Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KWZCjdaG6dLGoaH9aIoBfTter5Q.roa
File:                     KWZCjdaG6dLGoaH9aIoBfTter5Q.roa (raw, json)
Hash identifier:          61hGV04QAcvi87MP5Y1203WbMtT9uMPRanQBbT78EDs=
Subject key identifier:   29:66:42:8D:D6:86:E9:D2:C6:A1:A1:FD:68:8A:01:7D:3B:5E:AF:94
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522435F4C516028BA0E56BFAC4C6CDD
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KWZCjdaG6dLGoaH9aIoBfTter5Q.roa
Signing time:             Thu 02 Jan 2025 03:49:49 +0000
ROA not before:           Thu 02 Jan 2025 03:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210662
IP address blocks:        2a10:cc47:1000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:43:5f:4c:51:60:28:ba:0e:56:bf:ac:4c:6c:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2966428dd686e9d2c6a1a1fd688a017d3b5eaf94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:3d:7c:da:2a:9e:65:06:84:36:ea:48:40:b0:
                    fe:16:22:e7:40:dd:73:4d:0e:07:cb:78:fc:52:e6:
                    0c:a3:5c:01:6e:ac:79:dd:93:c6:f3:8f:cc:ea:e7:
                    5a:ef:e0:30:af:05:ec:c6:eb:d1:9a:49:10:ce:0e:
                    f7:90:f5:2b:15:e8:41:f8:60:95:85:a7:5a:4e:e5:
                    cb:e4:74:c9:6b:f0:cc:9d:27:5b:3f:43:42:93:38:
                    73:13:e1:84:86:e8:8f:85:d7:a2:14:6a:5b:24:3a:
                    ca:f9:22:20:1b:26:2c:64:cd:30:9a:df:55:16:81:
                    36:dc:28:50:d9:60:db:3c:1f:17:d1:70:f0:bf:8b:
                    b4:a5:ce:e3:a9:93:97:2c:2a:39:d8:30:1f:a2:2e:
                    bc:f9:fc:56:8b:cf:0d:ee:fe:1c:5a:e8:68:b5:37:
                    aa:a6:f2:a2:9f:03:9f:de:1d:ff:c6:16:c2:7a:3b:
                    a3:5a:f4:4c:66:46:41:15:75:4c:39:e2:79:e7:55:
                    e7:b7:a3:e6:e7:4d:f7:fe:2d:d9:31:01:7e:3a:f0:
                    f9:28:a7:64:96:fb:9a:14:af:09:d5:fe:41:a7:97:
                    d8:57:fa:b0:ff:15:4a:6c:f2:6a:eb:2b:e5:11:a5:
                    e1:3d:1e:0e:f6:60:30:a3:57:07:a3:9e:e9:50:b1:
                    99:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:66:42:8D:D6:86:E9:D2:C6:A1:A1:FD:68:8A:01:7D:3B:5E:AF:94
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KWZCjdaG6dLGoaH9aIoBfTter5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:cc47:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         1c:d5:83:ec:77:24:7b:1d:af:8e:4b:e3:b8:12:f8:06:9f:dc:
         a3:e3:61:70:0d:0c:b9:a9:2c:50:13:c5:07:af:44:85:62:12:
         7b:80:c5:50:67:00:ed:db:bc:e6:dc:6b:c6:ba:4c:0c:c9:a9:
         3e:4b:85:92:86:a2:39:56:88:98:62:ff:cf:26:bd:88:72:78:
         e1:bb:6f:94:33:15:3d:d0:0a:64:9e:4b:ef:3f:6e:87:86:2a:
         d2:b2:6d:f5:01:94:6c:84:d2:a4:49:0c:94:56:db:ff:8c:22:
         63:43:94:05:8f:bd:ac:78:13:b4:bf:bc:f6:51:b7:64:66:a8:
         a6:ca:35:02:dd:e5:99:df:3a:90:46:37:46:92:ce:1d:74:6d:
         bb:ec:cd:74:d8:e0:41:cb:cd:a3:a9:b9:b6:a3:56:60:b2:c8:
         9f:38:ee:fd:8d:e8:1c:8c:9a:ea:c7:64:be:c9:6f:ee:6c:02:
         9a:cc:fc:c7:95:28:e6:a5:a9:43:e8:c3:3d:f2:c5:b2:30:b8:
         e2:7a:41:0d:bd:ba:b4:2e:6c:76:3a:ad:78:1a:5d:4d:30:52:
         12:e3:44:ec:53:3d:67:ab:db:29:02:2c:7e:ac:06:7b:33:af:
         fe:d9:48:79:8e:c0:cd:85:c6:6b:ca:bf:19:76:b6:e4:47:59:
         d8:e9:64:f3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQlIkNfTFFgKLoOVr+sTGzdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTY2NDI4ZGQ2ODZlOWQyYzZhMWExZmQ2ODhhMDE3ZDNiNWVhZjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2T182iqeZQaENupIQLD+FiLnQN1z
TQ4Hy3j8UuYMo1wBbqx53ZPG84/M6uda7+AwrwXsxuvRmkkQzg73kPUrFehB+GCV
hadaTuXL5HTJa/DMnSdbP0NCkzhzE+GEhuiPhdeiFGpbJDrK+SIgGyYsZM0wmt9V
FoE23ChQ2WDbPB8X0XDwv4u0pc7jqZOXLCo52DAfoi68+fxWi88N7v4cWuhotTeq
pvKinwOf3h3/xhbCejujWvRMZkZBFXVMOeJ551Xnt6Pm5033/i3ZMQF+OvD5KKdk
lvuaFK8J1f5Bp5fYV/qw/xVKbPJq6yvlEaXhPR4O9mAwo1cHo57pULGZ8wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFClmQo3WhunSxqGh/WiKAX07Xq+UMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvS1daQ2pkYUc2ZExHb2FIOWFJb0JmVHRlcjVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhDMRxAw
DQYJKoZIhvcNAQELBQADggEBABzVg+x3JHsdr45L47gS+Aaf3KPjYXANDLmpLFAT
xQevRIViEnuAxVBnAO3bvObca8a6TAzJqT5LhZKGojlWiJhi/88mvYhyeOG7b5Qz
FT3QCmSeS+8/boeGKtKybfUBlGyE0qRJDJRW2/+MImNDlAWPvax4E7S/vPZRt2Rm
qKbKNQLd5ZnfOpBGN0aSzh10bbvszXTY4EHLzaOpubajVmCyyJ847v2N6ByMmurH
ZL7Jb+5sAprM/MeVKOalqUPowz3yxbIwuOJ6QQ29urQubHY6rXgaXU0wUhLjROxT
PWer2ykCLH6sBnszr/7ZSHmOwM2FxmvKvxl2tuRHWdjpZPM=
-----END CERTIFICATE-----