Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/LgH2HWsoITLOZGFPhR_0sTBhHlQ.roa
File:                     LgH2HWsoITLOZGFPhR_0sTBhHlQ.roa (raw, json)
Hash identifier:          sdiR/KlCUuC02VdenJ2+1ryxnj4kFiOsjDMeDJhUVZE=
Subject key identifier:   2E:01:F6:1D:6B:28:21:32:CE:64:61:4F:85:1F:F4:B1:30:61:1E:54
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425222DF6673470453A76145B9591AEE8
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/LgH2HWsoITLOZGFPhR_0sTBhHlQ.roa
Signing time:             Thu 02 Jan 2025 03:49:44 +0000
ROA not before:           Thu 02 Jan 2025 03:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208454
IP address blocks:        2a10:cc44:1d0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:2d:f6:67:34:70:45:3a:76:14:5b:95:91:ae:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e01f61d6b282132ce64614f851ff4b130611e54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a6:e0:54:df:6e:ba:21:fe:4d:e9:55:3d:00:
                    6e:4e:6a:b4:8a:37:08:89:90:10:b2:14:31:ab:de:
                    33:22:4f:22:c1:f6:37:f5:b7:bb:39:c8:6c:5f:5d:
                    a9:83:9c:e7:77:c0:2a:9c:25:e1:5e:47:dd:21:fd:
                    ed:ae:6c:82:98:ad:b7:a1:b7:97:e7:f4:ca:ac:2f:
                    b5:66:d8:9b:ee:4c:93:7b:fd:75:8d:2e:7b:54:52:
                    86:8a:f4:18:9d:b8:12:57:17:ba:d5:a2:8a:a3:cb:
                    79:cc:64:cd:75:ec:2f:14:c7:59:7c:08:67:83:be:
                    56:84:aa:a0:05:ec:ac:ac:7c:66:11:63:3e:0e:43:
                    52:81:b9:2b:af:4c:fe:50:18:4e:30:af:7b:bd:b8:
                    a7:b6:e3:ad:98:0f:5c:e4:99:2f:ce:84:70:29:75:
                    7c:eb:0a:04:51:d3:15:c7:9c:e5:4e:7d:11:a5:e0:
                    a2:f9:19:3d:cf:a0:8e:6d:2c:91:f1:ad:07:9d:a7:
                    59:15:88:c5:43:1e:0d:34:b3:08:9a:54:41:8c:5b:
                    4d:c9:23:db:91:81:0e:f4:08:5f:6c:60:db:65:38:
                    12:8b:15:7e:3b:ba:d7:52:5f:cd:92:bb:ff:06:eb:
                    c0:7c:2d:be:50:9c:ba:1b:9a:77:4a:36:5e:f3:59:
                    9b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:01:F6:1D:6B:28:21:32:CE:64:61:4F:85:1F:F4:B1:30:61:1E:54
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/LgH2HWsoITLOZGFPhR_0sTBhHlQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:cc44:1d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         26:b8:99:0a:28:d4:6b:e9:fc:e6:5b:6d:c8:23:05:63:68:4c:
         0d:f8:88:7a:13:97:4b:c3:2b:ca:84:b0:0a:d3:22:33:ed:36:
         c5:7d:1d:2c:ef:10:08:1e:62:11:63:4b:6e:a3:4e:3e:00:77:
         b2:62:dc:11:02:9e:90:40:27:c6:cd:ca:e0:21:0c:e7:0d:9d:
         cf:fe:37:0c:f6:5f:02:eb:0a:9f:14:b6:8e:a9:5f:3c:1d:66:
         ea:d3:04:6e:bc:30:69:f5:e2:f4:d5:15:06:11:d3:8e:d1:2d:
         4d:9d:a8:05:ab:3e:33:a8:e4:a3:61:de:90:00:dd:89:f6:59:
         26:c4:99:bc:10:ab:45:61:bc:85:6c:98:ac:ba:ee:fe:97:5a:
         c7:5b:6d:36:a0:cd:74:36:44:27:98:30:5a:53:e8:c4:de:2a:
         20:ca:de:be:90:04:d6:22:07:45:d2:08:f3:4e:ff:e2:b5:f4:
         c9:4e:48:7f:ee:9f:bf:aa:72:95:bd:05:74:f6:5d:d7:e9:6d:
         48:e7:4b:96:a0:06:95:1d:e8:4c:8a:b8:42:d0:1a:61:69:2e:
         65:3d:ac:68:73:4b:4a:87:eb:32:8a:23:3d:e7:6e:59:bd:51:
         92:15:b2:d0:c7:7c:48:a9:56:d3:8c:9e:9c:c8:ee:73:af:b3:
         d7:cc:c5:d7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIi32ZzRwRTp2FFuVka7oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTAxZjYxZDZiMjgyMTMyY2U2NDYxNGY4NTFmZjRiMTMwNjExZTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKbgVN9uuiH+TelVPQBuTmq0ijcI
iZAQshQxq94zIk8iwfY39be7OchsX12pg5znd8AqnCXhXkfdIf3trmyCmK23obeX
5/TKrC+1Ztib7kyTe/11jS57VFKGivQYnbgSVxe61aKKo8t5zGTNdewvFMdZfAhn
g75WhKqgBeysrHxmEWM+DkNSgbkrr0z+UBhOMK97vbintuOtmA9c5JkvzoRwKXV8
6woEUdMVx5zlTn0RpeCi+Rk9z6CObSyR8a0HnadZFYjFQx4NNLMImlRBjFtNySPb
kYEO9AhfbGDbZTgSixV+O7rXUl/Nkrv/BuvAfC2+UJy6G5p3SjZe81mbNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC4B9h1rKCEyzmRhT4Uf9LEwYR5UMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTGdIMkhXc29JVExPWkdGUGhSXzBzVEJoSGxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhDMRAHQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAmuJkKKNRr6fzmW23IIwVjaEwN+Ih6E5dLwyvK
hLAK0yIz7TbFfR0s7xAIHmIRY0tuo04+AHeyYtwRAp6QQCfGzcrgIQznDZ3P/jcM
9l8C6wqfFLaOqV88HWbq0wRuvDBp9eL01RUGEdOO0S1NnagFqz4zqOSjYd6QAN2J
9lkmxJm8EKtFYbyFbJisuu7+l1rHW202oM10NkQnmDBaU+jE3iogyt6+kATWIgdF
0gjzTv/itfTJTkh/7p+/qnKVvQV09l3X6W1I50uWoAaVHehMirhC0BphaS5lPaxo
c0tKh+syiiM9525ZvVGSFbLQx3xIqVbTjJ6cyO5zr7PXzMXX
-----END CERTIFICATE-----