Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/IxXwCPFIRosfpNizGcuJ3WDVIK8.roa
File:                     IxXwCPFIRosfpNizGcuJ3WDVIK8.roa (raw, json)
Hash identifier:          XDCfErvYIBx1NaItbmBcc7CH0y82gBIbUOBgcYRzAkk=
Subject key identifier:   23:15:F0:08:F1:48:46:8B:1F:A4:D8:B3:19:CB:89:DD:60:D5:20:AF
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522283287509082637153801CF59BC5
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/IxXwCPFIRosfpNizGcuJ3WDVIK8.roa
Signing time:             Thu 02 Jan 2025 03:49:43 +0000
ROA not before:           Thu 02 Jan 2025 03:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207650
IP address blocks:        2a10:2f00:109::/48 maxlen: 48
                          2a10:cc40:160::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:28:32:87:50:90:82:63:71:53:80:1c:f5:9b:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2315f008f148468b1fa4d8b319cb89dd60d520af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e6:bf:92:63:6e:b4:b5:c4:db:ee:37:e1:b9:
                    31:8a:d5:2d:2a:6f:f1:6b:56:e7:bc:15:02:c8:51:
                    17:3a:65:1a:02:ff:57:fb:95:03:5a:30:30:4a:17:
                    f1:db:53:6d:4e:7a:d2:56:05:e6:e5:23:df:df:96:
                    32:73:dd:0d:36:e2:63:83:24:26:96:df:f7:3a:4d:
                    0f:c8:36:f0:86:c2:a0:13:e9:dd:6c:e7:72:b9:07:
                    e7:d1:0a:cb:a1:68:b1:79:0d:14:a1:95:97:e1:53:
                    fb:3b:11:e6:7e:be:e0:e8:7a:f0:e5:7e:a1:44:71:
                    28:a8:c4:c9:01:84:8d:98:df:df:aa:7c:02:b9:7b:
                    ca:6d:2c:b0:fe:cc:49:f3:98:45:d2:e3:0a:2c:fa:
                    fc:dc:c8:6f:0c:26:14:f1:a1:bb:46:26:ff:23:05:
                    ec:a8:d4:80:33:4a:06:9d:1b:84:6b:92:31:2c:5c:
                    da:06:a1:6f:e5:3c:aa:f7:58:2f:2b:9d:8b:18:7c:
                    2b:b4:51:af:42:61:c6:32:6f:47:ed:ec:c2:1f:b7:
                    7f:0d:65:2e:51:6b:62:87:0f:23:f1:a8:b9:e4:ed:
                    03:ad:7d:a1:da:80:90:d8:26:2e:58:3a:04:fc:93:
                    80:9a:26:2c:e1:cc:b4:54:17:f8:4c:b5:c1:0a:42:
                    ce:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:15:F0:08:F1:48:46:8B:1F:A4:D8:B3:19:CB:89:DD:60:D5:20:AF
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/IxXwCPFIRosfpNizGcuJ3WDVIK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:109::/48
                  2a10:cc40:160::/44

    Signature Algorithm: sha256WithRSAEncryption
         16:4b:91:e6:63:5a:be:9d:9d:0b:25:a6:a5:ed:c2:52:80:10:
         ec:e5:bd:2a:ee:6e:06:c0:a6:62:19:a5:8e:f3:fc:c7:39:44:
         4f:c0:86:d9:2b:33:81:48:bc:e5:c7:35:73:6b:4b:a5:d9:7a:
         4c:fe:62:da:66:09:5d:98:66:6b:ca:69:a2:66:ca:12:bb:6f:
         68:3b:25:c5:e8:a4:0b:b3:08:ec:20:4b:da:60:be:ca:64:e2:
         27:be:dd:1d:1d:1b:26:c0:d3:e8:1b:79:3a:55:fb:24:7d:bd:
         ad:75:71:9a:23:3c:34:48:ce:d7:44:d4:5d:7b:50:5e:6b:40:
         61:cc:c4:ee:e6:92:2f:86:39:f0:66:3d:7f:b5:9c:05:fb:19:
         e6:43:f0:75:54:be:97:74:c3:18:97:84:e0:9e:16:ec:37:12:
         87:ad:cb:b0:d3:c6:dd:df:75:3a:96:49:c9:19:95:6a:5c:61:
         6b:41:3d:b5:ce:45:58:e1:34:d7:3e:f0:51:71:a7:bd:6b:75:
         ff:51:09:f6:08:88:e1:83:c2:a4:e7:90:53:93:c3:d9:74:93:
         9d:7e:94:a3:16:d4:0c:54:b2:6e:9d:6d:c9:1e:32:76:45:f4:
         74:5a:f8:e5:32:26:7b:60:42:45:6e:eb:1b:25:d5:fc:70:f4:
         9a:57:de:22
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIigyh1CQgmNxU4Ac9ZvFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzE1ZjAwOGYxNDg0NjhiMWZhNGQ4YjMxOWNiODlkZDYwZDUyMGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+a/kmNutLXE2+434bkxitUtKm/x
a1bnvBUCyFEXOmUaAv9X+5UDWjAwShfx21NtTnrSVgXm5SPf35Yyc90NNuJjgyQm
lt/3Ok0PyDbwhsKgE+ndbOdyuQfn0QrLoWixeQ0UoZWX4VP7OxHmfr7g6Hrw5X6h
RHEoqMTJAYSNmN/fqnwCuXvKbSyw/sxJ85hF0uMKLPr83MhvDCYU8aG7Rib/IwXs
qNSAM0oGnRuEa5IxLFzaBqFv5Tyq91gvK52LGHwrtFGvQmHGMm9H7ezCH7d/DWUu
UWtihw8j8ai55O0DrX2h2oCQ2CYuWDoE/JOAmiYs4cy0VBf4TLXBCkLOIQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCMV8AjxSEaLH6TYsxnLid1g1SCvMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSXhYd0NQRklSb3NmcE5pekdjdUozV0RWSUs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhAvAAEJ
AwcEKhDMQAFgMA0GCSqGSIb3DQEBCwUAA4IBAQAWS5HmY1q+nZ0LJaal7cJSgBDs
5b0q7m4GwKZiGaWO8/zHOURPwIbZKzOBSLzlxzVza0ul2XpM/mLaZgldmGZrymmi
ZsoSu29oOyXF6KQLswjsIEvaYL7KZOInvt0dHRsmwNPoG3k6Vfskfb2tdXGaIzw0
SM7XRNRde1Bea0BhzMTu5pIvhjnwZj1/tZwF+xnmQ/B1VL6XdMMYl4TgnhbsNxKH
rcuw08bd33U6lknJGZVqXGFrQT21zkVY4TTXPvBRcae9a3X/UQn2CIjhg8Kk55BT
k8PZdJOdfpSjFtQMVLJunW3JHjJ2RfR0WvjlMiZ7YEJFbusbJdX8cPSaV94i
-----END CERTIFICATE-----