Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_TzoftmE0vZ0dU4xJaev4GwunoA.roa
File:                     _TzoftmE0vZ0dU4xJaev4GwunoA.roa (raw, json)
Hash identifier:          7qaEV6eec2HTBj7136OvNa6/plTeqTEymWOLoPlCFV4=
Subject key identifier:   FD:3C:E8:7E:D9:84:D2:F6:74:75:4E:31:25:A7:AF:E0:6C:2E:9E:80
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019370552DB90500533D19FB7A5250FBAD0B
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_TzoftmE0vZ0dU4xJaev4GwunoA.roa
Signing time:             Thu 28 Nov 2024 01:14:10 +0000
ROA not before:           Thu 28 Nov 2024 01:14:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60474
IP address blocks:        2a10:ccc0:d1c0::/44 maxlen: 48
                          2a10:ccc0:d1c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 13:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:70:55:2d:b9:05:00:53:3d:19:fb:7a:52:50:fb:ad:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Nov 28 01:14:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd3ce87ed984d2f674754e3125a7afe06c2e9e80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:5c:25:d6:e7:36:d0:a5:05:b8:03:0f:ef:d7:
                    e2:8e:7a:7a:46:d2:a1:1d:69:3a:21:d5:0d:73:ee:
                    e2:1d:4b:be:6b:da:63:f3:f3:5b:b6:c1:40:80:33:
                    c6:02:21:bf:cc:14:64:9d:2b:be:60:d7:d1:39:8b:
                    51:47:da:95:6b:4f:a7:0c:97:8d:b0:db:a2:9a:a8:
                    f3:68:b5:25:25:64:12:6a:41:04:67:34:0f:83:ec:
                    4d:13:f4:aa:47:25:c0:26:fa:81:23:b9:76:6f:8d:
                    a0:3b:16:f9:ea:6b:06:86:01:99:5e:8b:e6:75:af:
                    76:10:ec:1f:eb:5e:cc:45:de:6c:85:99:c4:4e:82:
                    bc:fa:35:62:61:88:c3:0c:5b:cd:49:a7:60:6e:5c:
                    3f:56:fa:b8:2e:a3:99:52:4b:0b:db:e0:f8:8a:b2:
                    9a:6f:30:1c:f1:96:51:b6:96:43:ae:6a:d8:78:84:
                    61:50:7b:01:7e:12:7b:7b:76:d2:be:2b:8e:b5:31:
                    8f:8a:90:63:da:ce:c2:cf:61:ac:17:0e:ac:6e:41:
                    79:dc:83:9f:48:a1:ee:cb:9f:56:b8:47:0e:6e:b6:
                    4c:3f:14:bc:77:10:c3:eb:a9:bb:ff:f6:92:61:8e:
                    77:f6:e4:bd:28:2b:77:a6:a9:18:0f:76:8d:01:9a:
                    63:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:3C:E8:7E:D9:84:D2:F6:74:75:4E:31:25:A7:AF:E0:6C:2E:9E:80
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_TzoftmE0vZ0dU4xJaev4GwunoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc0:d1c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         ad:01:0e:3d:99:72:ba:fd:ca:5f:7e:53:84:27:3e:b7:22:57:
         eb:a2:b4:b8:e9:11:52:0f:ba:1c:b7:ea:75:2f:ef:5e:68:00:
         e5:58:a4:0f:b5:ef:2c:74:a5:3a:2d:c3:e3:d2:c9:c8:af:9b:
         97:80:33:0f:48:23:d1:a3:0f:b5:63:3a:e1:7f:c9:5d:ce:21:
         f6:87:cc:69:bc:2d:f6:da:7c:d1:3c:d7:29:0e:ec:2f:ba:97:
         f2:3a:42:44:35:f4:15:57:f6:95:84:c3:56:e5:90:72:5b:68:
         d6:db:6e:41:d5:a0:6c:6c:2b:b6:03:f9:ea:33:a8:fb:38:01:
         1a:9a:f3:b8:b4:91:44:d8:8b:db:0c:1e:82:19:f3:3f:8c:cc:
         db:4c:31:79:07:0f:99:e0:9f:55:6f:5d:1c:fc:b9:f6:23:bd:
         4c:6d:ca:58:40:82:31:6f:2a:a9:1e:32:e9:7b:85:b9:dc:7a:
         98:40:97:55:80:3f:98:07:3b:47:2e:2b:c9:d0:3b:c1:dd:43:
         02:bf:90:ff:83:6f:2e:5c:5d:45:1c:27:0e:58:ce:b1:77:d0:
         5b:e2:97:30:2f:d7:10:7d:3e:ef:b7:d1:04:24:12:c1:2d:ee:
         72:c6:8d:9b:2f:7f:34:49:a8:e1:98:3a:e9:c0:98:3c:a5:84:
         e8:ff:76:01
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZNwVS25BQBTPRn7elJQ+60LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQxMTI4MDExNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDNjZTg3ZWQ5ODRkMmY2NzQ3NTRlMzEyNWE3YWZlMDZjMmU5ZTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA41wl1uc20KUFuAMP79fijnp6RtKh
HWk6IdUNc+7iHUu+a9pj8/NbtsFAgDPGAiG/zBRknSu+YNfROYtRR9qVa0+nDJeN
sNuimqjzaLUlJWQSakEEZzQPg+xNE/SqRyXAJvqBI7l2b42gOxb56msGhgGZXovm
da92EOwf617MRd5shZnEToK8+jViYYjDDFvNSadgblw/Vvq4LqOZUksL2+D4irKa
bzAc8ZZRtpZDrmrYeIRhUHsBfhJ7e3bSviuOtTGPipBj2s7Cz2GsFw6sbkF53IOf
SKHuy59WuEcObrZMPxS8dxDD66m7//aSYY539uS9KCt3pqkYD3aNAZpjMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP086H7ZhNL2dHVOMSWnr+BsLp6AMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvX1R6b2Z0bUUwdlowZFU0eEphZXY0R3d1bm9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhDMwNHA
MA0GCSqGSIb3DQEBCwUAA4IBAQCtAQ49mXK6/cpfflOEJz63IlfrorS46RFSD7oc
t+p1L+9eaADlWKQPte8sdKU6LcPj0snIr5uXgDMPSCPRow+1Yzrhf8ldziH2h8xp
vC322nzRPNcpDuwvupfyOkJENfQVV/aVhMNW5ZByW2jW225B1aBsbCu2A/nqM6j7
OAEamvO4tJFE2IvbDB6CGfM/jMzbTDF5Bw+Z4J9Vb10c/Ln2I71MbcpYQIIxbyqp
HjLpe4W53HqYQJdVgD+YBztHLivJ0DvB3UMCv5D/g28uXF1FHCcOWM6xd9Bb4pcw
L9cQfT7vt9EEJBLBLe5yxo2bL380SajhmDrpwJg8pYTo/3YB
-----END CERTIFICATE-----