Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8qlYm6Esd9iFXvOPddVFdBlGHQ8.roa
File:                     8qlYm6Esd9iFXvOPddVFdBlGHQ8.roa (raw, json)
Hash identifier:          CnowzkDGuUnkDbCCwxtsDcqe4DV4FhCl6qmNShfWPLs=
Subject key identifier:   F2:A9:58:9B:A1:2C:77:D8:85:5E:F3:8F:75:D5:45:74:19:46:1D:0F
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD4B6902B61F4AF1F1318F62405970
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8qlYm6Esd9iFXvOPddVFdBlGHQ8.roa
Signing time:             Tue 02 Jan 2024 10:34:35 +0000
ROA not before:           Tue 02 Jan 2024 10:34:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213069
IP address blocks:        2a10:2f00:13a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:4b:69:02:b6:1f:4a:f1:f1:31:8f:62:40:59:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2a9589ba12c77d8855ef38f75d5457419461d0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:90:b9:0e:10:69:a1:bc:68:25:2e:5f:2c:00:
                    6b:59:d2:18:75:0c:40:08:a3:e1:20:65:c5:0d:c9:
                    66:51:ef:0f:3a:ec:1f:0d:f3:f9:54:cf:62:c0:00:
                    36:64:17:50:f2:0c:b0:fd:59:0d:af:08:46:51:8e:
                    ba:ae:67:9c:02:c8:e5:f5:17:73:9a:10:dd:7f:7a:
                    96:de:52:39:a4:34:77:25:c9:92:7a:ae:fb:e0:e2:
                    09:84:b0:fc:19:82:32:f0:fb:72:df:e7:68:0e:cb:
                    2c:9f:d9:dc:e1:36:c6:1d:6a:07:33:00:05:77:b5:
                    54:38:dc:9e:5d:3e:2b:8d:c5:e5:ba:86:95:e7:2a:
                    7d:e5:8f:0b:3c:67:12:30:c7:ec:63:0d:b8:2f:bc:
                    dd:80:d6:69:a7:9f:bb:b1:7a:6a:78:e9:dc:3e:c9:
                    45:2e:03:d5:aa:79:0e:a6:32:4d:11:ec:8c:d1:97:
                    ed:c6:e1:32:59:9d:24:ef:e8:34:c9:bb:16:cc:ba:
                    f8:d0:92:74:a5:e8:97:16:cd:e3:90:5b:7a:8b:a7:
                    35:6b:42:6c:a2:ee:16:67:41:73:ac:3e:f6:81:39:
                    20:4d:0c:e9:76:c9:bd:89:32:07:32:82:5d:4f:84:
                    a4:19:11:99:02:9e:8f:65:e1:8c:c3:a1:2b:12:dc:
                    4c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:A9:58:9B:A1:2C:77:D8:85:5E:F3:8F:75:D5:45:74:19:46:1D:0F
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8qlYm6Esd9iFXvOPddVFdBlGHQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:13a::/48

    Signature Algorithm: sha256WithRSAEncryption
         cb:ef:20:0d:b8:1e:77:dc:52:68:68:15:58:ef:2f:a1:7a:77:
         19:ba:75:1a:15:af:6d:f7:d3:4f:9a:72:4f:01:ec:bc:6b:8c:
         f3:f7:1b:f2:c8:65:39:e6:b5:c0:fe:01:19:9e:74:61:b7:47:
         24:45:81:12:bf:c6:af:48:29:cd:6f:db:93:e0:81:eb:f5:72:
         d0:de:48:6e:3b:bc:dd:67:57:38:ab:09:b9:33:42:48:f6:f8:
         d1:c5:6c:ab:7c:64:e3:d1:ab:a6:a1:79:11:88:97:c7:b3:4c:
         3d:3e:bc:e9:a6:67:2f:d6:8d:73:f4:53:5a:55:4c:5c:bc:ec:
         55:5c:67:c8:ce:69:a2:4e:59:c5:b0:fe:c5:80:5b:95:0a:c0:
         4e:98:0a:85:ae:6d:7d:a6:2c:2f:ae:40:12:1a:1d:52:27:d7:
         34:b6:2f:19:50:68:1a:a9:9d:eb:d7:8a:36:a0:71:6b:ab:30:
         2c:b6:9d:19:35:76:de:92:83:06:5f:db:9e:55:fe:1f:a4:d4:
         a6:ce:1b:1d:2a:4e:f5:94:5e:d7:c7:fb:35:62:a3:c6:a7:82:
         4a:2d:47:d9:bd:0e:1f:b5:22:b0:16:b4:fe:f9:17:21:3b:83:
         14:13:88:94:fb:1a:34:39:ac:3a:2b:aa:df:d6:e4:ad:e1:40:
         37:bb:dd:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvUtpArYfSvHxMY9iQFlwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmE5NTg5YmExMmM3N2Q4ODU1ZWYzOGY3NWQ1NDU3NDE5NDYxZDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ZC5DhBpobxoJS5fLABrWdIYdQxA
CKPhIGXFDclmUe8POuwfDfP5VM9iwAA2ZBdQ8gyw/VkNrwhGUY66rmecAsjl9Rdz
mhDdf3qW3lI5pDR3JcmSeq774OIJhLD8GYIy8Pty3+doDsssn9nc4TbGHWoHMwAF
d7VUONyeXT4rjcXluoaV5yp95Y8LPGcSMMfsYw24L7zdgNZpp5+7sXpqeOncPslF
LgPVqnkOpjJNEeyM0ZftxuEyWZ0k7+g0ybsWzLr40JJ0peiXFs3jkFt6i6c1a0Js
ou4WZ0FzrD72gTkgTQzpdsm9iTIHMoJdT4SkGRGZAp6PZeGMw6ErEtxMDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPKpWJuhLHfYhV7zj3XVRXQZRh0PMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOHFsWW02RXNkOWlGWHZPUGRkVkZkQmxHSFE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAE6
MA0GCSqGSIb3DQEBCwUAA4IBAQDL7yANuB533FJoaBVY7y+hencZunUaFa9t99NP
mnJPAey8a4zz9xvyyGU55rXA/gEZnnRht0ckRYESv8avSCnNb9uT4IHr9XLQ3khu
O7zdZ1c4qwm5M0JI9vjRxWyrfGTj0aumoXkRiJfHs0w9Przppmcv1o1z9FNaVUxc
vOxVXGfIzmmiTlnFsP7FgFuVCsBOmAqFrm19piwvrkASGh1SJ9c0ti8ZUGgaqZ3r
14o2oHFrqzAstp0ZNXbekoMGX9ueVf4fpNSmzhsdKk71lF7Xx/s1YqPGp4JKLUfZ
vQ4ftSKwFrT++RchO4MUE4iU+xo0Oaw6K6rf1uSt4UA3u92k
-----END CERTIFICATE-----