Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Hb7376ZO6F84C-_CTArRRp6veJ8.roa
File:                     Hb7376ZO6F84C-_CTArRRp6veJ8.roa (raw, json)
Hash identifier:          Fi694wsGOTWtZsq9pbgs6LuTO+HLwStNo1Gat8kQKpo=
Subject key identifier:   1D:BE:F7:EF:A6:4E:E8:5F:38:0B:EF:C2:4C:0A:D1:46:9E:AF:78:9F
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252246A962AEC83755FEB0BFF3E715AC
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Hb7376ZO6F84C-_CTArRRp6veJ8.roa
Signing time:             Thu 02 Jan 2025 03:49:50 +0000
ROA not before:           Thu 02 Jan 2025 03:49:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210903
IP address blocks:        2a10:cc44:100::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:46:a9:62:ae:c8:37:55:fe:b0:bf:f3:e7:15:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1dbef7efa64ee85f380befc24c0ad1469eaf789f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:bf:3e:b6:8a:45:51:e9:87:1b:34:46:04:2c:
                    b0:a9:e1:a0:5c:79:f2:36:e6:bd:64:16:2e:5c:8d:
                    b8:21:38:e8:2d:80:33:69:ce:de:8e:47:84:3c:f6:
                    d6:e8:13:19:82:05:f5:18:82:cd:2b:2f:88:28:37:
                    25:5f:44:f4:47:ef:68:f9:da:fd:e1:f1:56:58:24:
                    c4:a4:79:d5:11:2e:98:06:64:95:32:19:7c:45:e6:
                    df:b2:fd:5a:d8:df:ab:18:a4:2b:7a:2c:5f:bd:f0:
                    0c:2e:44:dc:43:a5:8d:98:7d:4a:20:17:dd:47:26:
                    f7:69:11:2d:a4:bf:0e:c0:91:1f:3b:93:39:27:f5:
                    e2:09:2c:9f:8b:23:f4:d7:08:b7:1a:98:53:61:f8:
                    6d:15:c7:5a:ad:82:8f:4a:d0:ad:f3:60:0f:1f:70:
                    2f:eb:58:6f:7c:d2:66:d9:a0:f7:0b:ae:be:99:57:
                    19:68:26:96:6d:34:14:5b:e5:a4:9b:7a:ac:ee:f3:
                    76:d3:d7:2e:06:02:59:10:50:71:fe:5d:80:c6:b5:
                    b9:f4:a8:0e:64:f4:07:52:5b:33:8c:13:8b:b3:f3:
                    7d:ce:8b:ae:8f:3d:95:46:90:1c:69:77:89:82:e1:
                    09:fb:0c:c1:50:68:e5:b7:84:1c:7e:17:40:be:c7:
                    e3:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:BE:F7:EF:A6:4E:E8:5F:38:0B:EF:C2:4C:0A:D1:46:9E:AF:78:9F
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Hb7376ZO6F84C-_CTArRRp6veJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:cc44:100::/44

    Signature Algorithm: sha256WithRSAEncryption
         08:2b:d0:62:60:2d:26:04:57:92:6c:6d:b3:30:2e:25:06:a3:
         14:46:c3:7a:c9:e2:1f:bf:37:7e:ae:76:76:c5:27:42:17:60:
         55:f7:c1:57:45:cd:18:fc:02:cc:a9:a7:6d:d1:f5:36:89:04:
         0e:49:2c:71:24:7b:2e:2a:df:e6:6d:0b:9c:23:91:12:82:2b:
         f6:e6:50:af:7f:79:c9:92:14:19:b6:1a:d0:ac:78:8f:a8:42:
         d3:43:36:ee:ff:65:a1:6b:fd:2c:49:ed:e2:98:d0:f7:da:d7:
         69:f4:4c:95:1c:da:61:5b:fc:6e:6e:7c:6a:19:f7:dc:31:a8:
         50:4d:0d:98:38:92:8a:dd:ae:36:c9:fa:db:01:d8:de:df:b0:
         51:66:02:b2:c9:71:a2:b6:3e:8d:e5:56:69:f2:07:9d:ff:04:
         f4:14:19:0b:c4:a2:26:95:ac:15:07:4a:3e:3d:32:84:fd:c3:
         a1:02:7c:4e:40:89:f1:f5:45:c2:56:a8:24:f8:c6:4e:66:45:
         69:0f:bf:b4:c5:82:e5:78:f2:ae:3c:e3:c9:2d:77:ff:57:86:
         1d:bd:8a:4a:b5:6a:ee:d4:4b:ec:1c:80:85:f9:0f:25:40:36:
         02:2c:92:5d:81:92:de:b9:0f:e6:c8:3e:40:cc:27:26:b3:b4:
         94:24:d9:9e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIkapYq7IN1X+sL/z5xWsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGJlZjdlZmE2NGVlODVmMzgwYmVmYzI0YzBhZDE0NjllYWY3ODlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2L8+topFUemHGzRGBCywqeGgXHny
Nua9ZBYuXI24ITjoLYAzac7ejkeEPPbW6BMZggX1GILNKy+IKDclX0T0R+9o+dr9
4fFWWCTEpHnVES6YBmSVMhl8Rebfsv1a2N+rGKQreixfvfAMLkTcQ6WNmH1KIBfd
Ryb3aREtpL8OwJEfO5M5J/XiCSyfiyP01wi3GphTYfhtFcdarYKPStCt82APH3Av
61hvfNJm2aD3C66+mVcZaCaWbTQUW+Wkm3qs7vN209cuBgJZEFBx/l2AxrW59KgO
ZPQHUlszjBOLs/N9zouujz2VRpAcaXeJguEJ+wzBUGjlt4QcfhdAvsfj7wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB2+9++mTuhfOAvvwkwK0Uaer3ifMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSGI3Mzc2Wk82Rjg0Qy1fQ1RBclJScDZ2ZUo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhDMRAEA
MA0GCSqGSIb3DQEBCwUAA4IBAQAIK9BiYC0mBFeSbG2zMC4lBqMURsN6yeIfvzd+
rnZ2xSdCF2BV98FXRc0Y/ALMqadt0fU2iQQOSSxxJHsuKt/mbQucI5ESgiv25lCv
f3nJkhQZthrQrHiPqELTQzbu/2Wha/0sSe3imND32tdp9EyVHNphW/xubnxqGffc
MahQTQ2YOJKK3a42yfrbAdje37BRZgKyyXGitj6N5VZp8ged/wT0FBkLxKImlawV
B0o+PTKE/cOhAnxOQInx9UXCVqgk+MZOZkVpD7+0xYLlePKuPOPJLXf/V4YdvYpK
tWru1EvsHICF+Q8lQDYCLJJdgZLeuQ/myD5AzCcms7SUJNme
-----END CERTIFICATE-----