Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Hdl9f_WY9idRzyMX53n4N6tVapw.roa
File:                     Hdl9f_WY9idRzyMX53n4N6tVapw.roa (raw, json)
Hash identifier:          MUqCgULR57n2yp+lPBMW6Vp986+uQdYpdkM38i2luo0=
Subject key identifier:   1D:D9:7D:7F:F5:98:F6:27:51:CF:23:17:E7:79:F8:37:AB:55:6A:9C
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01954D5AF0A98F4007E7EFB91451FD13AC85
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Hdl9f_WY9idRzyMX53n4N6tVapw.roa
Signing time:             Fri 28 Feb 2025 16:19:20 +0000
ROA not before:           Fri 28 Feb 2025 16:19:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213527
IP address blocks:        2a10:cc40:230::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:4d:5a:f0:a9:8f:40:07:e7:ef:b9:14:51:fd:13:ac:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb 28 16:19:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1dd97d7ff598f62751cf2317e779f837ab556a9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:70:93:1e:90:4e:70:70:90:78:eb:34:62:c3:
                    b9:22:c3:b2:d9:e7:a6:ed:cc:56:df:31:04:25:e5:
                    fc:79:2a:9e:ae:8b:fc:47:ad:9d:ea:eb:4a:09:ad:
                    55:ee:a1:1b:6f:11:01:12:18:42:17:13:6b:4e:e1:
                    2a:a7:30:aa:59:a3:21:c6:c6:bd:6b:24:d9:e4:79:
                    ed:8f:21:b1:ae:13:b3:0f:35:81:37:21:a5:e8:0f:
                    2a:97:c5:de:55:10:2d:73:16:f7:75:ff:f3:11:2a:
                    d5:9e:c5:c4:35:a2:39:d7:79:6f:87:7c:6c:e8:2e:
                    08:88:56:ee:dc:18:5d:73:2b:a1:03:f7:0b:3d:18:
                    96:3c:be:f6:9e:39:30:2d:89:65:d5:51:57:dd:af:
                    05:0c:43:1b:ca:5f:e9:a0:b9:ac:85:f5:fc:75:77:
                    f5:1f:3f:60:a7:02:10:84:47:81:55:59:f3:64:14:
                    3f:bd:cd:7d:03:7f:46:7f:1a:9d:bd:07:06:ba:a2:
                    f6:64:2f:35:c5:84:40:90:94:39:c1:5c:2b:5a:c4:
                    09:72:27:ef:99:62:ad:a7:10:80:a8:bf:fd:dd:7c:
                    e7:3e:93:25:2a:db:32:51:d8:4d:17:4c:80:c9:8e:
                    12:c5:6f:c0:8f:4e:b3:b2:06:7a:00:da:45:1e:bc:
                    5b:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:D9:7D:7F:F5:98:F6:27:51:CF:23:17:E7:79:F8:37:AB:55:6A:9C
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Hdl9f_WY9idRzyMX53n4N6tVapw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:cc40:230::/44

    Signature Algorithm: sha256WithRSAEncryption
         21:44:f3:c8:c9:4c:4b:63:a8:92:7b:38:90:90:35:65:e3:96:
         08:02:d5:3d:26:a1:43:11:7c:e0:92:f7:87:91:f4:ac:e0:41:
         84:78:95:25:76:45:68:5a:d4:54:d6:fa:85:2a:25:55:ae:16:
         db:20:43:a0:1b:66:8d:2a:10:95:0e:e2:a3:b0:f1:5e:af:fe:
         5c:76:8b:3d:cb:f5:ef:8b:54:ba:ac:66:52:b4:7e:97:de:a8:
         43:40:03:69:cd:6a:46:e7:d7:4a:b6:04:20:e5:40:9c:d9:f9:
         1d:20:82:e1:87:81:5c:d3:53:25:ec:7c:39:e5:e8:5f:06:43:
         34:11:ac:e6:15:df:2c:bd:f3:d3:47:b3:f9:9c:32:4f:73:6b:
         7b:1b:a4:0c:fe:0a:1f:2f:b8:fc:71:96:ea:1b:8c:51:9d:c8:
         b3:64:9b:4b:41:a3:a3:70:af:bc:31:26:77:dc:a6:4c:02:db:
         f1:c6:7e:70:ca:74:c1:81:50:72:4e:e3:f2:e9:d0:71:22:64:
         c6:79:ff:38:29:5e:37:2e:25:0b:e7:8f:60:c4:19:b7:34:6e:
         df:a6:2e:e9:90:a9:5d:f5:72:7c:e9:2b:17:7a:fe:41:38:3d:
         a8:f9:13:39:4b:b0:8b:ce:eb:92:be:40:b7:89:25:82:76:61:
         cb:71:83:9d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZVNWvCpj0AH5++5FFH9E6yFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMjI4MTYxOTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGQ5N2Q3ZmY1OThmNjI3NTFjZjIzMTdlNzc5ZjgzN2FiNTU2YTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0XCTHpBOcHCQeOs0YsO5IsOy2eem
7cxW3zEEJeX8eSqerov8R62d6utKCa1V7qEbbxEBEhhCFxNrTuEqpzCqWaMhxsa9
ayTZ5HntjyGxrhOzDzWBNyGl6A8ql8XeVRAtcxb3df/zESrVnsXENaI513lvh3xs
6C4IiFbu3BhdcyuhA/cLPRiWPL72njkwLYll1VFX3a8FDEMbyl/poLmshfX8dXf1
Hz9gpwIQhEeBVVnzZBQ/vc19A39GfxqdvQcGuqL2ZC81xYRAkJQ5wVwrWsQJcifv
mWKtpxCAqL/93XznPpMlKtsyUdhNF0yAyY4SxW/Aj06zsgZ6ANpFHrxbqQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB3ZfX/1mPYnUc8jF+d5+DerVWqcMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSGRsOWZfV1k5aWRSenlNWDUzbjRONnRWYXB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhDMQAIw
MA0GCSqGSIb3DQEBCwUAA4IBAQAhRPPIyUxLY6iSeziQkDVl45YIAtU9JqFDEXzg
kveHkfSs4EGEeJUldkVoWtRU1vqFKiVVrhbbIEOgG2aNKhCVDuKjsPFer/5cdos9
y/Xvi1S6rGZStH6X3qhDQANpzWpG59dKtgQg5UCc2fkdIILhh4Fc01Ml7Hw55ehf
BkM0EazmFd8svfPTR7P5nDJPc2t7G6QM/gofL7j8cZbqG4xRncizZJtLQaOjcK+8
MSZ33KZMAtvxxn5wynTBgVByTuPy6dBxImTGef84KV43LiUL549gxBm3NG7fpi7p
kKld9XJ86SsXev5BOD2o+RM5S7CLzuuSvkC3iSWCdmHLcYOd
-----END CERTIFICATE-----