Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5EfyjBCxJPImWMyzzNxZHqw0wo4.roa
File:                     5EfyjBCxJPImWMyzzNxZHqw0wo4.roa (raw, json)
Hash identifier:          n+HFZBh6N6BSEedOiNKhrkjQH6EHH6KzBEbziPUAr+k=
Subject key identifier:   E4:47:F2:8C:10:B1:24:F2:26:58:CC:B3:CC:DC:59:1E:AC:34:C2:8E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD221D295516C0384249422E068111
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5EfyjBCxJPImWMyzzNxZHqw0wo4.roa
Signing time:             Tue 02 Jan 2024 10:34:24 +0000
ROA not before:           Tue 02 Jan 2024 10:34:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210074
IP address blocks:        2a10:2f00:17b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:22:1d:29:55:16:c0:38:42:49:42:2e:06:81:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e447f28c10b124f22658ccb3ccdc591eac34c28e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:12:63:8f:fc:fa:7d:1f:89:c5:4f:73:8c:9f:
                    0b:a0:2a:9c:f7:b6:45:28:79:92:5f:fa:d3:a8:e1:
                    93:b3:d7:1d:d7:e7:b8:44:04:ba:43:80:87:91:b0:
                    8e:7a:95:cf:86:81:26:1b:a6:ce:3c:ba:af:47:24:
                    46:0d:76:4e:91:5c:d7:0a:87:fe:a5:d7:8e:3f:04:
                    01:89:86:56:02:42:38:ed:eb:41:1b:d1:4a:0d:7c:
                    99:1a:24:2a:89:98:7a:a9:30:62:ff:8e:88:fa:3f:
                    d5:fc:ee:34:bb:de:c6:53:8a:3f:a4:9b:ac:3f:6c:
                    52:26:c5:bb:c4:ab:f8:e1:19:1c:91:41:9e:10:a4:
                    57:d5:42:05:95:44:3d:87:c5:1b:e5:33:02:24:2a:
                    37:98:15:f5:85:2b:6d:2d:e2:0a:fe:56:e7:bf:33:
                    5d:23:6e:6e:f5:27:82:18:95:e5:cd:ee:5d:af:e4:
                    6a:af:09:c1:93:8e:9e:1a:b4:4f:c0:bd:35:c5:33:
                    b3:c9:61:99:05:49:2a:3c:89:94:8a:12:16:59:f3:
                    ce:1d:72:6d:05:c6:13:05:11:02:c5:83:53:ed:d3:
                    ae:6b:77:47:d9:61:74:01:af:33:d9:19:3d:7e:6d:
                    df:dd:44:39:8e:8a:3f:f5:08:76:c2:b0:a6:af:89:
                    c6:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:47:F2:8C:10:B1:24:F2:26:58:CC:B3:CC:DC:59:1E:AC:34:C2:8E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5EfyjBCxJPImWMyzzNxZHqw0wo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:17b::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:71:6f:2a:da:0f:05:51:55:f5:01:70:33:b0:9b:ab:59:b4:
         78:57:82:d8:d6:b4:3a:bc:f8:75:c4:47:d4:b9:35:0b:81:74:
         9e:a1:ef:c8:4a:b7:70:56:3f:9f:74:58:cb:a1:4b:43:35:02:
         d2:ad:e7:6f:68:7d:b3:fc:b7:78:10:5a:2f:2f:63:89:35:d8:
         76:a7:e0:46:58:bb:d9:87:af:ce:bc:2a:63:55:bd:df:aa:48:
         16:30:a6:18:f5:30:2e:76:39:57:29:bf:e3:14:40:8f:72:7d:
         01:76:94:dc:a8:3a:36:ca:60:5a:0b:44:bb:57:38:5c:02:b9:
         97:7e:b7:d5:40:ac:f2:6b:55:05:8a:40:46:98:da:98:90:d4:
         76:2b:e6:a9:69:51:96:9e:9c:2e:e3:86:cc:2d:ab:4e:25:09:
         c5:da:9e:83:bb:6d:23:2d:a2:18:65:3a:bd:29:9c:f9:4a:24:
         17:27:49:18:a2:c5:14:06:1c:b2:3b:f5:56:08:c7:33:0b:ea:
         71:12:79:9e:15:8e:f3:37:85:de:fb:0c:0b:f3:00:2c:63:49:
         79:93:cd:83:50:9e:52:08:35:7d:2a:cb:b7:6c:d0:8c:32:84:
         26:3d:d0:85:5e:63:b7:3a:ca:58:f7:0c:b0:09:de:13:6f:1a:
         e7:1e:77:17
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvSIdKVUWwDhCSUIuBoERMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDQ3ZjI4YzEwYjEyNGYyMjY1OGNjYjNjY2RjNTkxZWFjMzRjMjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgRJjj/z6fR+JxU9zjJ8LoCqc97ZF
KHmSX/rTqOGTs9cd1+e4RAS6Q4CHkbCOepXPhoEmG6bOPLqvRyRGDXZOkVzXCof+
pdeOPwQBiYZWAkI47etBG9FKDXyZGiQqiZh6qTBi/46I+j/V/O40u97GU4o/pJus
P2xSJsW7xKv44RkckUGeEKRX1UIFlUQ9h8Ub5TMCJCo3mBX1hSttLeIK/lbnvzNd
I25u9SeCGJXlze5dr+RqrwnBk46eGrRPwL01xTOzyWGZBUkqPImUihIWWfPOHXJt
BcYTBRECxYNT7dOua3dH2WF0Aa8z2Rk9fm3f3UQ5joo/9Qh2wrCmr4nGWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFORH8owQsSTyJljMs8zcWR6sNMKOMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNUVmeWpCQ3hKUEltV015enpOeFpIcXcwd280LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAF7
MA0GCSqGSIb3DQEBCwUAA4IBAQApcW8q2g8FUVX1AXAzsJurWbR4V4LY1rQ6vPh1
xEfUuTULgXSeoe/ISrdwVj+fdFjLoUtDNQLSredvaH2z/Ld4EFovL2OJNdh2p+BG
WLvZh6/OvCpjVb3fqkgWMKYY9TAudjlXKb/jFECPcn0BdpTcqDo2ymBaC0S7Vzhc
ArmXfrfVQKzya1UFikBGmNqYkNR2K+apaVGWnpwu44bMLatOJQnF2p6Du20jLaIY
ZTq9KZz5SiQXJ0kYosUUBhyyO/VWCMczC+pxEnmeFY7zN4Xe+wwL8wAsY0l5k82D
UJ5SCDV9Ksu3bNCMMoQmPdCFXmO3OspY9wywCd4TbxrnHncX
-----END CERTIFICATE-----