Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/btpv7INuqnndbanjZfBh-tCXcLM.roa
File:                     btpv7INuqnndbanjZfBh-tCXcLM.roa (raw, json)
Hash identifier:          WRDHYDtsK5tbT5Hc38P9OGeeiZWZpxukEekYZAVjOCQ=
Subject key identifier:   6E:DA:6F:EC:83:6E:AA:79:DD:6D:A9:E3:65:F0:61:FA:D0:97:70:B3
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0190077E4843BA340244D4A2B7691E9481F1
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/btpv7INuqnndbanjZfBh-tCXcLM.roa
Signing time:             Tue 11 Jun 2024 13:30:34 +0000
ROA not before:           Tue 11 Jun 2024 13:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52041
IP address blocks:        2a10:ccc0:110::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:07:7e:48:43:ba:34:02:44:d4:a2:b7:69:1e:94:81:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun 11 13:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6eda6fec836eaa79dd6da9e365f061fad09770b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:8a:57:06:5e:00:f0:66:ff:a1:01:88:a4:ab:
                    5d:9c:88:00:6a:32:de:5e:a0:0a:0f:0a:19:91:6b:
                    f1:3c:93:bd:54:9a:79:6a:50:b9:12:13:92:87:93:
                    68:a6:1e:cb:f3:ce:39:c1:8a:11:b1:39:d6:74:ba:
                    ab:fb:1c:86:fe:7c:ee:e5:88:3c:2f:a5:d2:5a:14:
                    ae:58:fa:37:fc:8d:f8:88:7d:61:b9:f3:29:ff:a0:
                    14:2c:b2:f3:65:9e:29:f5:d9:1d:2c:dc:10:fe:36:
                    1a:f5:c4:2f:b9:d2:48:84:03:54:c8:c5:3b:24:e6:
                    4b:d6:d1:8e:90:9d:93:03:fb:bf:4e:7f:75:ab:d7:
                    66:36:94:b2:a2:48:f4:ce:a5:1b:7c:42:45:ad:1a:
                    78:1d:8c:97:2d:7f:d3:92:7c:64:85:bb:ae:69:c2:
                    9c:a1:c9:dd:54:76:cd:85:35:3d:7a:b6:50:c0:cc:
                    24:73:16:7c:0a:1d:7b:b1:05:3a:37:72:e3:f1:84:
                    ff:8e:9c:1f:09:f9:9a:3c:78:5d:6a:2e:5f:5f:be:
                    c9:7f:dd:09:1a:96:57:be:78:16:70:68:40:61:7c:
                    c2:16:bf:2f:d5:a4:d3:8d:50:9c:6b:09:3e:c1:13:
                    1c:b8:b0:f4:6e:1e:ab:dc:3d:b4:a5:e6:41:ea:9c:
                    50:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:DA:6F:EC:83:6E:AA:79:DD:6D:A9:E3:65:F0:61:FA:D0:97:70:B3
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/btpv7INuqnndbanjZfBh-tCXcLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc0:110::/44

    Signature Algorithm: sha256WithRSAEncryption
         ca:03:d3:e3:7c:da:f3:51:e2:1c:67:4e:e5:63:0c:5a:a5:1f:
         7e:41:9d:8a:c6:6d:57:33:23:88:c7:16:40:86:c3:94:33:74:
         7e:2f:c7:bc:8d:3f:02:13:6b:3a:62:45:ec:ba:3c:6a:8c:d8:
         9d:84:fe:ae:13:9f:7f:cf:1c:88:f7:a6:5a:0d:e6:1f:30:0d:
         c2:4e:48:ba:44:20:c4:c1:72:28:34:90:04:15:cb:17:09:22:
         4f:e8:32:65:a6:ed:f1:47:55:26:5c:fe:a5:94:e3:bd:5d:51:
         fc:2f:1e:b3:42:92:a6:71:76:a2:34:fd:1c:cf:0b:fb:9d:9a:
         51:73:7c:a8:d5:1b:ef:ad:64:f3:23:61:42:ac:bd:68:18:3c:
         4f:44:bd:35:3e:83:ed:ef:13:75:72:60:f4:ec:23:03:57:80:
         40:8d:b5:bc:fa:9d:bb:1b:50:47:a4:ab:ba:b6:2c:aa:68:00:
         fd:c3:0d:43:d9:fd:0a:49:1b:f8:b5:ca:45:6c:74:1a:e6:f0:
         52:5a:f1:7f:03:ce:c0:b5:d0:0f:40:dc:ed:8a:6a:ed:e2:90:
         f9:06:b6:db:ef:70:50:5f:8f:6d:07:99:6e:ea:6a:83:41:f7:
         fa:ab:8f:00:0b:d7:c0:2a:b9:07:3c:28:8c:5d:8d:ee:26:1e:
         42:55:fa:5c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAHfkhDujQCRNSit2kelIHxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNjExMTMzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWRhNmZlYzgzNmVhYTc5ZGQ2ZGE5ZTM2NWYwNjFmYWQwOTc3MGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8YpXBl4A8Gb/oQGIpKtdnIgAajLe
XqAKDwoZkWvxPJO9VJp5alC5EhOSh5Noph7L8845wYoRsTnWdLqr+xyG/nzu5Yg8
L6XSWhSuWPo3/I34iH1hufMp/6AULLLzZZ4p9dkdLNwQ/jYa9cQvudJIhANUyMU7
JOZL1tGOkJ2TA/u/Tn91q9dmNpSyokj0zqUbfEJFrRp4HYyXLX/TknxkhbuuacKc
ocndVHbNhTU9erZQwMwkcxZ8Ch17sQU6N3Lj8YT/jpwfCfmaPHhdai5fX77Jf90J
GpZXvngWcGhAYXzCFr8v1aTTjVCcawk+wRMcuLD0bh6r3D20peZB6pxQbQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG7ab+yDbqp53W2p42XwYfrQl3CzMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvYnRwdjdJTnVxbm5kYmFualpmQmgtdENYY0xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhDMwAEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDKA9PjfNrzUeIcZ07lYwxapR9+QZ2Kxm1XMyOI
xxZAhsOUM3R+L8e8jT8CE2s6YkXsujxqjNidhP6uE59/zxyI96ZaDeYfMA3CTki6
RCDEwXIoNJAEFcsXCSJP6DJlpu3xR1UmXP6llOO9XVH8Lx6zQpKmcXaiNP0czwv7
nZpRc3yo1RvvrWTzI2FCrL1oGDxPRL01PoPt7xN1cmD07CMDV4BAjbW8+p27G1BH
pKu6tiyqaAD9ww1D2f0KSRv4tcpFbHQa5vBSWvF/A87AtdAPQNztimrt4pD5Brbb
73BQX49tB5lu6mqDQff6q48AC9fAKrkHPCiMXY3uJh5CVfpc
-----END CERTIFICATE-----