8:bd:9d:93:6a:d1:e5:47:30:bb:90:0b:94:9a:b6:d8:77:
         21:01:10:94:65:47:2c:df:f9:f1:10:c7:55:0e:5a:8b:b5:d0:
         91:16:c1:1f:b8:6b:d8:c6:7b:41:bc:83:6c:d2:6d:9f:5d:e7:
         db:0b:dc:84:93:f8:13:ef:a9:b9:31:8a:70:a1:11:e4:ae:d1:
         ad:d0:37:97:08:c9:25:de:cb:7b:08:a3:3f:d3:f5:0e:e8:56:
         74:aa:e5:8d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZJmcKtoVWxGJqv5FjI8+iuNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQxMDA3MTAwNTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWMzNjUyZDU1OWU1YThhYWUxMmYwMTc3OWY4NmJmNzMyN2EzOTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyCGtkmiW5vAUAJfHoz3bCvXd2sEg
JXiooisdfCptvws4nofR8HhRkYWPKZ60VH8j2LHEOM6BwoEQ+XXcElc1omznVUtc
eOisB/DBLdC5OuqSd5S7RnInNb1OK6qn629hNKM1AlBhA2t8gxPP8GXGDIUN2abc
aZgl7Fut/q60H6ydlt1A4NxSOSwoiC/boDvo9DfaCLde8QjILlzMaJKwLfZtA1ng
6vyJrRCf2HFe0mHxXminFL3YRiw1xtsOOQBcslYX13/v691rXRvWQjH+uHrWtrwX
r2mlaaNry8iSiODAxGDYhQx2XVuQ2MGXfgJvPdTVh3WUUPSsO5ppOrWaCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM7DZS1VnlqKrhLwF3n4a/cyejlmMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvenNObExWV2VXb3F1RXZBWGVmaHI5eko2T1dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAJg
MA0GCSqGSIb3DQEBCwUAA4IBAQBM1oAVYQPLFn+8POUn2gM1JVNDfQr/s7wOrr1t
P3YEyhEEAHKNeEFWLLJiWYnxsQfNFomCG8+HXkPm074B23DSzLO2xlpqJtZ1j0jg
N0nU0HYUrP9b40hTXlOJF2/THlBBOuEAXr34hXerFLw8pfg5wMOaHOU/augA3RG8
gLL8tEGh+J2+YmxaGkkhUJweDvV+1UpZVn9Alwsp8CVmA29MtDAwqL2dk2rR5Ucw
u5ALlJq22HchARCUZUcs3/nxEMdVDlqLtdCRFsEfuGvYxntBvINs0m2fXefbC9yE
k/gT76m5MYpwoRHkrtGt0DeXCMkl3st7CKM/0/UO6FZ0quWN
-----END CERTIFICATE-----