Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/D-AYJLq8NX9Gh0zEaXi1-Ss86-I.roa
File:                     D-AYJLq8NX9Gh0zEaXi1-Ss86-I.roa (raw, json)
Hash identifier:          UfdFdqJhwlwgPKOwxXb3dWbcw1GVJ+3QXbqhA2suuBU=
Subject key identifier:   0F:E0:18:24:BA:BC:35:7F:46:87:4C:C4:69:78:B5:F9:2B:3C:EB:E2
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCFA08D29779FDF83A767B2BEA8157
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/D-AYJLq8NX9Gh0zEaXi1-Ss86-I.roa
Signing time:             Tue 02 Jan 2024 10:34:14 +0000
ROA not before:           Tue 02 Jan 2024 10:34:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200890
IP address blocks:        2a10:cc40:180::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:fa:08:d2:97:79:fd:f8:3a:76:7b:2b:ea:81:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0fe01824babc357f46874cc46978b5f92b3cebe2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:50:bf:3f:49:81:29:c5:25:37:25:a5:39:ff:
                    61:92:61:b7:63:34:56:75:10:7a:4d:76:5a:98:77:
                    42:38:d0:d4:e7:ff:2a:a4:bc:6f:0c:44:ad:76:3d:
                    e7:e0:ec:14:d9:bf:d9:d4:3f:4a:11:2f:bf:29:a2:
                    59:b0:ab:00:ac:61:fe:e1:d4:6e:27:01:1f:a6:fc:
                    c7:56:bd:37:98:8d:d6:22:14:04:e6:ca:d7:ab:38:
                    ab:f1:71:0a:fa:d9:15:f8:3c:e1:b0:fe:7c:6f:26:
                    1b:b3:29:f3:9a:68:30:3f:95:2f:17:0e:88:4c:5a:
                    86:4c:fe:67:6b:8f:0c:14:68:bc:99:5f:da:e5:ed:
                    c3:3c:d8:8b:79:3e:02:55:1a:f7:3c:79:70:e8:b5:
                    95:b4:48:33:35:3c:1f:b7:4e:72:df:a6:2a:81:f7:
                    9e:ae:3c:81:36:0d:94:ea:26:cb:a4:04:a9:35:37:
                    f0:88:95:85:25:d8:e3:9a:dd:eb:39:c3:82:3d:46:
                    87:3b:43:a8:ae:5c:65:41:74:4c:48:30:72:90:e7:
                    2f:63:6b:c3:3d:c3:c0:aa:26:ad:0a:2a:8a:d4:c7:
                    a4:75:66:76:ea:f8:3b:b0:2e:ad:83:51:38:8d:8a:
                    26:58:c2:e0:06:f2:20:28:58:f4:1d:95:19:e3:9b:
                    6b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:E0:18:24:BA:BC:35:7F:46:87:4C:C4:69:78:B5:F9:2B:3C:EB:E2
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/D-AYJLq8NX9Gh0zEaXi1-Ss86-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:cc40:180::/44

    Signature Algorithm: sha256WithRSAEncryption
         7d:d0:85:34:c6:29:ab:1e:1c:2c:94:be:1e:3e:b2:15:0d:50:
         46:ee:1f:24:8a:be:f3:40:c3:45:0c:ff:02:66:aa:78:bd:ae:
         86:b4:62:eb:a2:1e:75:ba:0c:25:3f:80:6f:bb:fb:a7:75:3e:
         89:86:4e:78:0c:eb:20:69:ee:aa:e6:26:02:4e:47:ce:53:c6:
         6b:fa:51:99:88:20:2e:56:ed:e2:a0:c5:83:84:12:ca:35:07:
         c3:a5:71:2d:a6:e6:e2:d7:34:e7:4a:9b:c3:5b:50:ac:0f:9b:
         3b:dc:7e:82:57:4a:48:90:c7:26:d0:ea:39:f3:1d:71:f0:91:
         f6:a9:b6:ba:13:83:79:bd:05:02:cb:1e:f0:a2:51:81:63:fb:
         c9:0d:6c:18:25:9b:73:34:41:49:ea:61:c6:4f:5c:e4:bb:8d:
         0a:d0:23:ac:ca:d2:a5:1d:81:32:c7:de:6a:8f:e6:be:eb:9c:
         a4:77:58:e7:82:da:cb:13:8a:16:84:08:36:98:16:b8:72:72:
         43:07:1e:ba:dc:ca:95:2d:d0:21:20:dc:bb:7f:dd:0e:55:c9:
         68:58:6c:c8:cd:2b:0b:91:45:d5:f0:46:8a:2c:08:fb:58:d7:
         92:5e:e2:c3:38:cf:f8:f2:a6:b3:93:6b:b5:75:ae:a0:44:41:
         e7:9d:72:e0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvPoI0pd5/fg6dnsr6oFXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmUwMTgyNGJhYmMzNTdmNDY4NzRjYzQ2OTc4YjVmOTJiM2NlYmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlC/P0mBKcUlNyWlOf9hkmG3YzRW
dRB6TXZamHdCONDU5/8qpLxvDEStdj3n4OwU2b/Z1D9KES+/KaJZsKsArGH+4dRu
JwEfpvzHVr03mI3WIhQE5srXqzir8XEK+tkV+DzhsP58byYbsynzmmgwP5UvFw6I
TFqGTP5na48MFGi8mV/a5e3DPNiLeT4CVRr3PHlw6LWVtEgzNTwft05y36Yqgfee
rjyBNg2U6ibLpASpNTfwiJWFJdjjmt3rOcOCPUaHO0OorlxlQXRMSDBykOcvY2vD
PcPAqiatCiqK1MekdWZ26vg7sC6tg1E4jYomWMLgBvIgKFj0HZUZ45trUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA/gGCS6vDV/RodMxGl4tfkrPOviMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRC1BWUpMcThOWDlHaDB6RWFYaTEtU3M4Ni1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhDMQAGA
MA0GCSqGSIb3DQEBCwUAA4IBAQB90IU0ximrHhwslL4ePrIVDVBG7h8kir7zQMNF
DP8CZqp4va6GtGLroh51ugwlP4Bvu/undT6Jhk54DOsgae6q5iYCTkfOU8Zr+lGZ
iCAuVu3ioMWDhBLKNQfDpXEtpubi1zTnSpvDW1CsD5s73H6CV0pIkMcm0Oo58x1x
8JH2qba6E4N5vQUCyx7wolGBY/vJDWwYJZtzNEFJ6mHGT1zku40K0COsytKlHYEy
x95qj+a+65ykd1jngtrLE4oWhAg2mBa4cnJDBx663MqVLdAhINy7f90OVcloWGzI
zSsLkUXV8EaKLAj7WNeSXuLDOM/48qazk2u1da6gREHnnXLg
-----END CERTIFICATE-----