Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/PXvPtTcV7_63hmRIRVqvfVENMEA.roa
File:                     PXvPtTcV7_63hmRIRVqvfVENMEA.roa (raw, json)
Hash identifier:          2OtI7PoH1L9RdPTnwZ95oU0SIfoWWC/G8OdWPDK66dA=
Subject key identifier:   3D:7B:CF:B5:37:15:EF:FE:B7:86:64:48:45:5A:AF:7D:51:0D:30:40
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD3AB313A0FA5055C39BEBD386DB8D
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/PXvPtTcV7_63hmRIRVqvfVENMEA.roa
Signing time:             Tue 02 Jan 2024 10:34:30 +0000
ROA not before:           Tue 02 Jan 2024 10:34:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211703
IP address blocks:        2a10:2f00:167::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:3a:b3:13:a0:fa:50:55:c3:9b:eb:d3:86:db:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d7bcfb53715effeb7866448455aaf7d510d3040
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:a6:51:ce:ed:ac:93:06:e2:33:af:38:c6:51:
                    36:a2:de:cc:08:67:a4:66:41:be:40:bd:ca:64:4a:
                    a0:6d:11:c9:1f:49:4e:b5:c7:82:95:c8:a9:96:32:
                    82:13:e3:89:68:ec:4a:a4:cc:c0:3d:06:f6:48:5b:
                    c7:3d:7c:39:43:05:f1:04:bc:4a:5e:ed:bb:96:15:
                    a4:89:c2:28:3c:ba:a5:89:e7:13:f6:87:32:40:1e:
                    8e:b9:13:de:6a:d9:f8:c0:47:34:de:35:01:9b:58:
                    34:af:ae:e2:2a:39:eb:85:af:79:64:a2:48:64:27:
                    e4:95:8c:0b:7a:11:7c:6a:88:64:a8:60:a4:65:35:
                    5a:38:75:38:c1:3e:e8:8f:59:20:4e:a6:cd:6d:ae:
                    90:1b:fa:05:ea:76:35:67:29:2d:9f:22:87:f8:1d:
                    2e:11:4a:a9:92:64:19:e1:bc:e1:50:e8:b7:3c:2d:
                    be:aa:37:b4:0b:9b:07:fc:98:13:93:cf:d7:4e:11:
                    46:b0:64:a6:37:c8:cc:6c:3c:0d:9b:c5:9f:b3:f0:
                    be:23:03:ba:3d:ca:04:f2:69:8f:b5:ea:a2:fa:9d:
                    5c:90:f3:0d:32:7b:86:51:cc:b2:cf:c0:76:ff:06:
                    e8:7a:7b:92:ee:2c:e2:0e:c6:be:f0:ea:a9:da:41:
                    63:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:7B:CF:B5:37:15:EF:FE:B7:86:64:48:45:5A:AF:7D:51:0D:30:40
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/PXvPtTcV7_63hmRIRVqvfVENMEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:167::/48

    Signature Algorithm: sha256WithRSAEncryption
         b7:65:20:8f:05:f1:c6:7d:15:e0:79:26:3b:ab:0e:85:b9:81:
         19:44:50:2b:fd:51:50:d6:d2:e8:62:5b:e6:d4:d1:dd:9a:37:
         ea:e5:68:90:d3:1f:86:7f:5e:93:1a:17:24:9e:4b:6b:cf:f0:
         ce:e6:7e:bb:5a:b1:c6:da:ea:32:c3:6a:7d:0c:89:60:64:9a:
         01:95:f4:ef:4f:81:b0:6c:33:50:a6:b0:f8:9f:e5:f7:e3:e8:
         d0:20:f4:05:ce:88:b1:f1:40:fe:87:ec:e8:c5:93:78:9e:b0:
         d4:94:e3:82:4b:bd:4a:59:94:33:04:01:e6:e4:21:e6:05:47:
         b6:1d:0d:96:1f:6f:1f:8d:1b:30:54:6f:63:ab:60:ff:54:f6:
         5b:8a:5c:f9:34:32:23:fe:51:3b:11:18:05:60:50:d3:3c:ce:
         13:28:58:c9:de:18:0a:35:6b:c1:49:83:8b:01:72:2a:8b:d7:
         53:42:f1:08:22:a8:c2:9e:be:b4:1b:af:da:b7:cd:b7:19:e7:
         8c:b5:da:b5:27:d5:03:fb:eb:69:a8:2a:d7:df:d3:7c:f7:47:
         24:00:8b:53:e2:bf:e2:89:8f:61:b3:ff:d4:ea:62:af:a8:a3:
         b3:68:0e:21:5e:02:29:df:d8:6b:b2:95:ef:5f:b4:71:6d:c0:
         cc:34:e5:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvTqzE6D6UFXDm+vThtuNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDdiY2ZiNTM3MTVlZmZlYjc4NjY0NDg0NTVhYWY3ZDUxMGQzMDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKZRzu2skwbiM684xlE2ot7MCGek
ZkG+QL3KZEqgbRHJH0lOtceClcipljKCE+OJaOxKpMzAPQb2SFvHPXw5QwXxBLxK
Xu27lhWkicIoPLqliecT9ocyQB6OuRPeatn4wEc03jUBm1g0r67iKjnrha95ZKJI
ZCfklYwLehF8aohkqGCkZTVaOHU4wT7oj1kgTqbNba6QG/oF6nY1ZyktnyKH+B0u
EUqpkmQZ4bzhUOi3PC2+qje0C5sH/JgTk8/XThFGsGSmN8jMbDwNm8Wfs/C+IwO6
PcoE8mmPteqi+p1ckPMNMnuGUcyyz8B2/wboenuS7iziDsa+8Oqp2kFjawIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD17z7U3Fe/+t4ZkSEVar31RDTBAMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUFh2UHRUY1Y3XzYzaG1SSVJWcXZmVkVOTUVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAFn
MA0GCSqGSIb3DQEBCwUAA4IBAQC3ZSCPBfHGfRXgeSY7qw6FuYEZRFAr/VFQ1tLo
Ylvm1NHdmjfq5WiQ0x+Gf16TGhcknktrz/DO5n67WrHG2uoyw2p9DIlgZJoBlfTv
T4GwbDNQprD4n+X34+jQIPQFzoix8UD+h+zoxZN4nrDUlOOCS71KWZQzBAHm5CHm
BUe2HQ2WH28fjRswVG9jq2D/VPZbilz5NDIj/lE7ERgFYFDTPM4TKFjJ3hgKNWvB
SYOLAXIqi9dTQvEIIqjCnr60G6/at823GeeMtdq1J9UD++tpqCrX39N890ckAItT
4r/iiY9hs//U6mKvqKOzaA4hXgIp39hrspXvX7RxbcDMNOUL
-----END CERTIFICATE-----