Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/ed188a-0fff-4f0f-a26d-251a9c864d26/1/R6suVJh2XHXdDbQWYlnxoc0_mMg.roa
File:                     R6suVJh2XHXdDbQWYlnxoc0_mMg.roa (raw, json)
Hash identifier:          BdjWCXCNkBfXa/7H9ng4ileCPYTenMpUK2GgBRmO2+c=
Subject key identifier:   47:AB:2E:54:98:76:5C:75:DD:0D:B4:16:62:59:F1:A1:CD:3F:98:C8
Certificate issuer:       /CN=b10bf2c6a9f1a42b8acee01259f91f5144ab8af5
Certificate serial:       018D8232FA39F77C1985F2AA7B62C7206007
Authority key identifier: B1:0B:F2:C6:A9:F1:A4:2B:8A:CE:E0:12:59:F9:1F:51:44:AB:8A:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sQvyxqnxpCuKzuASWfkfUUSrivU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/ed188a-0fff-4f0f-a26d-251a9c864d26/1/R6suVJh2XHXdDbQWYlnxoc0_mMg.roa
Signing time:             Wed 07 Feb 2024 06:13:15 +0000
ROA not before:           Wed 07 Feb 2024 06:13:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206947
IP address blocks:        5.63.17.0/24 maxlen: 24
                          2a10:ff00::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/ed188a-0fff-4f0f-a26d-251a9c864d26/1/sQvyxqnxpCuKzuASWfkfUUSrivU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/ed188a-0fff-4f0f-a26d-251a9c864d26/1/sQvyxqnxpCuKzuASWfkfUUSrivU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sQvyxqnxpCuKzuASWfkfUUSrivU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:82:32:fa:39:f7:7c:19:85:f2:aa:7b:62:c7:20:60:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b10bf2c6a9f1a42b8acee01259f91f5144ab8af5
        Validity
            Not Before: Feb  7 06:13:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47ab2e5498765c75dd0db4166259f1a1cd3f98c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:9c:00:c1:57:5c:49:4d:f4:82:14:ef:99:4d:
                    62:66:32:20:34:11:3f:3b:2a:79:3e:4b:69:44:a6:
                    6d:1a:7d:30:fd:69:11:27:2c:23:5e:14:3b:d1:56:
                    fa:68:cf:0a:36:18:df:b1:fd:69:cb:23:e7:2c:cf:
                    4c:64:b7:16:bb:67:b8:87:a1:b2:7c:47:74:00:49:
                    23:38:50:32:35:e7:f5:1f:2b:ef:fe:98:46:f7:e2:
                    81:89:3f:15:6c:9e:0b:73:78:49:bc:78:0a:c7:68:
                    90:2d:14:ad:0d:9f:7d:23:a6:02:28:2b:68:da:c6:
                    bd:06:7d:c9:e9:96:df:e8:09:89:1a:96:cb:93:cc:
                    81:f2:17:a3:13:3b:d2:f2:ce:7e:8e:6c:35:77:57:
                    1c:d9:ea:a5:90:dc:1a:49:42:9e:69:ca:58:88:26:
                    77:c2:a1:7c:c9:75:92:5e:46:96:57:ce:4c:c1:1a:
                    59:da:d6:8e:d9:86:18:46:e9:79:8f:c7:7f:8e:0d:
                    1a:49:8b:5c:7f:68:dd:66:48:37:09:0e:27:a4:94:
                    05:a1:b7:60:4a:df:64:00:21:ad:40:c0:89:9d:4a:
                    d5:e3:8d:50:8e:48:ba:8c:98:80:88:84:17:c9:11:
                    57:7f:a5:3c:15:15:1b:9b:db:56:7c:c5:72:3b:d5:
                    0d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:AB:2E:54:98:76:5C:75:DD:0D:B4:16:62:59:F1:A1:CD:3F:98:C8
            X509v3 Authority Key Identifier:
