Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Rnq33amJry1zz_VIa51bd5ZWysM.roa
File:                     Rnq33amJry1zz_VIa51bd5ZWysM.roa (raw, json)
Hash identifier:          cpEGAlwvTWiwNGug7V/qBwcLcC2+z74la/MBZvDAG0s=
Subject key identifier:   46:7A:B7:DD:A9:89:AF:2D:73:CF:F5:48:6B:9D:5B:77:96:56:CA:C3
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCFD41F9C345BDBBD5A09A46F45954
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Rnq33amJry1zz_VIa51bd5ZWysM.roa
Signing time:             Tue 02 Jan 2024 10:34:15 +0000
ROA not before:           Tue 02 Jan 2024 10:34:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202224
IP address blocks:        2a10:2f00:18b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:fd:41:f9:c3:45:bd:bb:d5:a0:9a:46:f4:59:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=467ab7dda989af2d73cff5486b9d5b779656cac3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:09:24:4b:a6:b5:81:d5:94:a5:f9:32:1f:ae:
                    f1:f2:f4:88:c8:89:59:f4:7b:e7:5d:bb:c1:cb:f6:
                    26:ce:86:6c:d6:01:b5:17:75:e6:fe:9f:ff:80:6d:
                    61:2d:bb:03:9b:64:66:e6:43:9f:00:b1:da:80:43:
                    4b:cd:93:52:a8:83:26:fd:30:e3:ff:51:67:a6:ab:
                    17:93:09:85:af:f8:5c:1c:7f:ea:af:fe:74:c6:e0:
                    8c:bc:97:4b:4a:f3:c2:d5:b9:e5:e3:df:bc:2d:89:
                    07:02:9c:95:6a:bb:dc:88:f2:6e:aa:8f:a7:f0:d3:
                    dd:33:2e:87:35:c7:2a:09:31:cc:8c:47:f3:dc:3d:
                    ad:fa:ac:05:d2:5d:29:64:ea:95:7a:26:10:85:bf:
                    1e:30:77:82:f0:ef:2e:e9:17:93:cf:a5:fd:79:ae:
                    4e:f4:8c:25:a7:70:be:60:e9:e8:7a:06:8c:a5:7e:
                    f9:05:3c:e8:0c:0d:60:ef:87:42:d1:18:50:4f:f2:
                    77:c4:e9:e7:94:14:39:6d:49:04:0a:de:8e:9c:35:
                    45:21:68:c8:94:34:6b:32:52:54:4c:20:72:27:80:
                    c6:c5:34:35:ac:44:5e:0e:2d:a6:61:45:8c:15:fe:
                    18:3d:e1:9c:13:97:03:44:f1:51:ca:d8:ed:39:86:
                    04:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:7A:B7:DD:A9:89:AF:2D:73:CF:F5:48:6B:9D:5B:77:96:56:CA:C3
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Rnq33amJry1zz_VIa51bd5ZWysM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:18b::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:36:a0:67:82:4e:12:e8:14:3e:d4:f3:dd:8c:3e:d3:23:d7:
         0b:4b:45:af:6e:a6:d7:4c:90:f6:74:0d:74:3b:fa:7b:78:2b:
         2c:61:be:7c:34:69:e8:37:fb:e3:7c:91:90:51:98:ac:db:f8:
         9f:63:6f:33:73:74:9a:ab:d1:30:4c:2d:41:a5:7d:cd:20:72:
         b5:c5:8d:eb:3b:ba:88:86:ac:25:5f:6b:48:cd:a9:57:e1:91:
         d9:0b:a4:58:fe:3c:80:6d:30:6a:5e:c2:7d:6c:eb:e4:68:35:
         34:12:43:4b:b6:ab:e6:69:c8:9a:cd:b2:26:94:ca:4c:96:6d:
         2a:26:30:ff:ca:c7:80:b1:ec:6e:96:ed:5c:ff:d3:09:9d:53:
         bd:d0:0c:f6:cd:e3:84:34:e8:c6:e1:0c:30:5a:a5:21:d8:71:
         b8:89:7c:5d:3a:6c:7b:78:f9:20:40:4d:e7:cd:54:6f:0e:c4:
         33:48:70:71:3e:77:05:b9:0c:f5:32:88:be:95:cc:54:3c:bc:
         11:a2:96:60:16:08:1f:69:52:a4:5f:22:26:1c:5d:66:dd:76:
         71:59:e2:28:3d:cb:dc:a9:d4:7c:da:80:0d:ab:0a:bd:03:78:
         03:3c:43:b4:7f:8a:08:db:26:a3:02:03:79:cc:12:5f:6c:33:
         ab:32:b8:dd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvP1B+cNFvbvVoJpG9FlUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjdhYjdkZGE5ODlhZjJkNzNjZmY1NDg2YjlkNWI3Nzk2NTZjYWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwkkS6a1gdWUpfkyH67x8vSIyIlZ
9HvnXbvBy/YmzoZs1gG1F3Xm/p//gG1hLbsDm2Rm5kOfALHagENLzZNSqIMm/TDj
/1FnpqsXkwmFr/hcHH/qr/50xuCMvJdLSvPC1bnl49+8LYkHApyVarvciPJuqo+n
8NPdMy6HNccqCTHMjEfz3D2t+qwF0l0pZOqVeiYQhb8eMHeC8O8u6ReTz6X9ea5O
9Iwlp3C+YOnoegaMpX75BTzoDA1g74dC0RhQT/J3xOnnlBQ5bUkECt6OnDVFIWjI
lDRrMlJUTCByJ4DGxTQ1rEReDi2mYUWMFf4YPeGcE5cDRPFRytjtOYYEFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEZ6t92pia8tc8/1SGudW3eWVsrDMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUm5xMzNhbUpyeTF6el9WSWE1MWJkNVpXeXNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAGL
MA0GCSqGSIb3DQEBCwUAA4IBAQB/NqBngk4S6BQ+1PPdjD7TI9cLS0WvbqbXTJD2
dA10O/p7eCssYb58NGnoN/vjfJGQUZis2/ifY28zc3Saq9EwTC1BpX3NIHK1xY3r
O7qIhqwlX2tIzalX4ZHZC6RY/jyAbTBqXsJ9bOvkaDU0EkNLtqvmaciazbImlMpM
lm0qJjD/yseAsexulu1c/9MJnVO90Az2zeOENOjG4QwwWqUh2HG4iXxdOmx7ePkg
QE3nzVRvDsQzSHBxPncFuQz1Moi+lcxUPLwRopZgFggfaVKkXyImHF1m3XZxWeIo
PcvcqdR82oANqwq9A3gDPEO0f4oI2yajAgN5zBJfbDOrMrjd
-----END CERTIFICATE-----