Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/R-3ZaqqRYiSSVZCHhXtSls2aIhE.roa
File:                     R-3ZaqqRYiSSVZCHhXtSls2aIhE.roa (raw, json)
Hash identifier:          dEigR+dfSFS5z+4MFw7sawM12kmoVKo9nIvHo6SoW+0=
Subject key identifier:   47:ED:D9:6A:AA:91:62:24:92:55:90:87:85:7B:52:96:CD:9A:22:11
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD584DA5D5BE3F7BA331F29A3E4F9A
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/R-3ZaqqRYiSSVZCHhXtSls2aIhE.roa
Signing time:             Tue 02 Jan 2024 10:34:38 +0000
ROA not before:           Tue 02 Jan 2024 10:34:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216364
IP address blocks:        2a10:2f00:199::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:58:4d:a5:d5:be:3f:7b:a3:31:f2:9a:3e:4f:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47edd96aaa91622492559087857b5296cd9a2211
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:02:f5:2f:f1:fb:47:2a:42:46:4c:f2:34:1a:
                    6f:ae:ef:dd:b9:22:ad:b9:db:4f:05:81:d4:cb:6a:
                    fb:82:8c:d2:4b:66:26:70:bc:b0:69:d6:55:60:6f:
                    9b:21:c0:58:c4:17:ab:44:1d:54:e6:dd:96:c7:42:
                    e5:ea:69:34:6e:9e:74:31:10:fd:54:84:f4:85:8b:
                    9b:9a:ca:9c:f4:d3:ac:62:8b:8f:d9:67:c5:ae:b5:
                    31:54:fb:44:2e:c7:c2:0a:cd:a5:fd:12:e7:a7:f7:
                    f6:7f:e6:e7:f3:93:8e:89:d0:d5:eb:6e:ba:bf:46:
                    c2:69:ad:18:bf:fd:ef:e1:bc:55:5d:a9:c8:c1:19:
                    d8:71:19:af:1e:39:cd:6e:0e:f0:6c:38:b4:f1:34:
                    f5:eb:fa:38:67:8f:ca:85:7b:b5:1c:1f:97:d3:88:
                    90:67:9e:5e:d4:ac:cf:43:9c:81:02:66:7a:ce:34:
                    db:74:19:cb:de:0c:79:63:22:e3:60:f6:64:fb:8f:
                    e4:a9:9d:db:1b:68:de:72:2a:a9:10:40:bb:09:23:
                    06:62:15:76:56:76:59:70:0e:60:a4:b0:08:a5:aa:
                    4a:f1:29:45:96:71:ea:82:09:05:23:1b:7b:6c:13:
                    1f:7b:42:16:58:e3:4e:de:42:ff:c3:4e:bb:e9:be:
                    28:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:ED:D9:6A:AA:91:62:24:92:55:90:87:85:7B:52:96:CD:9A:22:11
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/R-3ZaqqRYiSSVZCHhXtSls2aIhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:199::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:6a:cb:17:b8:2a:e9:6c:10:3c:df:59:ae:22:c8:3d:2b:2e:
         ff:0a:1f:aa:b3:dc:f2:f0:22:7a:13:10:8e:cb:fd:0c:a2:d5:
         e0:78:a4:3c:01:ef:1e:10:63:5e:4a:8f:50:68:9d:53:c2:e9:
         83:67:26:80:5a:5b:38:02:1d:65:7c:aa:c9:e6:b2:df:c6:81:
         bf:6d:a6:87:06:f9:86:3e:ea:19:6c:67:41:1f:f2:ff:2c:96:
         f1:3a:25:ee:b6:dc:0c:9a:48:5c:d8:a6:f0:83:91:40:97:da:
         5d:59:cb:01:da:da:f6:c3:07:ed:b6:85:3c:0c:00:e2:a0:76:
         dc:f8:9b:61:f7:7b:52:14:64:3b:99:bc:43:e9:5e:6d:28:34:
         e0:3f:d0:11:37:60:88:f2:06:33:58:83:e7:92:8b:51:6d:7c:
         16:ed:35:a3:8e:23:0d:cb:0b:c3:3c:0a:5d:c6:47:a9:77:91:
         76:cc:c8:b1:bb:96:18:bb:3b:c1:79:9e:1a:95:de:24:87:d9:
         77:02:d8:ca:16:ed:ae:74:83:ab:45:82:9e:5b:d6:6f:17:7d:
         d9:98:68:3d:fe:7f:a4:a5:8b:ed:29:fe:b3:9a:19:d8:6d:91:
         36:74:0c:3b:75:08:2c:a6:2b:3c:95:bd:24:6d:d3:db:63:32:
         91:21:7e:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvVhNpdW+P3ujMfKaPk+aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2VkZDk2YWFhOTE2MjI0OTI1NTkwODc4NTdiNTI5NmNkOWEyMjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAL1L/H7RypCRkzyNBpvru/duSKt
udtPBYHUy2r7gozSS2YmcLywadZVYG+bIcBYxBerRB1U5t2Wx0Ll6mk0bp50MRD9
VIT0hYubmsqc9NOsYouP2WfFrrUxVPtELsfCCs2l/RLnp/f2f+bn85OOidDV6266
v0bCaa0Yv/3v4bxVXanIwRnYcRmvHjnNbg7wbDi08TT16/o4Z4/KhXu1HB+X04iQ
Z55e1KzPQ5yBAmZ6zjTbdBnL3gx5YyLjYPZk+4/kqZ3bG2jeciqpEEC7CSMGYhV2
VnZZcA5gpLAIpapK8SlFlnHqggkFIxt7bBMfe0IWWONO3kL/w0676b4oMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEft2WqqkWIkklWQh4V7UpbNmiIRMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUi0zWmFxcVJZaVNTVlpDSGhYdFNsczJhSWhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAGZ
MA0GCSqGSIb3DQEBCwUAA4IBAQCWassXuCrpbBA831muIsg9Ky7/Ch+qs9zy8CJ6
ExCOy/0MotXgeKQ8Ae8eEGNeSo9QaJ1TwumDZyaAWls4Ah1lfKrJ5rLfxoG/baaH
BvmGPuoZbGdBH/L/LJbxOiXuttwMmkhc2Kbwg5FAl9pdWcsB2tr2wwfttoU8DADi
oHbc+Jth93tSFGQ7mbxD6V5tKDTgP9ARN2CI8gYzWIPnkotRbXwW7TWjjiMNywvD
PApdxkepd5F2zMixu5YYuzvBeZ4ald4kh9l3AtjKFu2udIOrRYKeW9ZvF33ZmGg9
/n+kpYvtKf6zmhnYbZE2dAw7dQgspis8lb0kbdPbYzKRIX4y
-----END CERTIFICATE-----