Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BICCl1jZhPNwLRe9nzJTiltACDA.roa
File:                     BICCl1jZhPNwLRe9nzJTiltACDA.roa (raw, json)
Hash identifier:          RawSZ4EQQFbSqrtZhtvSUZevmATo5dJQcBTm4wqe8Cw=
Subject key identifier:   04:80:82:97:58:D9:84:F3:70:2D:17:BD:9F:32:53:8A:5B:40:08:30
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0191AAA3BFBD731E695209D2DA5ACA42079D
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BICCl1jZhPNwLRe9nzJTiltACDA.roa
Signing time:             Sat 31 Aug 2024 22:52:23 +0000
ROA not before:           Sat 31 Aug 2024 22:52:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210659
IP address blocks:        2a10:cc40:130::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:aa:a3:bf:bd:73:1e:69:52:09:d2:da:5a:ca:42:07:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Aug 31 22:52:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0480829758d984f3702d17bd9f32538a5b400830
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:3c:7d:fa:31:9b:12:b0:cd:38:7d:76:03:bd:
                    bd:f2:40:75:a1:79:55:0a:cd:86:07:2d:4a:aa:ce:
                    e6:dc:bc:08:d5:9c:ef:b2:63:67:6c:df:17:0b:b0:
                    a9:7f:75:ce:0b:d6:a3:45:39:00:5e:8f:fd:8b:51:
                    bb:d0:23:64:ad:53:cb:78:50:10:c4:f5:d2:fa:05:
                    7b:d2:eb:89:87:f1:a5:00:4d:c4:1a:d1:bc:26:8d:
                    d1:f4:4c:1e:b0:16:c2:1b:cb:89:d8:5a:e7:fd:9f:
                    98:9c:89:12:14:df:4c:32:9f:2e:8f:f8:77:32:80:
                    86:80:95:2f:49:d6:ef:2b:46:ef:cf:00:c0:e9:aa:
                    04:71:61:e9:cb:aa:22:8c:52:aa:e6:f9:40:b1:a4:
                    7c:ec:99:be:ed:11:43:3c:c3:0f:9b:e1:dd:f6:3e:
                    75:f0:99:58:54:0b:79:cd:3d:58:c3:c0:65:2c:6e:
                    9c:82:e1:7a:bb:a2:75:77:16:f2:62:d7:bc:24:a7:
                    b2:45:e6:11:67:54:db:30:d1:39:96:da:53:89:34:
                    94:6c:77:db:78:bf:ea:89:84:95:08:7e:87:a2:4c:
                    50:de:1d:99:0a:64:f1:e6:51:df:0f:d0:e6:e8:00:
                    83:2e:1e:3f:74:38:f5:b6:96:f4:06:d2:13:5b:54:
                    2c:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:80:82:97:58:D9:84:F3:70:2D:17:BD:9F:32:53:8A:5B:40:08:30
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/BICCl1jZhPNwLRe9nzJTiltACDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:cc40:130::/44

    Signature Algorithm: sha256WithRSAEncryption
         4f:7b:bc:50:64:82:5e:e0:9c:ea:05:bd:96:f5:e4:01:c0:a0:
         fd:63:e3:47:d2:dd:f4:b3:b3:85:9a:fc:53:3e:77:8f:2d:48:
         ff:81:f3:d3:ea:48:a8:a3:23:4c:05:af:3b:b3:ed:23:25:7f:
         f6:d2:5b:26:30:6e:d2:dc:8c:b4:0c:b0:95:d5:a0:88:05:90:
         46:7e:be:8f:fd:80:e7:ae:dd:23:8d:1a:4c:ff:62:01:75:c0:
         9c:4e:8e:c8:6c:91:ac:37:b2:0c:65:80:82:1f:29:3a:9b:55:
         66:15:f0:ba:d4:d3:f8:07:2f:2d:7f:e0:d6:30:40:ba:87:41:
         fa:6f:64:e1:2b:c1:81:21:70:49:df:13:e7:8f:80:79:e4:65:
         25:78:a8:b5:a6:fc:c0:09:1d:cd:ab:43:de:13:08:2e:52:c2:
         54:f2:11:3b:a3:e8:6a:c6:62:87:e6:65:a1:ad:51:33:82:44:
         45:43:97:24:02:e0:d3:20:53:b8:6b:2b:23:29:ae:e1:77:b9:
         5b:2f:1d:88:70:16:11:44:8c:d0:15:75:d8:00:31:9a:e3:16:
         96:26:fb:a9:17:d5:d1:2b:3b:ee:b4:cb:98:7a:6a:1c:14:04:
         1c:a8:a9:6a:f4:51:10:3b:dd:b8:83:8e:28:b7:85:fa:9d:75:
         4a:54:78:5b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZGqo7+9cx5pUgnS2lrKQgedMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwODMxMjI1MjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDgwODI5NzU4ZDk4NGYzNzAyZDE3YmQ5ZjMyNTM4YTViNDAwODMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Tx9+jGbErDNOH12A7298kB1oXlV
Cs2GBy1Kqs7m3LwI1ZzvsmNnbN8XC7Cpf3XOC9ajRTkAXo/9i1G70CNkrVPLeFAQ
xPXS+gV70uuJh/GlAE3EGtG8Jo3R9EwesBbCG8uJ2Frn/Z+YnIkSFN9MMp8uj/h3
MoCGgJUvSdbvK0bvzwDA6aoEcWHpy6oijFKq5vlAsaR87Jm+7RFDPMMPm+Hd9j51
8JlYVAt5zT1Yw8BlLG6cguF6u6J1dxbyYte8JKeyReYRZ1TbMNE5ltpTiTSUbHfb
eL/qiYSVCH6HokxQ3h2ZCmTx5lHfD9Dm6ACDLh4/dDj1tpb0BtITW1QsywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFASAgpdY2YTzcC0XvZ8yU4pbQAgwMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQklDQ2wxalpoUE53TFJlOW56SlRpbHRBQ0RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhDMQAEw
MA0GCSqGSIb3DQEBCwUAA4IBAQBPe7xQZIJe4JzqBb2W9eQBwKD9Y+NH0t30s7OF
mvxTPnePLUj/gfPT6kiooyNMBa87s+0jJX/20lsmMG7S3Iy0DLCV1aCIBZBGfr6P
/YDnrt0jjRpM/2IBdcCcTo7IbJGsN7IMZYCCHyk6m1VmFfC61NP4By8tf+DWMEC6
h0H6b2ThK8GBIXBJ3xPnj4B55GUleKi1pvzACR3Nq0PeEwguUsJU8hE7o+hqxmKH
5mWhrVEzgkRFQ5ckAuDTIFO4aysjKa7hd7lbLx2IcBYRRIzQFXXYADGa4xaWJvup
F9XRKzvutMuYemocFAQcqKlq9FEQO924g44ot4X6nXVKVHhb
-----END CERTIFICATE-----