Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OxQtPG53eKQXGu1ZvrK6yOIsBXY.roa
File:                     OxQtPG53eKQXGu1ZvrK6yOIsBXY.roa (raw, json)
Hash identifier:          Z9e7RhXfUPQOqQfj+3bM7/dOZ/AXCk+A1muvWS13b1M=
Subject key identifier:   3B:14:2D:3C:6E:77:78:A4:17:1A:ED:59:BE:B2:BA:C8:E2:2C:05:76
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425223242E9A86BEEA643D77631E35B25
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OxQtPG53eKQXGu1ZvrK6yOIsBXY.roa
Signing time:             Thu 02 Jan 2025 03:49:45 +0000
ROA not before:           Thu 02 Jan 2025 03:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208893
IP address blocks:        2a10:2f00:17d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:32:42:e9:a8:6b:ee:a6:43:d7:76:31:e3:5b:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b142d3c6e7778a4171aed59beb2bac8e22c0576
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:cc:b3:73:44:59:fe:37:a9:55:d8:a4:32:fb:
                    d6:5d:92:3f:15:11:87:a0:40:34:f8:80:eb:cd:00:
                    60:3b:db:e2:2b:2e:f1:4f:eb:ee:85:3f:29:ec:77:
                    4a:e4:44:ef:87:8f:22:90:ca:c1:fa:4e:ff:59:44:
                    a6:df:66:59:3b:ba:47:53:85:02:11:7c:ee:bc:6d:
                    7e:14:b3:13:74:1d:1f:50:04:10:29:cb:11:ff:9f:
                    20:6d:6b:48:78:48:2c:1f:2b:11:65:78:cd:9b:60:
                    55:6d:65:ad:bc:25:79:53:16:7b:8b:6c:c3:14:ea:
                    9f:1a:f4:b7:31:85:3a:a5:41:4d:c5:99:78:6e:71:
                    82:63:a7:94:7b:b2:92:c7:10:9f:dc:ab:74:be:20:
                    3f:e9:6f:6c:43:3a:6b:08:06:b6:13:91:86:1d:d4:
                    06:47:cf:ed:d0:fc:f7:8d:44:53:7f:ec:72:45:c7:
                    0f:91:9c:18:af:da:a9:75:e4:6b:70:ca:00:1c:c6:
                    60:26:4b:8d:f3:65:a7:9a:4e:af:0e:30:12:7b:0f:
                    ff:91:d1:d2:6c:91:7f:45:a8:c5:c8:4f:ec:43:9f:
                    67:3d:88:02:18:32:c9:f2:76:f2:15:af:e5:20:2c:
                    3e:5c:b2:13:19:09:81:3a:66:04:a1:82:71:bd:8c:
                    b9:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:14:2D:3C:6E:77:78:A4:17:1A:ED:59:BE:B2:BA:C8:E2:2C:05:76
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OxQtPG53eKQXGu1ZvrK6yOIsBXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:17d::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:24:15:75:60:75:42:a6:24:b7:17:f4:a5:eb:c8:4b:21:ce:
         22:f1:27:f1:08:8e:84:04:50:06:88:5c:ae:f9:34:00:8b:16:
         67:45:86:11:30:4e:86:cb:f8:1c:b5:68:ba:d9:9d:e9:b7:d2:
         1e:71:13:71:76:8c:bd:9c:4a:57:05:ea:5b:a3:7b:91:63:a1:
         60:0a:f0:35:c2:aa:5b:b9:6d:2c:91:f4:2c:2b:e0:d3:07:5d:
         88:fa:17:00:82:44:b4:78:c0:5a:91:7a:7e:5a:fb:e5:8b:25:
         62:0e:1c:cc:fc:f6:34:1e:6b:e9:ea:3e:a3:f4:1d:a5:c1:bb:
         30:ed:0a:b0:84:5b:4b:86:e6:16:0d:4b:89:38:30:c6:4f:ea:
         9a:3b:d2:f1:41:c1:65:06:27:74:d5:93:55:4b:98:6f:88:53:
         75:67:f9:d3:99:3e:96:1f:fe:91:36:8a:f0:c2:9f:35:18:b9:
         84:b9:14:33:f4:46:25:50:0f:cb:1a:69:19:9b:ab:38:d7:39:
         e8:b6:12:00:ba:7b:9f:e1:c2:66:99:7f:7e:56:fa:84:d3:a5:
         92:8f:ed:d0:58:d6:6b:6f:33:86:84:1b:67:d4:dc:dc:0d:83:
         e4:83:39:20:4c:7a:da:0d:ea:06:3a:ce:e3:49:d5:5c:89:fa:
         23:41:0f:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIjJC6ahr7qZD13Yx41slMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjE0MmQzYzZlNzc3OGE0MTcxYWVkNTliZWIyYmFjOGUyMmMwNTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksyzc0RZ/jepVdikMvvWXZI/FRGH
oEA0+IDrzQBgO9viKy7xT+vuhT8p7HdK5ETvh48ikMrB+k7/WUSm32ZZO7pHU4UC
EXzuvG1+FLMTdB0fUAQQKcsR/58gbWtIeEgsHysRZXjNm2BVbWWtvCV5UxZ7i2zD
FOqfGvS3MYU6pUFNxZl4bnGCY6eUe7KSxxCf3Kt0viA/6W9sQzprCAa2E5GGHdQG
R8/t0Pz3jURTf+xyRccPkZwYr9qpdeRrcMoAHMZgJkuN82Wnmk6vDjASew//kdHS
bJF/RajFyE/sQ59nPYgCGDLJ8nbyFa/lICw+XLITGQmBOmYEoYJxvYy5mQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDsULTxud3ikFxrtWb6yusjiLAV2MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvT3hRdFBHNTNlS1FYR3UxWnZySzZ5T0lzQlhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAF9
MA0GCSqGSIb3DQEBCwUAA4IBAQBIJBV1YHVCpiS3F/Sl68hLIc4i8SfxCI6EBFAG
iFyu+TQAixZnRYYRME6Gy/gctWi62Z3pt9IecRNxdoy9nEpXBepbo3uRY6FgCvA1
wqpbuW0skfQsK+DTB12I+hcAgkS0eMBakXp+WvvliyViDhzM/PY0Hmvp6j6j9B2l
wbsw7QqwhFtLhuYWDUuJODDGT+qaO9LxQcFlBid01ZNVS5hviFN1Z/nTmT6WH/6R
Norwwp81GLmEuRQz9EYlUA/LGmkZm6s41znothIAunuf4cJmmX9+VvqE06WSj+3Q
WNZrbzOGhBtn1NzcDYPkgzkgTHraDeoGOs7jSdVcifojQQ+Y
-----END CERTIFICATE-----