Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5p-o6KIocU94EX4d8Mc-i7D9gb0.roa
File:                     5p-o6KIocU94EX4d8Mc-i7D9gb0.roa (raw, json)
Hash identifier:          KgS0Si2EZC7wSGl/KLyV3vCJuKKFgox495ooyHWmBRQ=
Subject key identifier:   E6:9F:A8:E8:A2:28:71:4F:78:11:7E:1D:F0:C7:3E:8B:B0:FD:81:BD
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425223C58BF5FBAD0B4D2C32508805959
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5p-o6KIocU94EX4d8Mc-i7D9gb0.roa
Signing time:             Thu 02 Jan 2025 03:49:48 +0000
ROA not before:           Thu 02 Jan 2025 03:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210074
IP address blocks:        2a10:2f00:17b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:3c:58:bf:5f:ba:d0:b4:d2:c3:25:08:80:59:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e69fa8e8a228714f78117e1df0c73e8bb0fd81bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2b:df:b5:f9:f0:f4:40:52:cc:67:1b:01:02:
                    df:5d:1d:94:40:40:7f:9e:2f:4a:84:2e:b6:d5:a6:
                    8d:50:89:d9:cd:96:78:c6:e7:9a:99:47:23:f4:7a:
                    7a:c2:2e:c8:4a:7b:a7:bb:ff:e7:a4:2b:be:5f:51:
                    28:ad:47:5e:71:ba:03:cb:c0:2e:28:3f:ef:2e:29:
                    42:63:32:04:72:22:23:8a:32:74:4a:ed:6f:b7:84:
                    db:e1:c9:7d:c7:6b:36:00:fe:c5:bb:ee:66:2f:6d:
                    8a:a5:c9:5c:42:f8:cf:97:a1:a2:25:60:4f:8c:aa:
                    5a:ca:d6:93:ec:d7:12:00:ff:b6:4c:8e:3a:34:17:
                    6c:72:10:3d:89:c6:95:88:38:3f:f0:d1:fe:06:e5:
                    65:ee:41:9f:bf:32:0d:b9:f4:b0:db:44:d1:b2:da:
                    34:fc:b8:60:aa:0e:5d:d1:98:12:e3:d8:15:65:1a:
                    32:54:09:62:60:69:02:c4:cf:1d:d8:d9:0d:50:97:
                    bc:35:68:f3:01:6d:d9:3e:17:ad:54:e6:e0:93:6f:
                    82:7a:79:7e:97:2e:94:62:96:b8:1f:1a:3e:9b:2c:
                    3e:45:0a:d1:0e:03:bb:4e:1c:cc:45:65:a4:9e:3e:
                    36:50:e7:7b:38:2a:29:5e:6a:e8:01:c0:84:78:51:
                    cf:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:9F:A8:E8:A2:28:71:4F:78:11:7E:1D:F0:C7:3E:8B:B0:FD:81:BD
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5p-o6KIocU94EX4d8Mc-i7D9gb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:17b::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:c3:b8:c3:90:42:44:35:41:11:1e:13:f3:76:1f:35:e4:88:
         4c:14:23:58:9d:c7:f4:72:8b:80:e9:ea:77:55:ec:87:35:e2:
         d4:c9:6b:a1:1d:af:59:bd:2f:95:39:f2:d6:78:df:1c:a6:74:
         bb:bc:62:da:25:95:50:86:55:72:c2:07:b3:8e:42:a7:e3:17:
         3f:b7:a8:da:3e:f4:ca:76:ff:e5:32:e7:05:ef:ce:c2:a1:c0:
         fc:0b:76:0a:df:e2:20:d5:0b:5d:6b:fe:88:6f:16:39:05:ec:
         40:b2:64:09:04:ad:51:cf:6c:79:11:0e:bd:c8:1e:ce:1c:11:
         50:34:17:1e:07:5d:b4:53:11:3e:c4:44:3b:53:e5:af:47:90:
         95:0e:1f:63:1b:61:3e:ea:9d:35:08:19:ea:ae:15:8e:0d:87:
         7f:06:ff:94:6c:67:8e:2c:b1:0d:19:5e:9e:11:3c:7c:47:b2:
         cc:35:c5:6e:dc:db:23:68:54:a0:b7:92:49:00:ea:d0:b1:05:
         6a:b0:5c:1f:f4:13:79:da:39:1f:03:b6:38:d6:a8:0c:00:8c:
         8b:b2:af:22:46:7d:bd:94:a6:87:9c:fc:f4:f8:89:2b:c6:75:
         c8:4f:6c:f0:7d:d8:9c:dc:7f:3e:11:45:cd:99:e6:d2:f7:08:
         fa:05:7d:da
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIjxYv1+60LTSwyUIgFlZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjlmYThlOGEyMjg3MTRmNzgxMTdlMWRmMGM3M2U4YmIwZmQ4MWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsivftfnw9EBSzGcbAQLfXR2UQEB/
ni9KhC621aaNUInZzZZ4xueamUcj9Hp6wi7ISnunu//npCu+X1EorUdecboDy8Au
KD/vLilCYzIEciIjijJ0Su1vt4Tb4cl9x2s2AP7Fu+5mL22KpclcQvjPl6GiJWBP
jKpaytaT7NcSAP+2TI46NBdschA9icaViDg/8NH+BuVl7kGfvzINufSw20TRsto0
/Lhgqg5d0ZgS49gVZRoyVAliYGkCxM8d2NkNUJe8NWjzAW3ZPhetVObgk2+Cenl+
ly6UYpa4Hxo+myw+RQrRDgO7ThzMRWWknj42UOd7OCopXmroAcCEeFHPawIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOafqOiiKHFPeBF+HfDHPouw/YG9MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNXAtbzZLSW9jVTk0RVg0ZDhNYy1pN0Q5Z2IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAF7
MA0GCSqGSIb3DQEBCwUAA4IBAQBow7jDkEJENUERHhPzdh815IhMFCNYncf0couA
6ep3VeyHNeLUyWuhHa9ZvS+VOfLWeN8cpnS7vGLaJZVQhlVywgezjkKn4xc/t6ja
PvTKdv/lMucF787CocD8C3YK3+Ig1Qtda/6IbxY5BexAsmQJBK1Rz2x5EQ69yB7O
HBFQNBceB120UxE+xEQ7U+WvR5CVDh9jG2E+6p01CBnqrhWODYd/Bv+UbGeOLLEN
GV6eETx8R7LMNcVu3NsjaFSgt5JJAOrQsQVqsFwf9BN52jkfA7Y41qgMAIyLsq8i
Rn29lKaHnPz0+IkrxnXIT2zwfdic3H8+EUXNmebS9wj6BX3a
-----END CERTIFICATE-----