Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/B6fAYr_Rx9LOr17jWygM_WIep_I.roa
File:                     B6fAYr_Rx9LOr17jWygM_WIep_I.roa (raw, json)
Hash identifier:          SqavAXSg2F25IDZ6Nex9J6OKcJu7eZREgEZCHs3AoVs=
Subject key identifier:   07:A7:C0:62:BF:D1:C7:D2:CE:AF:5E:E3:5B:28:0C:FD:62:1E:A7:F2
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252240821E53B58E0BC3041D28FF42AF
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/B6fAYr_Rx9LOr17jWygM_WIep_I.roa
Signing time:             Thu 02 Jan 2025 03:49:49 +0000
ROA not before:           Thu 02 Jan 2025 03:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210563
IP address blocks:        2a10:cc44:170::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:40:82:1e:53:b5:8e:0b:c3:04:1d:28:ff:42:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07a7c062bfd1c7d2ceaf5ee35b280cfd621ea7f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:01:a7:17:d5:23:fc:25:70:d2:34:07:2a:a6:
                    ec:a1:bc:65:ae:1a:63:e7:d4:78:0c:65:1d:bf:d0:
                    41:e8:bf:90:b8:b8:88:a5:c9:2d:61:27:fe:2b:4d:
                    d8:ea:d2:12:93:a1:a0:99:3e:24:e5:4d:92:a1:55:
                    f8:50:71:96:b9:c0:af:71:09:7e:47:a8:79:f4:2c:
                    38:d2:8b:f2:b4:e6:5e:13:08:f5:09:53:1f:c7:a0:
                    6d:27:67:53:de:13:5e:f2:18:65:60:ff:bc:fe:0d:
                    aa:3f:86:cb:3a:b5:53:7e:8b:14:b2:73:82:a2:46:
                    b3:04:01:35:31:52:57:6b:84:c6:24:95:8d:37:a1:
                    3c:46:45:3a:71:67:82:ad:eb:ed:7c:98:4c:2c:e5:
                    53:d9:a2:26:3a:d3:a2:09:82:07:a9:d8:07:a7:f6:
                    75:2e:48:50:de:c3:91:20:ee:5e:8f:13:a0:ba:04:
                    82:c4:54:ba:eb:49:24:bb:f9:e7:0c:87:09:9b:74:
                    a6:50:b8:38:14:29:fc:8c:a6:96:21:23:67:3f:35:
                    1a:b8:26:1e:eb:ad:15:6f:53:f9:da:17:e6:60:70:
                    4d:8c:64:ee:af:ec:08:88:f4:6b:b5:ee:8a:7c:22:
                    c4:f9:aa:a3:a5:26:69:6f:88:8b:14:eb:03:34:5b:
                    f1:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:A7:C0:62:BF:D1:C7:D2:CE:AF:5E:E3:5B:28:0C:FD:62:1E:A7:F2
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/B6fAYr_Rx9LOr17jWygM_WIep_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:cc44:170::/44

    Signature Algorithm: sha256WithRSAEncryption
         86:50:5b:4a:6f:00:98:f2:90:5b:30:c6:49:c0:69:5e:be:62:
         29:0c:8d:70:21:02:78:db:f2:95:94:2e:b7:a6:8c:2d:64:89:
         ab:6b:f0:09:38:62:2e:a9:79:e2:30:75:de:21:99:0e:68:b6:
         dd:f1:4c:bd:75:f9:ac:32:1c:00:9c:93:dc:ac:42:a1:78:ce:
         47:45:f7:9b:c0:49:52:85:24:fd:77:89:88:69:1b:e9:c6:4a:
         77:d9:91:18:d3:6e:20:7a:2d:cd:27:60:54:08:e3:01:e4:6a:
         ce:da:14:11:71:d1:92:b8:19:0b:75:a6:14:ca:38:dd:ca:2f:
         70:66:5d:e9:42:62:56:8a:c0:ba:61:27:47:91:ff:98:ca:a0:
         b7:24:42:c2:5c:0b:52:86:15:39:4b:77:31:fc:bc:50:57:df:
         6c:ca:5a:3d:81:d1:6c:be:02:95:8c:10:d4:db:0f:2b:50:a3:
         25:40:c1:dc:50:32:9d:02:12:9c:63:3a:5d:d9:d1:a5:14:d3:
         85:f0:61:38:03:8f:9b:eb:d8:c7:a1:90:33:9c:f3:0b:c3:6d:
         5e:43:62:69:26:e0:ce:bc:ce:e3:42:0e:ee:12:0a:4f:8f:9e:
         6f:d7:e0:a5:44:e6:a0:f4:26:af:00:9b:64:1b:b6:26:1a:cb:
         11:e9:f5:19
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIkCCHlO1jgvDBB0o/0KvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2E3YzA2MmJmZDFjN2QyY2VhZjVlZTM1YjI4MGNmZDYyMWVhN2YyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAGnF9Uj/CVw0jQHKqbsobxlrhpj
59R4DGUdv9BB6L+QuLiIpcktYSf+K03Y6tISk6GgmT4k5U2SoVX4UHGWucCvcQl+
R6h59Cw40ovytOZeEwj1CVMfx6BtJ2dT3hNe8hhlYP+8/g2qP4bLOrVTfosUsnOC
okazBAE1MVJXa4TGJJWNN6E8RkU6cWeCrevtfJhMLOVT2aImOtOiCYIHqdgHp/Z1
LkhQ3sORIO5ejxOgugSCxFS660kku/nnDIcJm3SmULg4FCn8jKaWISNnPzUauCYe
660Vb1P52hfmYHBNjGTur+wIiPRrte6KfCLE+aqjpSZpb4iLFOsDNFvxfwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAenwGK/0cfSzq9e41soDP1iHqfyMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQjZmQVlyX1J4OUxPcjE3ald5Z01fV0llcF9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhDMRAFw
MA0GCSqGSIb3DQEBCwUAA4IBAQCGUFtKbwCY8pBbMMZJwGlevmIpDI1wIQJ42/KV
lC63powtZImra/AJOGIuqXniMHXeIZkOaLbd8Uy9dfmsMhwAnJPcrEKheM5HRfeb
wElShST9d4mIaRvpxkp32ZEY024gei3NJ2BUCOMB5GrO2hQRcdGSuBkLdaYUyjjd
yi9wZl3pQmJWisC6YSdHkf+YyqC3JELCXAtShhU5S3cx/LxQV99sylo9gdFsvgKV
jBDU2w8rUKMlQMHcUDKdAhKcYzpd2dGlFNOF8GE4A4+b69jHoZAznPMLw21eQ2Jp
JuDOvM7jQg7uEgpPj55v1+ClROag9CavAJtkG7YmGssR6fUZ
-----END CERTIFICATE-----