Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Iz_VQ_mrAy63fECWIk8qEbzCyMI.roa
File:                     Iz_VQ_mrAy63fECWIk8qEbzCyMI.roa (raw, json)
Hash identifier:          iKAZb4oJvqDoEF/rS7PyBYQT7uMtbjWm6MugJVtIjww=
Subject key identifier:   23:3F:D5:43:F9:AB:03:2E:B7:7C:40:96:22:4F:2A:11:BC:C2:C8:C2
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0190C5EB5F67417AC5D966CBFD396F00863F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Iz_VQ_mrAy63fECWIk8qEbzCyMI.roa
Signing time:             Thu 18 Jul 2024 12:57:35 +0000
ROA not before:           Thu 18 Jul 2024 12:57:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214513
IP address blocks:        2a10:ccc3:ca70::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c5:eb:5f:67:41:7a:c5:d9:66:cb:fd:39:6f:00:86:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jul 18 12:57:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=233fd543f9ab032eb77c4096224f2a11bcc2c8c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b0:9c:e6:8c:07:0a:f5:30:29:93:28:fa:a8:
                    5d:91:54:4e:79:5e:b9:f7:11:5d:43:90:1f:9d:1a:
                    8e:9c:5c:78:c4:40:b0:e3:0c:24:b3:d5:0a:1b:ac:
                    28:22:c7:94:61:c0:95:04:41:72:cb:c5:4a:ef:ac:
                    11:0a:02:d2:6e:92:35:16:d0:0a:13:06:e4:6e:22:
                    8a:c8:bd:7e:4a:c9:5d:83:8b:7b:1e:a8:20:0c:3b:
                    fa:82:48:28:cd:cd:75:40:90:30:ab:65:47:90:24:
                    60:94:59:9f:73:58:e5:dd:8e:0b:d5:a5:84:b7:07:
                    21:91:27:2c:23:97:ae:87:c8:dc:de:61:af:0f:73:
                    ed:bd:ee:ad:81:0c:53:da:6c:ca:ca:d5:f9:ab:3e:
                    ea:d1:d3:14:24:8c:62:6c:46:93:77:15:a6:36:19:
                    a5:45:24:0c:45:fa:c7:2c:4e:d0:ab:5b:e6:ef:a1:
                    f0:4a:4b:33:41:d6:76:d4:31:2d:3c:4c:eb:48:1d:
                    3b:d2:cf:e1:5f:25:65:ae:be:86:fe:25:73:50:13:
                    a2:b4:79:cd:04:b8:87:fb:2d:16:87:22:10:dd:13:
                    70:61:84:8b:a1:bb:11:f7:04:67:7e:6b:fb:16:e2:
                    fd:db:cd:23:1a:d6:61:73:2b:18:b7:a4:84:2f:69:
                    cd:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:3F:D5:43:F9:AB:03:2E:B7:7C:40:96:22:4F:2A:11:BC:C2:C8:C2
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Iz_VQ_mrAy63fECWIk8qEbzCyMI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc3:ca70::/44

    Signature Algorithm: sha256WithRSAEncryption
         83:f2:03:32:56:e2:be:78:c7:ce:91:e5:1b:a0:33:53:5e:2c:
         e8:43:b3:60:87:29:b6:fb:d2:91:a3:32:31:5f:ec:ea:c7:64:
         b6:e2:f6:2d:a4:1b:43:2b:33:cc:1f:48:c0:70:4a:64:f8:ed:
         8f:31:54:d1:0d:f7:7b:34:f7:67:41:80:7f:15:dd:76:6a:5a:
         f1:4b:49:5b:5f:2c:c7:aa:18:d6:1d:7e:ea:65:fb:57:1a:ce:
         29:7c:6c:8c:51:c3:85:e5:e8:09:72:a1:6b:02:38:ed:af:81:
         f5:ce:bf:a2:60:a8:0a:d3:1a:8f:4e:87:78:7e:80:39:71:80:
         88:b5:f5:bb:33:2e:83:b3:82:6a:7b:fd:76:61:9b:f4:23:7d:
         d5:71:d8:da:d9:f2:f8:a1:85:ea:9f:df:25:7b:f8:f8:c9:ab:
         db:20:9a:ff:cc:4e:e2:ab:97:2f:e1:88:17:e0:49:53:a2:d5:
         6a:5d:4c:5e:18:64:a1:b7:69:77:5b:b7:f9:81:f9:0c:51:82:
         12:46:99:ce:ba:ac:d7:bd:4b:25:84:32:50:ab:05:d9:44:97:
         9a:c2:12:6f:0c:4f:c9:f1:af:c4:04:99:67:81:9b:fa:bb:39:
         6a:45:47:d4:3e:ae:28:3b:31:82:d0:d8:c6:ad:36:1b:5c:99:
         a6:52:0c:e4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZDF619nQXrF2WbL/TlvAIY/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNzE4MTI1NzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzNmZDU0M2Y5YWIwMzJlYjc3YzQwOTYyMjRmMmExMWJjYzJjOGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7Cc5owHCvUwKZMo+qhdkVROeV65
9xFdQ5AfnRqOnFx4xECw4wwks9UKG6woIseUYcCVBEFyy8VK76wRCgLSbpI1FtAK
EwbkbiKKyL1+Ssldg4t7HqggDDv6gkgozc11QJAwq2VHkCRglFmfc1jl3Y4L1aWE
twchkScsI5euh8jc3mGvD3Ptve6tgQxT2mzKytX5qz7q0dMUJIxibEaTdxWmNhml
RSQMRfrHLE7Qq1vm76HwSkszQdZ21DEtPEzrSB070s/hXyVlrr6G/iVzUBOitHnN
BLiH+y0WhyIQ3RNwYYSLobsR9wRnfmv7FuL9280jGtZhcysYt6SEL2nNwQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCM/1UP5qwMut3xAliJPKhG8wsjCMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSXpfVlFfbXJBeTYzZkVDV0lrOHFFYnpDeU1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhDMw8pw
MA0GCSqGSIb3DQEBCwUAA4IBAQCD8gMyVuK+eMfOkeUboDNTXizoQ7Nghym2+9KR
ozIxX+zqx2S24vYtpBtDKzPMH0jAcEpk+O2PMVTRDfd7NPdnQYB/Fd12alrxS0lb
XyzHqhjWHX7qZftXGs4pfGyMUcOF5egJcqFrAjjtr4H1zr+iYKgK0xqPTod4foA5
cYCItfW7My6Ds4Jqe/12YZv0I33Vcdja2fL4oYXqn98le/j4yavbIJr/zE7iq5cv
4YgX4ElTotVqXUxeGGSht2l3W7f5gfkMUYISRpnOuqzXvUslhDJQqwXZRJeawhJv
DE/J8a/EBJlngZv6uzlqRUfUPq4oOzGC0NjGrTYbXJmmUgzk
-----END CERTIFICATE-----