Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9Ihtpd1woMtK3jiaCIQaDZNZ8kM.roa
File:                     9Ihtpd1woMtK3jiaCIQaDZNZ8kM.roa (raw, json)
Hash identifier:          nNVB98sdcsyQ/fyKZi3QCbPIVQzdm/Cf/N6Tg/qQ1QE=
Subject key identifier:   F4:88:6D:A5:DD:70:A0:CB:4A:DE:38:9A:08:84:1A:0D:93:59:F2:43
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD56DD758EE637B44C8D3D2F9CE349
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9Ihtpd1woMtK3jiaCIQaDZNZ8kM.roa
Signing time:             Tue 02 Jan 2024 10:34:38 +0000
ROA not before:           Tue 02 Jan 2024 10:34:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216233
IP address blocks:        2a10:ccc1:ccc0::/48 maxlen: 48
                          2a10:ccc1:ccc1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:56:dd:75:8e:e6:37:b4:4c:8d:3d:2f:9c:e3:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4886da5dd70a0cb4ade389a08841a0d9359f243
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4a:24:e4:cd:a2:8d:8b:5f:6f:b0:04:2d:bc:
                    40:79:9f:6e:5d:05:63:6d:16:90:9a:82:c3:58:07:
                    e5:25:24:2a:c4:13:ad:80:53:a3:a2:38:5e:35:3b:
                    1f:87:66:c2:4a:33:12:d5:c6:52:cc:91:4d:aa:1f:
                    84:0a:c7:3a:19:1d:b0:f5:80:42:6e:51:61:56:08:
                    6f:29:bf:f4:09:47:ff:0e:d0:eb:01:e9:c3:1e:f3:
                    f2:d3:f6:fe:e7:2f:dd:b6:c2:83:43:9c:ab:16:3b:
                    aa:6d:5c:16:9a:59:3d:51:64:e8:57:c1:d0:cc:48:
                    d3:c9:e7:ca:ea:72:2b:3f:61:89:dc:36:d1:b3:d0:
                    22:89:f0:61:44:1a:c9:7f:65:35:67:a3:01:16:b4:
                    72:3a:b3:57:7d:58:1d:5a:8a:5f:d3:cc:fe:cf:57:
                    da:f3:be:4c:b6:04:82:13:9f:a4:b7:f2:7b:b5:59:
                    ce:82:e8:8e:74:50:67:1c:cb:b7:be:3a:cb:d0:25:
                    cb:00:02:1a:67:81:29:e6:9a:7d:ed:ba:ba:ff:cb:
                    10:45:b2:92:a1:dd:ca:c3:e8:7d:1a:7a:ea:b6:19:
                    14:ae:c4:89:8f:65:10:27:f4:2a:b0:96:a1:fc:d9:
                    86:7d:d1:b9:be:f8:2a:63:20:8f:3d:31:35:83:42:
                    04:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:88:6D:A5:DD:70:A0:CB:4A:DE:38:9A:08:84:1A:0D:93:59:F2:43
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9Ihtpd1woMtK3jiaCIQaDZNZ8kM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc1:ccc0::/47

    Signature Algorithm: sha256WithRSAEncryption
         3f:7c:28:e8:ec:28:6b:fa:80:09:2b:21:83:ee:69:89:82:9a:
         5b:bd:dd:f0:82:5e:32:50:23:5e:fe:6e:c2:02:eb:7f:13:ca:
         47:a5:54:c7:d5:be:9f:55:5c:63:3b:0c:ce:15:63:96:7a:2f:
         d8:e4:49:83:3a:26:52:55:fb:4b:99:dc:bb:d2:96:c4:94:d6:
         1a:2f:b7:39:f7:3e:c4:11:00:7b:df:5d:a6:ce:4c:1a:9c:70:
         31:7d:2d:9e:ec:3a:02:0e:a2:05:29:5f:9c:e5:3b:8b:10:97:
         d8:fb:53:00:ef:cb:0d:1f:51:88:21:01:06:b4:88:77:0b:61:
         cd:d9:94:e7:be:54:31:4a:9f:48:a5:76:6b:89:4d:3d:d1:88:
         2b:6a:f7:e1:d9:24:90:58:6e:3f:e5:48:01:42:4f:22:54:88:
         2a:74:5f:58:04:2f:23:a3:0b:6d:52:84:5d:6c:b0:93:3c:e6:
         29:94:cd:ac:50:ad:48:9b:2d:4c:8c:72:80:c1:d8:80:21:80:
         8f:5c:be:50:98:69:73:9e:08:a3:d9:42:43:ff:cd:cb:06:cc:
         db:15:26:03:08:46:10:68:2a:e4:c7:d3:c4:2d:c0:a3:af:da:
         e4:f4:c6:63:2d:ea:96:27:1e:ff:05:5b:06:81:58:fe:ec:1d:
         80:f3:ee:83
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvVbddY7mN7RMjT0vnONJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDg4NmRhNWRkNzBhMGNiNGFkZTM4OWEwODg0MWEwZDkzNTlmMjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUok5M2ijYtfb7AELbxAeZ9uXQVj
bRaQmoLDWAflJSQqxBOtgFOjojheNTsfh2bCSjMS1cZSzJFNqh+ECsc6GR2w9YBC
blFhVghvKb/0CUf/DtDrAenDHvPy0/b+5y/dtsKDQ5yrFjuqbVwWmlk9UWToV8HQ
zEjTyefK6nIrP2GJ3DbRs9AiifBhRBrJf2U1Z6MBFrRyOrNXfVgdWopf08z+z1fa
875MtgSCE5+kt/J7tVnOguiOdFBnHMu3vjrL0CXLAAIaZ4Ep5pp97bq6/8sQRbKS
od3Kw+h9GnrqthkUrsSJj2UQJ/QqsJah/NmGfdG5vvgqYyCPPTE1g0IEtQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPSIbaXdcKDLSt44mgiEGg2TWfJDMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOUlodHBkMXdvTXRLM2ppYUNJUWFEWk5aOGtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhDMwczA
MA0GCSqGSIb3DQEBCwUAA4IBAQA/fCjo7Chr+oAJKyGD7mmJgppbvd3wgl4yUCNe
/m7CAut/E8pHpVTH1b6fVVxjOwzOFWOWei/Y5EmDOiZSVftLmdy70pbElNYaL7c5
9z7EEQB7312mzkwanHAxfS2e7DoCDqIFKV+c5TuLEJfY+1MA78sNH1GIIQEGtIh3
C2HN2ZTnvlQxSp9IpXZriU090Ygravfh2SSQWG4/5UgBQk8iVIgqdF9YBC8jowtt
UoRdbLCTPOYplM2sUK1Imy1MjHKAwdiAIYCPXL5QmGlzngij2UJD/83LBszbFSYD
CEYQaCrkx9PELcCjr9rk9MZjLeqWJx7/BVsGgVj+7B2A8+6D
-----END CERTIFICATE-----