Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/P3C_hxr2nDDkXgaAcosXSCQTaqI.roa
File:                     P3C_hxr2nDDkXgaAcosXSCQTaqI.roa (raw, json)
Hash identifier:          g2jCberbPNqiLnQT3e9N+FBZA787bGm/yr3l5zcpREk=
Subject key identifier:   3F:70:BF:87:1A:F6:9C:30:E4:5E:06:80:72:8B:17:48:24:13:6A:A2
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD179B097624DB649712CB2A91A252
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/P3C_hxr2nDDkXgaAcosXSCQTaqI.roa
Signing time:             Tue 02 Jan 2024 10:34:21 +0000
ROA not before:           Tue 02 Jan 2024 10:34:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208454
IP address blocks:        2a10:cc44:1d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:17:9b:09:76:24:db:64:97:12:cb:2a:91:a2:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f70bf871af69c30e45e0680728b174824136aa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:5e:43:92:b7:86:0a:ba:f7:45:d5:22:84:01:
                    69:aa:06:0b:1f:0e:86:59:10:bd:00:71:fd:38:6d:
                    9b:c3:88:b5:ec:6c:ec:14:32:32:e4:85:46:26:04:
                    8b:f3:37:27:b3:98:f3:58:1d:bb:3b:ae:c0:bb:50:
                    67:d3:cb:45:e7:1c:1e:c6:d9:82:9a:4f:d3:f0:5f:
                    ed:dc:0c:e1:bb:ac:ce:06:5b:d4:93:6f:34:6a:db:
                    43:0d:f3:b8:75:ef:4f:c4:52:db:dc:d3:ac:43:f2:
                    25:65:e0:a8:26:1a:95:9f:cc:2b:8e:1a:67:df:d9:
                    55:f2:9b:0e:d9:06:d1:43:9d:e0:33:6e:69:cf:2b:
                    3e:b3:ea:04:f1:00:a7:9d:2b:19:0e:5b:22:52:a9:
                    dc:5e:82:af:10:5c:6a:6a:c9:0c:51:1e:21:d6:d1:
                    b9:af:27:fe:73:2b:cb:49:01:26:79:d9:a2:c0:28:
                    61:45:93:1c:cc:e7:44:26:2c:48:7a:df:10:7d:6e:
                    df:ff:77:ff:54:c0:71:fe:94:05:c1:13:c5:2b:b5:
                    da:c4:e8:61:e2:85:30:9f:db:09:01:ba:79:ed:a9:
                    8c:50:49:4b:25:ef:f7:f9:f1:88:8b:25:df:d4:e3:
                    ea:45:e3:15:77:90:c6:d1:08:88:b0:c0:74:62:b5:
                    a2:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:70:BF:87:1A:F6:9C:30:E4:5E:06:80:72:8B:17:48:24:13:6A:A2
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/P3C_hxr2nDDkXgaAcosXSCQTaqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:cc44:1d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         8b:9a:79:1d:13:e5:c9:0d:cb:10:10:c0:a2:01:6b:3d:71:83:
         2e:4b:10:4d:d2:fa:55:96:fd:88:c1:af:22:64:5c:44:d5:86:
         8b:07:71:2f:52:45:65:6f:83:d7:7a:e7:06:20:b8:d9:4d:a8:
         2a:61:f0:c3:2a:03:d3:65:1d:a0:e3:f8:66:48:14:0b:fb:8c:
         03:f7:4a:55:ae:03:8d:e4:47:d8:04:f6:cb:b6:40:24:ee:e9:
         99:7c:93:0b:ec:8b:10:8f:14:32:bc:b1:0e:54:2d:47:3b:20:
         9c:4d:fe:a0:cd:11:c9:e0:c8:72:a7:54:2a:19:81:dc:eb:c0:
         0b:5a:51:76:a1:c4:c3:de:52:a6:e7:5f:77:ed:20:fd:0e:4e:
         45:b0:36:4b:36:e4:ee:61:33:8c:e4:83:eb:23:b3:a0:26:72:
         30:21:89:0b:c5:00:a8:87:0a:e5:a7:54:1f:13:0d:59:61:25:
         1d:f2:b7:09:0e:11:af:ca:2b:24:09:b1:4f:20:b1:ac:7f:b9:
         ad:ec:55:49:b6:27:61:a6:e8:73:a6:f5:ac:65:20:48:8d:65:
         b4:ab:62:bb:d2:50:5b:bf:15:c9:22:71:f5:46:8c:ff:ca:b8:
         6a:ba:64:25:6b:a3:8f:c5:0f:43:1a:be:de:6a:2f:bd:49:cf:
         c1:9d:69:17
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvRebCXYk22SXEssqkaJSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjcwYmY4NzFhZjY5YzMwZTQ1ZTA2ODA3MjhiMTc0ODI0MTM2YWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkF5DkreGCrr3RdUihAFpqgYLHw6G
WRC9AHH9OG2bw4i17GzsFDIy5IVGJgSL8zcns5jzWB27O67Au1Bn08tF5xwextmC
mk/T8F/t3Azhu6zOBlvUk280attDDfO4de9PxFLb3NOsQ/IlZeCoJhqVn8wrjhpn
39lV8psO2QbRQ53gM25pzys+s+oE8QCnnSsZDlsiUqncXoKvEFxqaskMUR4h1tG5
ryf+cyvLSQEmedmiwChhRZMczOdEJixIet8QfW7f/3f/VMBx/pQFwRPFK7XaxOhh
4oUwn9sJAbp57amMUElLJe/3+fGIiyXf1OPqReMVd5DG0QiIsMB0YrWiRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD9wv4ca9pww5F4GgHKLF0gkE2qiMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUDNDX2h4cjJuRERrWGdhQWNvc1hTQ1FUYXFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhDMRAHQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCLmnkdE+XJDcsQEMCiAWs9cYMuSxBN0vpVlv2I
wa8iZFxE1YaLB3EvUkVlb4PXeucGILjZTagqYfDDKgPTZR2g4/hmSBQL+4wD90pV
rgON5EfYBPbLtkAk7umZfJML7IsQjxQyvLEOVC1HOyCcTf6gzRHJ4Mhyp1QqGYHc
68ALWlF2ocTD3lKm51937SD9Dk5FsDZLNuTuYTOM5IPrI7OgJnIwIYkLxQCohwrl
p1QfEw1ZYSUd8rcJDhGvyiskCbFPILGsf7mt7FVJtidhpuhzpvWsZSBIjWW0q2K7
0lBbvxXJInH1Roz/yrhqumQla6OPxQ9DGr7eai+9Sc/BnWkX
-----END CERTIFICATE-----