Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/QVuUn90tUXzJxXXQQMuYo-nZZ6c.roa
File:                     QVuUn90tUXzJxXXQQMuYo-nZZ6c.roa (raw, json)
Hash identifier:          J6uHglwkPPQQhwgo+0/3mZXRFNeVn2Icr28wwkrQ4YA=
Subject key identifier:   41:5B:94:9F:DD:2D:51:7C:C9:C5:75:D0:40:CB:98:A3:E9:D9:67:A7
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018EA20C6769B600040BBD008482BEA18BB9
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/QVuUn90tUXzJxXXQQMuYo-nZZ6c.roa
Signing time:             Wed 03 Apr 2024 03:41:45 +0000
ROA not before:           Wed 03 Apr 2024 03:41:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     147301
IP address blocks:        2a10:ccc1:107::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a2:0c:67:69:b6:00:04:0b:bd:00:84:82:be:a1:8b:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr  3 03:41:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=415b949fdd2d517cc9c575d040cb98a3e9d967a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:30:5a:58:48:b8:f3:7b:46:02:e1:0e:4e:8a:
                    9f:bb:a0:e6:82:48:c3:31:18:1c:f5:43:f5:a5:ca:
                    8a:24:48:60:0f:4c:97:b5:a3:06:54:33:5c:74:88:
                    ed:a8:c1:be:e6:d7:38:20:0a:43:3f:3b:5e:d8:a9:
                    32:b5:ef:9f:b3:d8:58:56:72:03:8d:2d:0c:dc:e1:
                    05:bf:03:c3:64:5c:37:26:e6:ad:bd:38:fb:6c:2c:
                    fe:2c:90:e2:33:6d:28:27:c2:a5:5b:d7:7e:17:82:
                    25:62:46:d6:9e:c2:3a:d5:6b:77:1d:da:a7:5c:fd:
                    f2:f6:de:98:3e:ef:85:40:85:50:19:36:f4:28:ab:
                    b9:6e:a8:b9:d8:7f:bb:fa:39:5d:e1:8f:44:4a:f3:
                    4a:a5:f0:fd:86:5a:38:02:e9:35:49:66:89:31:8c:
                    cf:61:1d:fa:9c:a9:0c:01:d2:61:43:54:e5:61:67:
                    b5:60:2e:df:fa:0e:17:6b:9c:79:6d:4a:cd:e8:1b:
                    d9:e6:f2:95:78:7a:ce:f7:e5:61:53:b6:8e:5e:0d:
                    9b:92:ea:67:38:c7:61:4f:03:a9:8c:b3:d2:81:11:
                    2d:25:d6:47:53:9d:1b:cf:91:f6:5b:ff:dd:5b:84:
                    0d:b1:63:a0:10:e6:fe:91:7f:7a:25:b9:c6:ac:4e:
                    99:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:5B:94:9F:DD:2D:51:7C:C9:C5:75:D0:40:CB:98:A3:E9:D9:67:A7
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/QVuUn90tUXzJxXXQQMuYo-nZZ6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc1:107::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:0f:ef:70:f2:b4:6e:da:b1:37:b6:2a:87:e5:d0:3a:64:29:
         e6:40:9c:a2:8c:1f:1e:13:47:6d:19:fb:60:fe:78:c8:07:44:
         3b:12:21:8e:43:66:6f:e2:5a:ae:31:a1:d2:7c:96:b2:3a:f5:
         22:b8:af:75:53:3d:53:bd:9b:2c:88:10:c4:4a:a7:f6:a3:c6:
         51:19:46:e7:69:e5:ed:b5:0b:00:9c:12:76:ff:c9:b2:ff:f7:
         95:d3:25:9c:7b:69:bd:93:58:3c:2b:03:fe:da:8d:d5:68:2a:
         a2:fd:30:02:0e:04:0d:9d:94:45:5a:df:7c:38:9e:a9:2a:87:
         43:7e:54:86:3c:32:b8:8e:7b:7c:e2:38:e2:38:33:db:1f:08:
         62:07:9f:70:c9:56:cd:a8:0c:b3:29:e6:4f:a4:8c:19:21:c6:
         31:a8:d0:eb:16:af:7b:56:b9:8b:73:9e:66:d4:97:dc:c7:a7:
         6b:dd:01:48:f3:41:61:5b:ce:fd:2b:41:f2:8f:29:56:20:d2:
         83:bb:68:97:e8:77:5b:e4:5e:21:ea:0c:00:23:be:2d:ec:ad:
         31:20:9c:3d:60:fb:40:40:12:d3:f7:1b:f6:16:43:32:21:70:
         ee:83:20:aa:eb:2f:b6:56:8f:b2:b5:10:99:95:fe:20:98:4f:
         4a:7e:d6:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY6iDGdptgAEC70AhIK+oYu5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNDAzMDM0MTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTViOTQ5ZmRkMmQ1MTdjYzljNTc1ZDA0MGNiOThhM2U5ZDk2N2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhDBaWEi483tGAuEOToqfu6DmgkjD
MRgc9UP1pcqKJEhgD0yXtaMGVDNcdIjtqMG+5tc4IApDPzte2Kkyte+fs9hYVnID
jS0M3OEFvwPDZFw3JuatvTj7bCz+LJDiM20oJ8KlW9d+F4IlYkbWnsI61Wt3Hdqn
XP3y9t6YPu+FQIVQGTb0KKu5bqi52H+7+jld4Y9ESvNKpfD9hlo4Auk1SWaJMYzP
YR36nKkMAdJhQ1TlYWe1YC7f+g4Xa5x5bUrN6BvZ5vKVeHrO9+VhU7aOXg2bkupn
OMdhTwOpjLPSgREtJdZHU50bz5H2W//dW4QNsWOgEOb+kX96JbnGrE6Z0wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEFblJ/dLVF8ycV10EDLmKPp2WenMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUVZ1VW45MHRVWHpKeFhYUVFNdVlvLW5aWjZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhDMwQEH
MA0GCSqGSIb3DQEBCwUAA4IBAQAaD+9w8rRu2rE3tiqH5dA6ZCnmQJyijB8eE0dt
Gftg/njIB0Q7EiGOQ2Zv4lquMaHSfJayOvUiuK91Uz1TvZssiBDESqf2o8ZRGUbn
aeXttQsAnBJ2/8my//eV0yWce2m9k1g8KwP+2o3VaCqi/TACDgQNnZRFWt98OJ6p
KodDflSGPDK4jnt84jjiODPbHwhiB59wyVbNqAyzKeZPpIwZIcYxqNDrFq97VrmL
c55m1Jfcx6dr3QFI80FhW879K0HyjylWINKDu2iX6Hdb5F4h6gwAI74t7K0xIJw9
YPtAQBLT9xv2FkMyIXDugyCq6y+2Vo+ytRCZlf4gmE9KftYJ
-----END CERTIFICATE-----