Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/R9XsjPcxOaAohu_5J9o-ra8idcE.roa
File:                     R9XsjPcxOaAohu_5J9o-ra8idcE.roa (raw, json)
Hash identifier:          00V7vC1M+WOkxWhrQrxhfyC+vqHLTBLwAmoXGE42bUg=
Subject key identifier:   47:D5:EC:8C:F7:31:39:A0:28:86:EF:F9:27:DA:3E:AD:AF:22:75:C1
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425228DDFE741D82BC8439C94F7AA4F14
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/R9XsjPcxOaAohu_5J9o-ra8idcE.roa
Signing time:             Thu 02 Jan 2025 03:50:08 +0000
ROA not before:           Thu 02 Jan 2025 03:50:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215743
IP address blocks:        2a10:ccc7:ccc0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:8d:df:e7:41:d8:2b:c8:43:9c:94:f7:aa:4f:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47d5ec8cf73139a02886eff927da3eadaf2275c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:85:5f:5b:7b:2f:5d:3b:a0:e2:af:39:43:35:
                    c3:d9:b5:e1:63:c0:1a:58:f6:d7:85:24:6a:fa:94:
                    4a:d9:78:d5:a4:04:6e:d0:7a:a0:9c:e5:70:c2:30:
                    9c:2c:8b:aa:05:f0:ac:20:ef:42:c7:fd:08:ea:0f:
                    a9:45:64:3b:87:ab:c2:2b:3e:d2:3b:23:5a:98:51:
                    62:ed:61:e3:76:0b:ea:b2:50:09:01:d8:1e:91:aa:
                    fe:99:10:ff:b7:3b:31:7e:98:83:fb:0d:75:0a:83:
                    98:84:24:33:e5:70:0c:43:3d:d7:58:14:cb:92:95:
                    3d:95:62:dc:55:31:63:c2:22:e8:15:41:05:83:18:
                    bd:41:8e:dc:8b:85:65:d6:af:d4:08:3e:40:de:12:
                    e7:56:38:92:79:d2:2f:ab:6c:da:2c:f7:19:5d:dd:
                    b6:82:5e:0c:cd:12:d8:d4:c9:a5:b6:de:21:48:40:
                    8d:06:74:b3:04:df:d2:41:6a:a8:b9:29:55:e7:15:
                    c8:dc:70:f0:e4:7f:78:47:4a:75:b2:59:a3:ec:f3:
                    40:8c:b1:b9:a0:83:06:2a:10:61:e2:c2:7f:d1:eb:
                    d5:fa:c3:0e:a9:c0:70:bf:5c:c1:a0:97:77:e0:90:
                    1e:55:2d:ef:d3:bf:cb:70:13:aa:d9:38:87:f9:82:
                    a6:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:D5:EC:8C:F7:31:39:A0:28:86:EF:F9:27:DA:3E:AD:AF:22:75:C1
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/R9XsjPcxOaAohu_5J9o-ra8idcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc7:ccc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         2b:cd:bb:f7:a7:8d:5e:48:10:32:c1:4b:b7:cd:55:06:6f:2a:
         51:f5:39:ec:c6:41:2a:8e:f7:92:90:e7:bf:ca:17:fc:1a:98:
         36:52:4a:65:de:4d:b6:27:4a:04:29:6c:b9:18:4a:99:80:4e:
         ac:90:7e:85:61:86:2c:9f:3a:39:37:43:82:08:16:c8:0e:0b:
         c7:05:87:8b:ae:c9:69:55:61:5a:4a:f5:78:83:48:6a:18:61:
         50:42:1b:d0:11:ee:02:42:1d:f2:77:2d:b3:00:48:4b:a9:46:
         d6:d3:60:10:45:df:f3:c6:22:cf:38:e2:ba:04:18:e7:aa:e5:
         f8:4a:61:f3:f5:19:f3:04:2e:14:f9:bf:2e:00:50:13:f2:64:
         6a:94:17:7d:ce:98:14:b3:ec:23:cb:be:33:99:fc:02:b7:84:
         4d:a7:d4:a9:ff:95:a0:b9:7f:99:90:b8:c0:88:e0:21:44:38:
         3e:4d:2f:ce:e8:06:7c:52:cd:17:fa:33:da:6d:9b:2c:82:44:
         80:b1:a1:f4:38:07:b4:df:1e:fa:ff:d3:f7:0c:7b:de:dc:3f:
         46:d0:8c:62:c5:6c:52:39:26:38:81:36:b7:22:47:0f:ee:12:
         ac:e5:bd:8e:fd:47:26:31:17:02:c7:83:71:1b:51:d4:87:0c:
         e6:d4:e5:ca
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIo3f50HYK8hDnJT3qk8UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2Q1ZWM4Y2Y3MzEzOWEwMjg4NmVmZjkyN2RhM2VhZGFmMjI3NWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA34VfW3svXTug4q85QzXD2bXhY8Aa
WPbXhSRq+pRK2XjVpARu0HqgnOVwwjCcLIuqBfCsIO9Cx/0I6g+pRWQ7h6vCKz7S
OyNamFFi7WHjdgvqslAJAdgekar+mRD/tzsxfpiD+w11CoOYhCQz5XAMQz3XWBTL
kpU9lWLcVTFjwiLoFUEFgxi9QY7ci4Vl1q/UCD5A3hLnVjiSedIvq2zaLPcZXd22
gl4MzRLY1Mmltt4hSECNBnSzBN/SQWqouSlV5xXI3HDw5H94R0p1slmj7PNAjLG5
oIMGKhBh4sJ/0evV+sMOqcBwv1zBoJd34JAeVS3v07/LcBOq2TiH+YKmhwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEfV7Iz3MTmgKIbv+SfaPq2vInXBMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUjlYc2pQY3hPYUFvaHVfNUo5by1yYThpZGNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhDMx8zA
MA0GCSqGSIb3DQEBCwUAA4IBAQArzbv3p41eSBAywUu3zVUGbypR9TnsxkEqjveS
kOe/yhf8Gpg2Ukpl3k22J0oEKWy5GEqZgE6skH6FYYYsnzo5N0OCCBbIDgvHBYeL
rslpVWFaSvV4g0hqGGFQQhvQEe4CQh3ydy2zAEhLqUbW02AQRd/zxiLPOOK6BBjn
quX4SmHz9RnzBC4U+b8uAFAT8mRqlBd9zpgUs+wjy74zmfwCt4RNp9Sp/5WguX+Z
kLjAiOAhRDg+TS/O6AZ8Us0X+jPabZssgkSAsaH0OAe03x76/9P3DHve3D9G0Ixi
xWxSOSY4gTa3IkcP7hKs5b2O/UcmMRcCx4NxG1HUhwzm1OXK
-----END CERTIFICATE-----