Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bfn3H1eWokzny1577bQJTVoDUG0.roa
File:                     bfn3H1eWokzny1577bQJTVoDUG0.roa (raw, json)
Hash identifier:          QZY2hH+qJPb1dab/RsLklvWkcpf4xuSU0CiqP/dCdGI=
Subject key identifier:   6D:F9:F7:1F:57:96:A2:4C:E7:CB:5E:7B:ED:B4:09:4D:5A:03:50:6D
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD124E19596C4573893B138482A9EC
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bfn3H1eWokzny1577bQJTVoDUG0.roa
Signing time:             Tue 02 Jan 2024 10:34:20 +0000
ROA not before:           Tue 02 Jan 2024 10:34:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207317
IP address blocks:        2a10:2f00:11a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:12:4e:19:59:6c:45:73:89:3b:13:84:82:a9:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6df9f71f5796a24ce7cb5e7bedb4094d5a03506d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c3:b3:e3:ea:c7:6b:39:22:da:27:1c:49:0f:
                    11:52:f4:67:48:77:0c:ce:4a:0e:8e:13:e9:7d:53:
                    63:22:0b:ed:08:ea:a4:96:42:88:07:02:89:f8:28:
                    63:aa:b2:32:96:a7:ab:23:29:5b:d3:4e:20:c7:9e:
                    57:51:95:f6:8c:b2:58:e8:e8:0d:b7:51:d4:59:de:
                    f5:f3:bc:7c:ae:2f:88:ff:0d:bb:de:cd:74:6a:7d:
                    cf:da:3f:48:32:37:e8:9d:ac:23:ab:06:05:41:2c:
                    07:7b:12:33:34:8d:88:94:89:e5:93:f5:48:d9:74:
                    43:e7:fb:ee:61:fd:4d:c3:bb:c7:a7:7b:2d:7b:f1:
                    f5:2b:91:18:c6:66:08:20:6f:2d:f8:b9:7c:71:80:
                    ee:17:d6:82:02:26:61:99:fc:24:95:21:d3:21:fd:
                    bf:f6:d8:0c:ea:c3:01:d9:20:8f:6f:27:70:88:78:
                    c1:9c:3a:fd:fb:5c:4e:88:cb:2d:ce:3c:5a:18:32:
                    96:a8:f5:af:d5:4e:e1:d5:cf:3a:13:e3:fd:f2:33:
                    c9:00:a3:ae:69:97:b8:d7:0b:91:eb:7d:ed:dd:67:
                    3d:55:92:2c:83:f4:96:18:a8:71:b2:7d:16:82:37:
                    29:69:30:c6:6b:a3:e4:dd:b5:bc:c4:c3:0c:cd:fe:
                    5e:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:F9:F7:1F:57:96:A2:4C:E7:CB:5E:7B:ED:B4:09:4D:5A:03:50:6D
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/bfn3H1eWokzny1577bQJTVoDUG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:11a::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:e0:72:5b:d8:4d:cb:58:9b:c6:b1:74:e3:d1:07:ff:d6:63:
         8a:1a:2b:df:f8:53:a2:9f:2d:61:c3:46:7d:b5:91:47:5a:b9:
         28:8b:e4:b9:63:6c:71:bd:bf:7a:44:b3:92:08:9f:01:1d:69:
         00:ea:2b:da:65:ec:02:1b:c5:2a:6c:8a:6f:4e:35:92:08:c3:
         e9:5f:05:d1:aa:09:5b:f8:89:94:c3:bc:ab:fb:af:f4:c2:2a:
         b9:09:dd:a8:90:c1:5c:02:d6:62:f1:9f:cf:76:cd:9e:d4:8d:
         f3:fc:32:88:85:66:9e:aa:a7:fd:4f:b4:d1:84:ae:8c:52:47:
         de:ca:a3:31:da:93:d5:19:6c:a6:0b:f9:7d:3c:e1:be:73:4e:
         81:25:b2:1c:ec:81:9d:b7:29:87:4e:d0:ad:72:81:05:36:c3:
         ee:dc:e2:0b:81:0d:27:80:79:75:95:86:bf:5d:39:e4:9f:31:
         0a:de:33:40:68:5b:6e:4a:02:cc:b1:6f:8a:fa:01:f8:1e:67:
         72:ce:df:84:96:55:9f:02:87:e5:8b:21:68:3e:6c:3c:27:f0:
         3b:d4:59:24:24:f7:62:50:da:12:64:db:66:eb:91:ec:b1:f4:
         19:e0:3c:0c:89:8b:16:cc:97:ba:78:db:dd:d3:c0:9d:77:50:
         e0:57:3a:1b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvRJOGVlsRXOJOxOEgqnsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGY5ZjcxZjU3OTZhMjRjZTdjYjVlN2JlZGI0MDk0ZDVhMDM1MDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMOz4+rHazki2iccSQ8RUvRnSHcM
zkoOjhPpfVNjIgvtCOqklkKIBwKJ+ChjqrIylqerIylb004gx55XUZX2jLJY6OgN
t1HUWd7187x8ri+I/w273s10an3P2j9IMjfonawjqwYFQSwHexIzNI2IlInlk/VI
2XRD5/vuYf1Nw7vHp3ste/H1K5EYxmYIIG8t+Ll8cYDuF9aCAiZhmfwklSHTIf2/
9tgM6sMB2SCPbydwiHjBnDr9+1xOiMstzjxaGDKWqPWv1U7h1c86E+P98jPJAKOu
aZe41wuR633t3Wc9VZIsg/SWGKhxsn0WgjcpaTDGa6Pk3bW8xMMMzf5eEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG359x9XlqJM58tee+20CU1aA1BtMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvYmZuM0gxZVdva3pueTE1NzdiUUpUVm9EVUcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAEa
MA0GCSqGSIb3DQEBCwUAA4IBAQAy4HJb2E3LWJvGsXTj0Qf/1mOKGivf+FOiny1h
w0Z9tZFHWrkoi+S5Y2xxvb96RLOSCJ8BHWkA6ivaZewCG8UqbIpvTjWSCMPpXwXR
qglb+ImUw7yr+6/0wiq5Cd2okMFcAtZi8Z/Pds2e1I3z/DKIhWaeqqf9T7TRhK6M
UkfeyqMx2pPVGWymC/l9POG+c06BJbIc7IGdtymHTtCtcoEFNsPu3OILgQ0ngHl1
lYa/XTnknzEK3jNAaFtuSgLMsW+K+gH4Hmdyzt+EllWfAofliyFoPmw8J/A71Fkk
JPdiUNoSZNtm65HssfQZ4DwMiYsWzJe6eNvd08Cdd1DgVzob
-----END CERTIFICATE-----