Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/LO2smYR840Q3tttF-RDT2F5Plew.roa
File:                     LO2smYR840Q3tttF-RDT2F5Plew.roa (raw, json)
Hash identifier:          aFwIWFgb7DSTkaltsZ7EfveHvqmlTC8xT1PaNympuyE=
Subject key identifier:   2C:ED:AC:99:84:7C:E3:44:37:B6:DB:45:F9:10:D3:D8:5E:4F:95:EC
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521C610F12FAF82712E9CB28FB898F3
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/LO2smYR840Q3tttF-RDT2F5Plew.roa
Signing time:             Thu 02 Jan 2025 03:49:17 +0000
ROA not before:           Thu 02 Jan 2025 03:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     17160
IP address blocks:        2a10:2f00:168::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:c6:10:f1:2f:af:82:71:2e:9c:b2:8f:b8:98:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2cedac99847ce34437b6db45f910d3d85e4f95ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:1f:2f:40:72:56:e0:06:8a:96:af:85:09:33:
                    bc:66:24:6e:d2:c4:a1:96:fe:84:bc:36:56:94:38:
                    d3:52:73:fd:cc:95:9e:8c:3f:94:74:da:79:a5:f9:
                    46:92:b0:72:f3:97:23:f7:f8:9d:70:6e:55:d7:ed:
                    14:b7:a6:a9:15:7c:6d:ae:ad:02:a9:08:f3:e2:e6:
                    8e:cb:d9:ff:3d:4d:0b:ab:b3:0f:e6:37:99:7b:9b:
                    49:fb:71:6c:79:ee:3f:50:13:a9:ac:f9:c8:02:26:
                    4a:31:b7:60:7e:dd:a3:28:39:ce:ab:e9:1e:1b:b9:
                    87:61:21:3d:93:0c:3c:fd:75:07:80:dd:59:b9:3a:
                    df:79:85:be:61:c1:6e:9f:71:a8:64:15:c1:3d:9d:
                    99:e1:dd:17:d9:98:5d:a6:ac:8c:d3:87:20:57:a1:
                    52:72:f8:a7:bf:0d:83:27:92:dc:c0:e8:fa:7a:48:
                    e8:94:f0:b6:28:b8:1b:e2:69:4b:58:cc:e1:87:d3:
                    aa:b5:a4:b9:a5:c5:21:e7:fe:71:39:38:e6:5a:31:
                    e0:78:09:fc:3c:29:d1:cb:06:0a:53:0b:85:c7:5a:
                    f5:3d:e0:d0:91:2e:32:b9:c5:f3:82:bf:b9:d5:59:
                    5b:5c:e6:f6:15:37:94:c4:fa:f5:bc:cc:b0:f6:6e:
                    48:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:ED:AC:99:84:7C:E3:44:37:B6:DB:45:F9:10:D3:D8:5E:4F:95:EC
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/LO2smYR840Q3tttF-RDT2F5Plew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:168::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:ea:a7:7f:04:a1:f0:b1:5a:7f:51:19:94:f0:c7:f7:59:28:
         f6:1d:36:9c:eb:b4:42:bc:45:23:13:7b:11:23:c8:f1:c1:27:
         7b:ed:8b:2f:a9:38:09:b7:a9:ad:d9:71:c8:ad:4f:9d:9c:04:
         4b:a5:6c:af:f4:56:48:9f:72:3a:f2:a9:c2:a0:bc:a5:c4:46:
         ae:89:c0:2e:26:00:21:30:b4:69:b5:2f:ef:af:ab:bc:40:e0:
         5b:3f:4b:e2:dd:89:fa:ac:cb:d2:d3:26:20:b7:8d:fb:14:5c:
         66:3a:1c:1d:fc:3b:37:ea:fa:4e:59:f2:8a:32:94:60:22:99:
         21:84:51:c3:23:73:da:be:5b:4f:72:c3:f7:67:d3:d8:fe:da:
         b9:be:96:d7:10:a0:f5:02:64:d4:85:37:a4:a2:0b:40:b6:44:
         0c:1f:ec:c3:3e:2f:8f:af:92:40:8c:0b:15:ed:d6:a3:f6:03:
         ed:60:ad:3b:00:c9:62:2e:7e:19:b9:83:7b:77:92:e3:51:b2:
         47:a9:1c:28:4d:d4:27:91:90:de:35:5e:03:13:82:f7:8c:ea:
         de:a7:9f:22:65:f6:c8:42:5b:83:28:03:63:bb:8d:d0:05:bf:
         a0:6d:30:ff:f8:25:10:fc:37:3a:6c:09:79:4b:0f:67:60:ae:
         01:55:02:bc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIcYQ8S+vgnEunLKPuJjzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2VkYWM5OTg0N2NlMzQ0MzdiNmRiNDVmOTEwZDNkODVlNGY5NWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArB8vQHJW4AaKlq+FCTO8ZiRu0sSh
lv6EvDZWlDjTUnP9zJWejD+UdNp5pflGkrBy85cj9/idcG5V1+0Ut6apFXxtrq0C
qQjz4uaOy9n/PU0Lq7MP5jeZe5tJ+3Fsee4/UBOprPnIAiZKMbdgft2jKDnOq+ke
G7mHYSE9kww8/XUHgN1ZuTrfeYW+YcFun3GoZBXBPZ2Z4d0X2ZhdpqyM04cgV6FS
cvinvw2DJ5LcwOj6ekjolPC2KLgb4mlLWMzhh9OqtaS5pcUh5/5xOTjmWjHgeAn8
PCnRywYKUwuFx1r1PeDQkS4yucXzgr+51VlbXOb2FTeUxPr1vMyw9m5IMQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCztrJmEfONEN7bbRfkQ09heT5XsMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTE8yc21ZUjg0MFEzdHR0Ri1SRFQyRjVQbGV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAFo
MA0GCSqGSIb3DQEBCwUAA4IBAQAc6qd/BKHwsVp/URmU8Mf3WSj2HTac67RCvEUj
E3sRI8jxwSd77YsvqTgJt6mt2XHIrU+dnARLpWyv9FZIn3I68qnCoLylxEauicAu
JgAhMLRptS/vr6u8QOBbP0vi3Yn6rMvS0yYgt437FFxmOhwd/Ds36vpOWfKKMpRg
IpkhhFHDI3PavltPcsP3Z9PY/tq5vpbXEKD1AmTUhTekogtAtkQMH+zDPi+Pr5JA
jAsV7daj9gPtYK07AMliLn4ZuYN7d5LjUbJHqRwoTdQnkZDeNV4DE4L3jOrep58i
ZfbIQluDKANju43QBb+gbTD/+CUQ/Dc6bAl5Sw9nYK4BVQK8
-----END CERTIFICATE-----