                keyid:B1:0B:F2:C6:A9:F1:A4:2B:8A:CE:E0:12:59:F9:1F:51:44:AB:8A:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sQvyxqnxpCuKzuASWfkfUUSrivU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/ed188a-0fff-4f0f-a26d-251a9c864d26/1/R6suVJh2XHXdDbQWYlnxoc0_mMg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/ed188a-0fff-4f0f-a26d-251a9c864d26/1/sQvyxqnxpCuKzuASWfkfUUSrivU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.17.0/24
                IPv6:
                  2a10:ff00::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:ea:5d:88:48:74:5b:44:a4:32:c3:a1:96:61:8e:e3:76:08:
         96:e3:ae:b2:d5:73:b7:7e:a8:97:a3:ba:02:2f:21:9a:dc:f9:
         40:a0:6e:9b:7a:d8:f8:8e:83:2d:8c:8d:1a:69:e8:fd:b0:5e:
         fd:64:76:87:b0:10:75:9d:a6:b3:78:b4:12:d5:23:cb:d2:29:
         79:f5:16:09:90:79:29:19:1d:75:ab:ba:00:52:e8:41:c3:7d:
         09:79:e3:6e:64:d5:60:99:d3:8f:b7:75:fc:39:28:5e:11:89:
         19:f5:61:92:ab:65:91:79:72:99:3f:5d:bb:6e:57:e6:ba:63:
         12:01:bb:f0:31:da:df:7b:cc:d7:19:c2:10:7e:4f:c2:71:eb:
         a9:a3:fa:63:e0:47:1e:51:aa:b9:84:61:53:22:b8:73:61:75:
         e4:63:82:59:81:a1:00:b0:45:7b:d1:84:01:f6:1a:05:52:a1:
         94:3e:a5:bf:4e:79:c7:be:40:fb:c7:46:40:34:1f:f4:41:88:
         17:39:a3:22:e5:93:0c:5d:67:6c:7d:d0:2f:16:04:ff:74:dd:
         84:d5:00:e3:c5:fd:8d:6c:28:5f:57:ae:64:49:4d:94:6a:66:
         0b:fa:7c:2a:e7:1f:81:43:3e:ea:9d:e3:df:88:04:2f:38:c7:
         91:ee:78:cc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY2CMvo593wZhfKqe2LHIGAHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxMGJmMmM2YTlmMWE0MmI4YWNlZTAxMjU5ZjkxZjUxNDRh
YjhhZjUwHhcNMjQwMjA3MDYxMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2FiMmU1NDk4NzY1Yzc1ZGQwZGI0MTY2MjU5ZjFhMWNkM2Y5OGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJwAwVdcSU30ghTvmU1iZjIgNBE/
Oyp5PktpRKZtGn0w/WkRJywjXhQ70Vb6aM8KNhjfsf1pyyPnLM9MZLcWu2e4h6Gy
fEd0AEkjOFAyNef1Hyvv/phG9+KBiT8VbJ4Lc3hJvHgKx2iQLRStDZ99I6YCKCto
2sa9Bn3J6Zbf6AmJGpbLk8yB8hejEzvS8s5+jmw1d1cc2eqlkNwaSUKeacpYiCZ3
wqF8yXWSXkaWV85MwRpZ2taO2YYYRul5j8d/jg0aSYtcf2jdZkg3CQ4npJQFobdg
St9kACGtQMCJnUrV441Qjki6jJiAiIQXyRFXf6U8FRUbm9tWfMVyO9UNYQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEerLlSYdlx13Q20FmJZ8aHNP5jIMB8GA1UdIwQY
MBaAFLEL8sap8aQris7gEln5H1FEq4r1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1F2eXhxbnhwQ3VLenVBU1dma2ZVVVNyaXZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9lZDE4OGEtMGZmZi00ZjBmLWEyNmQt
MjUxYTljODY0ZDI2LzEvUjZzdVZKaDJYSFhkRGJRV1lsbnhvYzBfbU1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9lZDE4OGEtMGZmZi00ZjBmLWEyNmQtMjUxYTljODY0ZDI2
LzEvc1F2eXhxbnhwQ3VLenVBU1dma2ZVVVNyaXZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQABT8RMA0E
AgACMAcDBQMqEP8AMA0GCSqGSIb3DQEBCwUAA4IBAQAG6l2ISHRbRKQyw6GWYY7j
dgiW466y1XO3fqiXo7oCLyGa3PlAoG6betj4joMtjI0aaej9sF79ZHaHsBB1naaz
eLQS1SPL0il59RYJkHkpGR11q7oAUuhBw30JeeNuZNVgmdOPt3X8OSheEYkZ9WGS
q2WReXKZP127blfmumMSAbvwMdrfe8zXGcIQfk/Cceupo/pj4EceUaq5hGFTIrhz
YXXkY4JZgaEAsEV70YQB9hoFUqGUPqW/TnnHvkD7x0ZANB/0QYgXOaMi5ZMMXWds
fdAvFgT/dN2E1QDjxf2NbChfV65kSU2UamYL+nwq5x+BQz7qnePfiAQvOMeR7njM
-----END CERTIFICATE-----