Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8zYqu7A3UgH2RLeb0As08OuLU78.roa
File:                     8zYqu7A3UgH2RLeb0As08OuLU78.roa (raw, json)
Hash identifier:          53G9Raqiw7CD247p8Fw5XVOOvLhb5ejGX8xXl+E5dBg=
Subject key identifier:   F3:36:2A:BB:B0:37:52:01:F6:44:B7:9B:D0:0B:34:F0:EB:8B:53:BF
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01905BE9FE797FED0F949789438FC83CEE2D
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8zYqu7A3UgH2RLeb0As08OuLU78.roa
Signing time:             Thu 27 Jun 2024 22:56:19 +0000
ROA not before:           Thu 27 Jun 2024 22:56:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212194
IP address blocks:        2a10:2f00:15f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5b:e9:fe:79:7f:ed:0f:94:97:89:43:8f:c8:3c:ee:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun 27 22:56:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3362abbb0375201f644b79bd00b34f0eb8b53bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:9d:eb:79:2e:04:e8:d5:39:e8:5e:7e:29:72:
                    01:28:a3:f6:ae:c2:3e:45:57:7b:a7:f4:66:00:61:
                    b0:52:1c:ef:52:c0:b1:e5:54:e2:b9:5b:b8:fb:6d:
                    41:1f:65:1c:87:4d:b5:ff:ee:de:4c:62:59:b7:d3:
                    29:6b:ef:31:01:b3:4f:2f:da:ed:58:83:26:24:0c:
                    40:64:7a:c2:de:f7:42:77:db:9c:1f:50:9f:95:be:
                    d2:de:bd:38:c9:ed:23:57:e2:49:12:91:34:77:63:
                    22:60:a2:eb:c4:82:97:f8:6b:0d:bc:f7:45:93:4a:
                    6f:4d:25:85:77:f0:a9:6a:88:58:35:57:91:68:f0:
                    99:4d:e6:c3:e5:aa:e1:f8:38:83:c1:fa:c9:aa:35:
                    c7:27:01:e8:75:b6:8b:a1:ba:4d:05:b5:bb:61:a1:
                    a5:cd:5c:cb:ea:db:18:18:5c:97:b3:a9:a7:d0:17:
                    9f:16:91:07:2f:37:04:82:55:f8:76:89:5d:a1:7f:
                    51:8b:7d:fd:48:fd:e7:42:7f:e8:fa:af:f9:c0:fd:
                    b3:6e:0b:51:a7:1a:ac:50:d5:1a:b3:fc:bf:4f:f7:
                    31:78:de:a1:a2:d1:83:f5:61:79:72:63:5e:45:14:
                    5d:8d:2b:e5:07:fd:08:ad:19:07:86:23:5a:28:33:
                    0a:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:36:2A:BB:B0:37:52:01:F6:44:B7:9B:D0:0B:34:F0:EB:8B:53:BF
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8zYqu7A3UgH2RLeb0As08OuLU78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:15f::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:18:9d:13:b2:cf:f3:b0:ac:c6:a6:01:38:ab:82:24:d9:a7:
         85:bb:5d:db:97:f7:5e:d0:4e:0b:50:47:35:52:b6:7c:8f:21:
         cb:fe:0a:91:23:12:dc:b4:94:c1:5a:ba:6c:cd:64:ae:a6:e0:
         a2:69:aa:5e:a9:6e:f9:9c:c8:09:58:a6:7e:37:cc:9b:14:70:
         19:aa:f4:01:f9:ad:85:51:8e:df:3a:fb:87:f7:8a:06:5d:50:
         4f:e7:ce:92:3b:c4:cb:6e:c9:65:ab:11:af:82:61:84:23:a1:
         2d:59:ed:90:d3:74:96:c5:9d:97:5b:f7:43:4f:a4:90:96:ea:
         75:2f:60:6e:aa:46:bc:2a:d2:3f:f7:88:2a:77:03:c6:27:69:
         d9:dd:38:20:ed:c4:6d:e5:73:ee:2a:07:f9:d8:f5:fd:64:f5:
         fb:86:af:1f:42:3f:81:e8:a1:2c:b5:42:32:db:5b:80:d9:97:
         16:a6:8b:6a:a3:8e:e5:db:0c:2b:fc:99:f7:a0:09:ab:6c:20:
         4c:a3:da:7e:9b:54:2f:cf:86:15:d0:2a:94:60:40:5c:41:5b:
         54:0f:37:79:df:07:60:31:ac:f7:9d:ba:91:ac:65:fa:5d:4e:
         c1:bb:ef:f3:fc:d1:32:43:41:47:54:c6:2b:f6:25:01:91:3b:
         44:55:19:0f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZBb6f55f+0PlJeJQ4/IPO4tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNjI3MjI1NjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzM2MmFiYmIwMzc1MjAxZjY0NGI3OWJkMDBiMzRmMGViOGI1M2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3J3reS4E6NU56F5+KXIBKKP2rsI+
RVd7p/RmAGGwUhzvUsCx5VTiuVu4+21BH2Uch021/+7eTGJZt9Mpa+8xAbNPL9rt
WIMmJAxAZHrC3vdCd9ucH1Cflb7S3r04ye0jV+JJEpE0d2MiYKLrxIKX+GsNvPdF
k0pvTSWFd/CpaohYNVeRaPCZTebD5arh+DiDwfrJqjXHJwHodbaLobpNBbW7YaGl
zVzL6tsYGFyXs6mn0BefFpEHLzcEglX4doldoX9Ri339SP3nQn/o+q/5wP2zbgtR
pxqsUNUas/y/T/cxeN6hotGD9WF5cmNeRRRdjSvlB/0IrRkHhiNaKDMKvQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPM2KruwN1IB9kS3m9ALNPDri1O/MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOHpZcXU3QTNVZ0gyUkxlYjBBczA4T3VMVTc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAFf
MA0GCSqGSIb3DQEBCwUAA4IBAQBvGJ0Tss/zsKzGpgE4q4Ik2aeFu13bl/de0E4L
UEc1UrZ8jyHL/gqRIxLctJTBWrpszWSupuCiaapeqW75nMgJWKZ+N8ybFHAZqvQB
+a2FUY7fOvuH94oGXVBP586SO8TLbsllqxGvgmGEI6EtWe2Q03SWxZ2XW/dDT6SQ
lup1L2Buqka8KtI/94gqdwPGJ2nZ3Tgg7cRt5XPuKgf52PX9ZPX7hq8fQj+B6KEs
tUIy21uA2ZcWpotqo47l2wwr/Jn3oAmrbCBMo9p+m1Qvz4YV0CqUYEBcQVtUDzd5
3wdgMaz3nbqRrGX6XU7Bu+/z/NEyQ0FHVMYr9iUBkTtEVRkP
-----END CERTIFICATE-----