Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/FDzxQCiKXoWgfa6rjyZ4KNGY77M.roa
File:                     FDzxQCiKXoWgfa6rjyZ4KNGY77M.roa (raw, json)
Hash identifier:          QvTBG1lWLVE5P33GB1OX5d0DP++Bwc1XuZ1L/XwbS2g=
Subject key identifier:   14:3C:F1:40:28:8A:5E:85:A0:7D:AE:AB:8F:26:78:28:D1:98:EF:B3
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD2C339C63EFFA0F49BFA9AB204352
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/FDzxQCiKXoWgfa6rjyZ4KNGY77M.roa
Signing time:             Tue 02 Jan 2024 10:34:27 +0000
ROA not before:           Tue 02 Jan 2024 10:34:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210888
IP address blocks:        2a10:2f00:173::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:2c:33:9c:63:ef:fa:0f:49:bf:a9:ab:20:43:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=143cf140288a5e85a07daeab8f267828d198efb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a1:2e:94:c9:3d:aa:9e:ce:96:c1:3d:3c:4e:
                    68:bc:37:f1:25:aa:73:3d:e9:37:90:41:b6:22:cd:
                    e7:08:a3:cb:28:8f:b6:ea:8c:a0:2b:c3:07:4d:4d:
                    2e:c1:77:a3:56:bc:76:a2:e4:7d:47:ec:b3:f6:ea:
                    96:8c:98:25:4f:32:d5:a4:a9:cb:86:3d:76:06:af:
                    db:16:5c:20:76:42:c8:82:ca:cf:12:b8:8c:ed:53:
                    57:75:9e:f7:7c:9f:71:fa:6c:b3:42:2e:f3:e1:f3:
                    d8:8e:a5:51:a9:38:59:d0:54:1a:5c:50:69:42:3e:
                    6e:1f:9f:7c:7d:d6:c5:94:3a:06:5d:e0:5f:4a:99:
                    24:f3:a6:db:00:ae:4b:4f:a4:e4:2c:96:ab:bb:36:
                    40:85:9f:bd:7b:82:88:3b:75:9d:7f:15:ec:c6:aa:
                    e7:40:f7:94:d9:32:23:52:46:f3:86:b9:82:7a:2e:
                    bc:3b:52:85:91:bf:5a:82:ca:45:c7:0e:d5:73:9e:
                    35:29:69:26:cf:d8:47:2f:60:86:e9:c0:07:17:ea:
                    15:1a:56:ca:48:48:2f:50:b0:d4:79:92:b1:75:32:
                    54:83:3e:b0:ab:99:6f:24:34:18:94:a5:c8:ab:26:
                    d9:52:b5:cf:05:64:9a:cc:00:e6:85:43:d7:fb:d8:
                    c0:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:3C:F1:40:28:8A:5E:85:A0:7D:AE:AB:8F:26:78:28:D1:98:EF:B3
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/FDzxQCiKXoWgfa6rjyZ4KNGY77M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:173::/48

    Signature Algorithm: sha256WithRSAEncryption
         c2:67:33:af:ef:d4:f9:fb:0a:92:82:57:79:d1:e2:b0:aa:a5:
         f9:b2:38:60:d6:90:75:cf:25:13:d3:18:5c:0f:98:cb:86:de:
         c8:d3:37:57:20:a4:6e:ba:ef:10:a8:c1:75:bc:ab:1c:eb:e9:
         15:18:63:f9:c2:e0:b8:8d:aa:64:4b:6e:9b:27:6b:bf:7b:58:
         20:d6:e9:39:2f:d2:68:87:9e:a1:f9:7e:48:f9:22:60:6c:5d:
         48:d2:42:d0:d6:d4:af:3d:80:f7:c3:6f:44:b6:bc:d9:35:31:
         52:98:f8:a4:5b:fe:9f:8b:b4:66:cd:96:0f:58:49:ac:7a:6d:
         d6:43:f2:ef:19:f1:66:13:b7:c9:85:81:13:e1:7d:94:9a:4b:
         6a:96:cf:58:5d:70:03:82:2a:05:0a:7c:b1:85:ad:dc:4a:b7:
         eb:66:a4:11:31:2e:9d:38:3c:54:04:4a:8d:54:f9:a6:4f:54:
         b4:37:ab:0a:ea:37:68:76:e2:ce:63:c2:d5:84:f5:74:18:a5:
         06:17:3d:09:0b:9f:49:5b:c2:38:05:b3:2d:7f:0e:83:78:a0:
         5e:15:ad:a7:e0:59:1e:53:f2:17:ad:06:92:9a:fe:59:f3:26:
         95:81:9e:81:66:ba:b8:1d:08:5e:c8:07:4f:66:12:f8:9b:47:
         31:54:25:44
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvSwznGPv+g9Jv6mrIENSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDNjZjE0MDI4OGE1ZTg1YTA3ZGFlYWI4ZjI2NzgyOGQxOThlZmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKEulMk9qp7OlsE9PE5ovDfxJapz
Pek3kEG2Is3nCKPLKI+26oygK8MHTU0uwXejVrx2ouR9R+yz9uqWjJglTzLVpKnL
hj12Bq/bFlwgdkLIgsrPEriM7VNXdZ73fJ9x+myzQi7z4fPYjqVRqThZ0FQaXFBp
Qj5uH598fdbFlDoGXeBfSpkk86bbAK5LT6TkLJaruzZAhZ+9e4KIO3WdfxXsxqrn
QPeU2TIjUkbzhrmCei68O1KFkb9agspFxw7Vc541KWkmz9hHL2CG6cAHF+oVGlbK
SEgvULDUeZKxdTJUgz6wq5lvJDQYlKXIqybZUrXPBWSazADmhUPX+9jA3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBQ88UAoil6FoH2uq48meCjRmO+zMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRkR6eFFDaUtYb1dnZmE2cmp5WjRLTkdZNzdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAFz
MA0GCSqGSIb3DQEBCwUAA4IBAQDCZzOv79T5+wqSgld50eKwqqX5sjhg1pB1zyUT
0xhcD5jLht7I0zdXIKRuuu8QqMF1vKsc6+kVGGP5wuC4japkS26bJ2u/e1gg1uk5
L9Joh56h+X5I+SJgbF1I0kLQ1tSvPYD3w29EtrzZNTFSmPikW/6fi7RmzZYPWEms
em3WQ/LvGfFmE7fJhYET4X2Umktqls9YXXADgioFCnyxha3cSrfrZqQRMS6dODxU
BEqNVPmmT1S0N6sK6jdoduLOY8LVhPV0GKUGFz0JC59JW8I4BbMtfw6DeKBeFa2n
4FkeU/IXrQaSmv5Z8yaVgZ6BZrq4HQheyAdPZhL4m0cxVCVE
-----END CERTIFICATE-----