Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/LhZzKKyekLeOFPH963-9iypffsk.roa
File:                     LhZzKKyekLeOFPH963-9iypffsk.roa (raw, json)
Hash identifier:          yO64pfUd3AwUfkId5liL7+408knWw25Oatp4ctjtz9o=
Subject key identifier:   2E:16:73:28:AC:9E:90:B7:8E:14:F1:FD:EB:7F:BD:8B:2A:5F:7E:C9
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018D36237DEA557AF242C3D5D17C713CBF53
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/LhZzKKyekLeOFPH963-9iypffsk.roa
Signing time:             Tue 23 Jan 2024 11:45:12 +0000
ROA not before:           Tue 23 Jan 2024 11:45:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207994
IP address blocks:        2a10:cc40:ff00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:36:23:7d:ea:55:7a:f2:42:c3:d5:d1:7c:71:3c:bf:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan 23 11:45:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e167328ac9e90b78e14f1fdeb7fbd8b2a5f7ec9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:b5:eb:d6:6c:8a:be:dd:27:17:02:48:f3:20:
                    fe:c4:1d:c9:d2:40:95:1e:8b:f6:41:bf:62:5b:54:
                    f5:a6:5c:16:9c:aa:26:07:40:3d:04:a9:b0:af:c1:
                    03:2e:e6:b7:3d:a7:36:4a:71:15:04:4f:14:0d:0a:
                    09:33:e1:d6:ba:5e:f1:4c:e3:24:61:ed:93:23:8e:
                    4e:87:8b:05:84:39:44:83:dd:d0:ec:c3:5b:2d:6f:
                    6d:4c:30:2c:9a:e8:34:96:b0:cd:33:b5:da:43:c6:
                    90:77:29:56:38:2e:4a:b2:c2:3b:66:8b:8c:25:32:
                    2a:bd:c4:a1:50:f5:49:6e:0c:dd:19:4f:11:42:e6:
                    f1:32:22:ad:3f:2d:23:ac:34:f6:cb:6d:12:c9:7b:
                    03:ba:83:10:71:53:63:24:54:b6:42:65:8c:61:d3:
                    74:c2:6a:3f:87:7e:42:59:74:68:4a:85:12:ce:e8:
                    53:1a:65:8f:60:62:95:c9:69:c3:71:a1:7d:d8:51:
                    35:b7:5c:8b:32:0f:8d:9f:91:1c:5d:fa:84:ff:4a:
                    55:d5:20:5b:bd:a0:78:5b:dc:8d:94:b9:eb:e8:65:
                    15:29:79:84:74:70:06:29:73:69:61:29:ba:ac:5c:
                    51:68:55:3f:4f:56:5a:15:46:a0:c1:a7:eb:af:e2:
                    80:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:16:73:28:AC:9E:90:B7:8E:14:F1:FD:EB:7F:BD:8B:2A:5F:7E:C9
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/LhZzKKyekLeOFPH963-9iypffsk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:cc40:ff00::/40

    Signature Algorithm: sha256WithRSAEncryption
         55:53:55:32:2f:74:14:60:cc:ac:30:21:6b:6a:25:37:6f:66:
         7d:51:fa:6b:a9:92:c2:f8:5e:9b:93:bd:4e:18:3e:ec:2e:6c:
         59:38:01:28:e6:c4:69:a7:bb:d0:52:3b:82:f3:b2:0c:76:e2:
         3d:36:6d:5c:ec:80:f3:46:99:e6:a9:69:77:11:b9:58:8a:cc:
         59:e4:ae:2b:9e:f0:94:50:6d:74:f4:44:15:71:ba:15:bf:7d:
         57:45:0f:00:10:93:20:0a:e5:42:16:d7:b1:2c:e8:1b:3c:c8:
         82:0c:76:8c:8e:47:f4:eb:75:be:20:2d:31:3d:fa:d7:38:26:
         b1:94:ea:59:6e:4b:bc:60:7e:b7:25:a0:2d:b8:81:91:1b:4a:
         98:23:50:bc:fc:c8:15:40:fb:7c:38:b9:67:cd:52:81:92:cd:
         cd:31:8a:48:65:da:bd:9f:7f:a5:44:a5:dd:10:6e:b3:85:1c:
         99:70:09:4c:fb:db:3d:1c:e5:3a:a6:39:7f:fe:e9:90:1f:97:
         6c:15:e6:ac:a9:7b:51:8f:02:55:cb:8c:85:ae:0f:0e:6e:b9:
         e3:bc:67:f7:ae:d3:99:dc:6f:a5:0f:d9:ee:cd:ba:68:bb:32:
         9a:11:14:f3:2b:c7:82:13:ea:4e:4d:53:30:0f:d3:72:2d:0c:
         63:48:d6:88
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY02I33qVXryQsPV0XxxPL9TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTIzMTE0NTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTE2NzMyOGFjOWU5MGI3OGUxNGYxZmRlYjdmYmQ4YjJhNWY3ZWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0LXr1myKvt0nFwJI8yD+xB3J0kCV
Hov2Qb9iW1T1plwWnKomB0A9BKmwr8EDLua3Pac2SnEVBE8UDQoJM+HWul7xTOMk
Ye2TI45Oh4sFhDlEg93Q7MNbLW9tTDAsmug0lrDNM7XaQ8aQdylWOC5KssI7ZouM
JTIqvcShUPVJbgzdGU8RQubxMiKtPy0jrDT2y20SyXsDuoMQcVNjJFS2QmWMYdN0
wmo/h35CWXRoSoUSzuhTGmWPYGKVyWnDcaF92FE1t1yLMg+Nn5EcXfqE/0pV1SBb
vaB4W9yNlLnr6GUVKXmEdHAGKXNpYSm6rFxRaFU/T1ZaFUagwafrr+KAfQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFC4WcyisnpC3jhTx/et/vYsqX37JMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTGhaektLeWVrTGVPRlBIOTYzLTlpeXBmZnNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhDMQP8w
DQYJKoZIhvcNAQELBQADggEBAFVTVTIvdBRgzKwwIWtqJTdvZn1R+mupksL4XpuT
vU4YPuwubFk4ASjmxGmnu9BSO4Lzsgx24j02bVzsgPNGmeapaXcRuViKzFnkriue
8JRQbXT0RBVxuhW/fVdFDwAQkyAK5UIW17Es6Bs8yIIMdoyOR/Trdb4gLTE9+tc4
JrGU6lluS7xgfrcloC24gZEbSpgjULz8yBVA+3w4uWfNUoGSzc0xikhl2r2ff6VE
pd0QbrOFHJlwCUz72z0c5TqmOX/+6ZAfl2wV5qype1GPAlXLjIWuDw5uueO8Z/eu
05ncb6UP2e7Numi7MpoRFPMrx4IT6k5NUzAP03ItDGNI1og=
-----END CERTIFICATE-----