Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OipoN2A056Zg4H0qCXK-4E99Sjg.roa
File:                     OipoN2A056Zg4H0qCXK-4E99Sjg.roa (raw, json)
Hash identifier:          6sMpCH9P7n9AMaNuNUpsqFDe1pBlUnlhhErrz8fp8VA=
Subject key identifier:   3A:2A:68:37:60:34:E7:A6:60:E0:7D:2A:09:72:BE:E0:4F:7D:4A:38
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018EC2D798C866143A69ECF3B2D01B717C82
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OipoN2A056Zg4H0qCXK-4E99Sjg.roa
Signing time:             Tue 09 Apr 2024 12:31:32 +0000
ROA not before:           Tue 09 Apr 2024 12:31:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212248
IP address blocks:        2a10:ccc1:108::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c2:d7:98:c8:66:14:3a:69:ec:f3:b2:d0:1b:71:7c:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr  9 12:31:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a2a68376034e7a660e07d2a0972bee04f7d4a38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:9d:83:37:5f:80:c6:83:2b:70:fb:00:60:4d:
                    cc:85:26:3d:b1:7f:e8:74:af:7b:38:67:c7:ef:8c:
                    38:ad:89:61:a7:42:cd:0b:c8:fd:a8:c2:44:59:88:
                    40:de:3f:86:6b:a8:0c:77:9a:4f:1e:b8:2a:1b:69:
                    c7:21:88:b3:67:01:a7:4c:91:75:ad:12:76:b9:ab:
                    ef:f2:9a:f5:7b:f0:c5:8f:44:e2:b2:cb:03:da:6d:
                    b5:c6:b0:83:9f:6f:13:de:ea:c3:d8:9d:84:ee:bd:
                    a2:ba:45:2e:f9:df:1c:05:41:af:bb:6e:3c:c6:9a:
                    46:14:17:aa:d5:da:ae:1e:59:2d:52:b8:55:45:2b:
                    cc:aa:8f:90:79:16:51:cf:4f:ea:9c:33:0f:ee:19:
                    2a:5b:50:84:d9:bc:97:cd:78:06:45:5c:cb:8e:fa:
                    55:7e:1b:5a:2b:11:0a:fc:32:bf:09:99:5c:16:1f:
                    d0:8e:06:3e:ef:19:8b:7b:05:70:45:66:f2:52:b9:
                    ec:9a:b7:ff:21:21:80:b7:4b:b6:98:54:18:3e:c1:
                    12:40:cb:75:ae:76:73:43:78:9a:1f:24:b1:1c:e2:
                    56:5c:ee:b7:4c:59:6a:ca:eb:2c:47:93:0e:dc:5c:
                    bf:9f:ac:5d:2b:e7:92:2e:ea:63:58:a6:c4:d5:ad:
                    2e:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:2A:68:37:60:34:E7:A6:60:E0:7D:2A:09:72:BE:E0:4F:7D:4A:38
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OipoN2A056Zg4H0qCXK-4E99Sjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc1:108::/48

    Signature Algorithm: sha256WithRSAEncryption
         ca:f7:f3:b2:05:3e:fa:4a:2a:72:24:9b:f8:9b:de:b5:33:2a:
         a9:17:c1:27:3b:36:5e:f7:a0:99:46:66:a3:6d:92:4e:c0:3f:
         0b:b2:c2:bc:aa:fc:b8:50:8e:c8:5c:81:d8:d5:95:7c:e4:c4:
         71:b4:6e:d0:6d:b3:f5:43:1f:f4:f5:88:7e:31:ea:aa:77:a3:
         68:be:1c:cf:3e:f7:ba:49:52:92:d6:0d:58:77:05:a9:84:4d:
         c8:08:31:d9:70:92:7b:9b:34:ed:65:fe:e2:db:f3:7d:bd:40:
         ae:27:a8:6e:5f:7c:a0:e3:36:bd:bf:47:4f:87:e0:c2:96:57:
         09:6c:97:03:05:34:18:fe:55:c1:0c:be:f3:92:14:1c:25:40:
         97:b4:82:ab:2c:6b:df:cc:21:e4:3d:d4:97:d5:ff:15:13:a8:
         07:a5:fa:a9:a3:ad:ed:ad:98:5a:8c:03:57:df:60:ad:60:8c:
         86:be:55:73:fd:69:7f:9e:48:95:df:a4:9b:a0:b3:98:af:fe:
         8b:46:11:df:bf:0b:75:42:8a:42:4d:30:a8:e4:af:b8:7e:48:
         91:b4:a8:74:fe:ab:ad:1c:d8:3a:81:0e:3c:df:6b:9e:b7:30:
         f8:f5:ee:82:05:bb:8e:6a:7d:5c:69:33:1f:a3:b1:82:ca:27:
         1d:97:9a:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY7C15jIZhQ6aezzstAbcXyCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNDA5MTIzMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTJhNjgzNzYwMzRlN2E2NjBlMDdkMmEwOTcyYmVlMDRmN2Q0YTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmp2DN1+AxoMrcPsAYE3MhSY9sX/o
dK97OGfH74w4rYlhp0LNC8j9qMJEWYhA3j+Ga6gMd5pPHrgqG2nHIYizZwGnTJF1
rRJ2uavv8pr1e/DFj0TisssD2m21xrCDn28T3urD2J2E7r2iukUu+d8cBUGvu248
xppGFBeq1dquHlktUrhVRSvMqo+QeRZRz0/qnDMP7hkqW1CE2byXzXgGRVzLjvpV
fhtaKxEK/DK/CZlcFh/QjgY+7xmLewVwRWbyUrnsmrf/ISGAt0u2mFQYPsESQMt1
rnZzQ3iaHySxHOJWXO63TFlqyussR5MO3Fy/n6xdK+eSLupjWKbE1a0uKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDoqaDdgNOemYOB9KglyvuBPfUo4MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvT2lwb04yQTA1NlpnNEgwcUNYSy00RTk5U2pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhDMwQEI
MA0GCSqGSIb3DQEBCwUAA4IBAQDK9/OyBT76SipyJJv4m961MyqpF8EnOzZe96CZ
RmajbZJOwD8LssK8qvy4UI7IXIHY1ZV85MRxtG7QbbP1Qx/09Yh+Meqqd6NovhzP
Pve6SVKS1g1YdwWphE3ICDHZcJJ7mzTtZf7i2/N9vUCuJ6huX3yg4za9v0dPh+DC
llcJbJcDBTQY/lXBDL7zkhQcJUCXtIKrLGvfzCHkPdSX1f8VE6gHpfqpo63trZha
jANX32CtYIyGvlVz/Wl/nkiV36SboLOYr/6LRhHfvwt1QopCTTCo5K+4fkiRtKh0
/qutHNg6gQ4832uetzD49e6CBbuOan1caTMfo7GCyicdl5qC
-----END CERTIFICATE-----