Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/T_30IlsviAvJGZFe8r__DqQQUQQ.roa
File:                     T_30IlsviAvJGZFe8r__DqQQUQQ.roa (raw, json)
Hash identifier:          9Y+ZWlNQJ1T3fFfX5gfik+S67ZoVsa01m0o4DX51Uwk=
Subject key identifier:   4F:FD:F4:22:5B:2F:88:0B:C9:19:91:5E:F2:BF:FF:0E:A4:10:51:04
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01936257A2321C91F3A044D63BE5C7C0BB56
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/T_30IlsviAvJGZFe8r__DqQQUQQ.roa
Signing time:             Mon 25 Nov 2024 08:02:10 +0000
ROA not before:           Mon 25 Nov 2024 08:02:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215131
IP address blocks:        2a10:ccc5:2a10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 13:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:62:57:a2:32:1c:91:f3:a0:44:d6:3b:e5:c7:c0:bb:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Nov 25 08:02:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ffdf4225b2f880bc919915ef2bfff0ea4105104
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:3f:2b:c8:c1:3a:c7:14:7b:ee:32:1f:2a:c5:
                    f8:8f:27:a1:83:aa:25:04:6d:5b:79:3d:5e:19:37:
                    a4:5c:e5:28:94:48:8d:95:3a:5f:dd:4f:b5:d1:59:
                    8c:c6:d4:82:d7:69:6f:89:54:f9:54:7d:d5:1d:11:
                    33:74:cf:32:28:cb:6f:a2:36:b7:3b:21:c2:f3:5f:
                    5d:0f:a7:1e:95:65:02:44:f8:be:e8:2c:4d:c6:3e:
                    31:b9:5f:37:43:29:ea:d7:ab:78:a8:b4:b5:3d:03:
                    38:d4:5e:90:36:10:f1:04:1c:86:11:04:29:b0:2d:
                    5c:db:05:13:9a:5b:a5:c6:46:55:26:eb:40:69:7c:
                    03:e0:ee:0d:ef:ed:4a:13:32:e5:57:87:d6:f6:c0:
                    2f:2c:78:7a:c0:24:b1:84:bb:2d:ae:e1:71:03:b0:
                    a9:72:c9:25:6b:cc:c5:8f:3f:df:8d:b8:a9:be:d7:
                    03:22:16:2a:29:c6:81:75:6f:6e:ff:75:e5:8c:b2:
                    f0:7e:1a:4c:99:ba:03:40:6a:b0:27:ff:5a:10:3a:
                    3b:e3:21:6d:1e:8a:cc:48:5c:2f:da:62:cc:3f:8a:
                    50:04:1d:b8:35:78:bf:09:0d:11:0f:36:d5:98:a9:
                    9c:fb:33:3a:94:85:50:b1:e4:4d:c4:96:10:e6:77:
                    31:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:FD:F4:22:5B:2F:88:0B:C9:19:91:5E:F2:BF:FF:0E:A4:10:51:04
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/T_30IlsviAvJGZFe8r__DqQQUQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc5:2a10::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:84:a6:2f:45:a2:c6:3f:4d:18:9e:49:5b:93:9e:04:00:2f:
         22:2a:85:86:53:71:68:bc:7e:da:38:34:04:86:7a:00:5c:ab:
         42:2b:84:de:01:18:e0:34:e4:71:77:7e:81:73:f3:0e:a7:90:
         de:eb:a0:0b:24:9b:64:26:e7:95:ab:b6:ea:53:2e:9a:8e:45:
         57:d8:36:90:8a:6d:54:45:4f:0b:ce:56:ae:ac:a1:02:7c:ca:
         12:01:c6:42:49:37:30:47:d2:4a:5e:76:ef:79:e2:26:40:54:
         7d:71:0b:b6:5a:b4:3a:db:f3:5d:83:45:eb:f0:a4:2b:1f:54:
         ca:d7:8d:6e:c0:3d:53:3f:7f:50:6c:08:71:6b:34:f5:a8:cb:
         68:03:0b:28:72:b3:5f:1d:d3:08:64:3f:28:d5:e3:78:7e:ce:
         8a:17:6d:5b:0b:fc:31:5d:05:88:0a:34:c0:29:b8:37:72:ee:
         e0:c0:fc:84:ee:44:a5:88:99:05:49:67:ed:78:f7:5d:88:2b:
         61:a8:51:92:a5:c0:4f:dd:84:e5:bc:23:8c:ad:bd:b1:96:18:
         3e:49:35:cf:ae:87:f5:e6:fd:49:20:97:0e:9e:d3:e9:1e:68:
         67:bd:df:a7:1e:b9:63:33:a6:ef:66:ed:6a:59:61:45:a2:d3:
         d6:65:84:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZNiV6IyHJHzoETWO+XHwLtWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQxMTI1MDgwMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmZkZjQyMjViMmY4ODBiYzkxOTkxNWVmMmJmZmYwZWE0MTA1MTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6j8ryME6xxR77jIfKsX4jyehg6ol
BG1beT1eGTekXOUolEiNlTpf3U+10VmMxtSC12lviVT5VH3VHREzdM8yKMtvoja3
OyHC819dD6celWUCRPi+6CxNxj4xuV83Qynq16t4qLS1PQM41F6QNhDxBByGEQQp
sC1c2wUTmlulxkZVJutAaXwD4O4N7+1KEzLlV4fW9sAvLHh6wCSxhLstruFxA7Cp
cskla8zFjz/fjbipvtcDIhYqKcaBdW9u/3XljLLwfhpMmboDQGqwJ/9aEDo74yFt
HorMSFwv2mLMP4pQBB24NXi/CQ0RDzbVmKmc+zM6lIVQseRNxJYQ5ncxQQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE/99CJbL4gLyRmRXvK//w6kEFEEMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVF8zMElsc3ZpQXZKR1pGZThyX19EcVFRVVFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhDMxSoQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBnhKYvRaLGP00Ynklbk54EAC8iKoWGU3FovH7a
ODQEhnoAXKtCK4TeARjgNORxd36Bc/MOp5De66ALJJtkJueVq7bqUy6ajkVX2DaQ
im1URU8LzlaurKECfMoSAcZCSTcwR9JKXnbveeImQFR9cQu2WrQ62/Ndg0Xr8KQr
H1TK141uwD1TP39QbAhxazT1qMtoAwsocrNfHdMIZD8o1eN4fs6KF21bC/wxXQWI
CjTAKbg3cu7gwPyE7kSliJkFSWftePddiCthqFGSpcBP3YTlvCOMrb2xlhg+STXP
rof15v1JIJcOntPpHmhnvd+nHrljM6bvZu1qWWFFotPWZYRQ
-----END CERTIFICATE-----