Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9cGWc7CY-BmkwPnJ7UIQ7X3nR4s.roa
File:                     9cGWc7CY-BmkwPnJ7UIQ7X3nR4s.roa (raw, json)
Hash identifier:          hef7pUdw0vlAzcwAwBwo/ZaJ4/wNH/Y8WZOGjNhpS9k=
Subject key identifier:   F5:C1:96:73:B0:98:F8:19:A4:C0:F9:C9:ED:42:10:ED:7D:E7:47:8B
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252261685BE06860A85BF4A0426FF7DF
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9cGWc7CY-BmkwPnJ7UIQ7X3nR4s.roa
Signing time:             Thu 02 Jan 2025 03:49:57 +0000
ROA not before:           Thu 02 Jan 2025 03:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212425
IP address blocks:        2a10:2f00:157::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:61:68:5b:e0:68:60:a8:5b:f4:a0:42:6f:f7:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5c19673b098f819a4c0f9c9ed4210ed7de7478b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:84:49:9c:1b:ac:61:32:81:ed:b6:ee:06:cb:
                    4b:4d:c2:78:c1:be:db:17:da:de:72:21:00:4e:22:
                    7d:77:22:fc:85:ca:eb:bd:e8:ce:3d:52:63:a1:40:
                    46:a8:96:2f:54:dd:58:3e:12:23:be:c1:0f:c1:3f:
                    8c:71:28:4d:fe:a0:6b:f8:ca:85:b7:41:e1:b5:30:
                    0f:d4:27:bf:81:c7:44:95:ce:f3:63:e5:57:eb:1b:
                    0d:4e:98:53:2c:73:3a:a3:f0:bd:54:a9:15:8c:03:
                    f0:84:25:d4:61:57:3e:3a:71:1a:04:5e:f6:0f:42:
                    ca:18:c6:39:17:13:43:2d:22:df:13:72:fa:29:a2:
                    de:0f:51:8f:15:56:f2:a0:42:61:19:d2:05:04:30:
                    44:c6:52:69:9d:23:15:cc:b8:27:cd:57:60:f5:f0:
                    29:b2:65:71:1c:56:a9:61:df:39:0f:fc:55:c9:a4:
                    89:d1:93:c7:64:08:26:ac:61:27:c5:ea:63:9b:4b:
                    58:d8:ac:58:47:7f:e1:99:62:20:05:9c:c9:6a:42:
                    79:73:86:0e:08:b0:cf:35:2e:1a:3b:5c:8d:03:f1:
                    63:0f:e3:1a:c5:d6:a7:82:43:76:db:b3:f0:52:d6:
                    5a:ef:f5:21:62:13:72:7e:53:77:19:7a:07:85:36:
                    d5:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:C1:96:73:B0:98:F8:19:A4:C0:F9:C9:ED:42:10:ED:7D:E7:47:8B
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9cGWc7CY-BmkwPnJ7UIQ7X3nR4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:157::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:e9:bb:d4:de:f7:5c:78:84:07:a2:58:8b:fb:85:8c:a9:64:
         92:4a:53:fa:3d:93:3b:ea:0b:20:7c:79:22:32:b0:72:bd:bf:
         a0:5a:a1:92:a3:f5:89:a7:14:32:35:2b:1f:c2:b3:32:c6:2a:
         42:2d:b8:7b:27:f1:db:81:c5:de:e6:25:23:7a:d6:fb:da:51:
         c3:bb:9a:01:35:1e:b9:88:0e:b4:f5:e7:e7:d9:2c:f3:41:43:
         d9:a7:f8:cc:7f:5b:72:26:76:3c:29:2e:73:37:72:bd:81:12:
         74:f7:07:0d:21:39:d4:85:8d:c2:b8:f9:48:25:c9:b7:22:5a:
         b8:1a:2f:97:f1:ba:52:cc:b7:ee:61:61:b7:a2:5e:7e:69:58:
         db:8f:a7:52:7c:13:05:84:23:81:c7:c6:95:0e:4d:86:35:4e:
         27:be:1c:ff:8d:c8:51:d9:8a:87:35:92:7b:51:74:ae:7d:11:
         88:a1:84:9d:73:2d:d0:09:78:38:93:35:f9:51:71:36:68:d5:
         74:a4:69:5b:6d:7a:0f:95:89:f1:20:09:ca:0e:98:21:33:30:
         e7:a2:bc:76:cb:a8:8f:3f:1e:9f:8e:75:68:29:66:89:d5:9a:
         50:b5:3b:b2:c8:4e:12:eb:14:57:bd:34:27:07:8e:37:4d:8c:
         0a:b3:7d:3e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlImFoW+BoYKhb9KBCb/ffMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWMxOTY3M2IwOThmODE5YTRjMGY5YzllZDQyMTBlZDdkZTc0NzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YRJnBusYTKB7bbuBstLTcJ4wb7b
F9reciEATiJ9dyL8hcrrvejOPVJjoUBGqJYvVN1YPhIjvsEPwT+McShN/qBr+MqF
t0HhtTAP1Ce/gcdElc7zY+VX6xsNTphTLHM6o/C9VKkVjAPwhCXUYVc+OnEaBF72
D0LKGMY5FxNDLSLfE3L6KaLeD1GPFVbyoEJhGdIFBDBExlJpnSMVzLgnzVdg9fAp
smVxHFapYd85D/xVyaSJ0ZPHZAgmrGEnxepjm0tY2KxYR3/hmWIgBZzJakJ5c4YO
CLDPNS4aO1yNA/FjD+MaxdangkN227PwUtZa7/UhYhNyflN3GXoHhTbVeQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPXBlnOwmPgZpMD5ye1CEO1950eLMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOWNHV2M3Q1ktQm1rd1BuSjdVSVE3WDNuUjRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAFX
MA0GCSqGSIb3DQEBCwUAA4IBAQCh6bvU3vdceIQHoliL+4WMqWSSSlP6PZM76gsg
fHkiMrByvb+gWqGSo/WJpxQyNSsfwrMyxipCLbh7J/HbgcXe5iUjetb72lHDu5oB
NR65iA609efn2SzzQUPZp/jMf1tyJnY8KS5zN3K9gRJ09wcNITnUhY3CuPlIJcm3
Ilq4Gi+X8bpSzLfuYWG3ol5+aVjbj6dSfBMFhCOBx8aVDk2GNU4nvhz/jchR2YqH
NZJ7UXSufRGIoYSdcy3QCXg4kzX5UXE2aNV0pGlbbXoPlYnxIAnKDpghMzDnorx2
y6iPPx6fjnVoKWaJ1ZpQtTuyyE4S6xRXvTQnB443TYwKs30+
-----END CERTIFICATE-----