Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/chi65HjnLPvH7fpPexM2ES7kUWE.roa
File:                     chi65HjnLPvH7fpPexM2ES7kUWE.roa (raw, json)
Hash identifier:          voJz3A0RSLNx1Ru5kcZCN9WUiT1SuoKCrniyzHh0jr0=
Subject key identifier:   72:18:BA:E4:78:E7:2C:FB:C7:ED:FA:4F:7B:13:36:11:2E:E4:51:61
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD1A83CFA8457E0B37F4F7DDB2D3B8
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/chi65HjnLPvH7fpPexM2ES7kUWE.roa
Signing time:             Tue 02 Jan 2024 10:34:22 +0000
ROA not before:           Tue 02 Jan 2024 10:34:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208893
IP address blocks:        2a10:2f00:17d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:38:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:1a:83:cf:a8:45:7e:0b:37:f4:f7:dd:b2:d3:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7218bae478e72cfbc7edfa4f7b1336112ee45161
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:4e:36:7c:4b:86:1f:8b:57:36:f0:39:d5:f1:
                    67:d1:78:02:19:44:94:2d:a6:0b:41:d6:a6:1e:6e:
                    d2:3f:79:69:62:96:4f:8b:ed:3b:d7:00:0a:cc:81:
                    15:7a:8f:8c:60:48:96:19:99:5b:31:b1:c8:d6:5f:
                    e6:4d:ec:75:df:d7:81:48:36:89:96:5e:6d:4f:39:
                    d4:2c:41:e7:e5:91:fa:af:a7:23:2c:b8:a4:6f:ff:
                    88:5c:23:d5:53:bb:d4:b5:ff:57:91:62:6c:10:11:
                    7e:cf:90:dc:06:ac:e4:31:d2:30:1e:73:05:dd:6c:
                    9d:80:c4:8e:57:a4:47:2d:36:2d:32:5e:70:b1:63:
                    b0:02:18:33:0e:04:53:81:21:39:9e:70:01:9f:9c:
                    8e:f3:68:08:a4:67:f8:cb:b3:51:15:b3:f1:64:ca:
                    20:84:35:0d:c5:ab:21:81:dc:ed:85:5f:23:59:aa:
                    23:58:9b:4b:90:82:ec:c7:cf:f0:44:db:5d:c8:a5:
                    6d:57:3d:db:ce:1e:d6:82:49:81:5f:bd:c0:d8:b0:
                    77:2c:9e:b2:b0:93:d5:0d:e4:46:ab:25:d0:d3:c4:
                    14:f5:fb:c3:93:61:2f:b1:3e:20:2b:97:c2:45:c7:
                    24:ba:1f:58:02:30:de:d7:11:75:66:37:4a:4c:b7:
                    e3:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:18:BA:E4:78:E7:2C:FB:C7:ED:FA:4F:7B:13:36:11:2E:E4:51:61
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/chi65HjnLPvH7fpPexM2ES7kUWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:17d::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:32:0c:57:03:4a:2e:6f:b3:86:cc:8b:87:be:57:bc:f4:54:
         e5:75:59:fd:86:df:d5:e1:c0:29:2b:e4:02:ca:3d:b7:e1:15:
         93:84:5a:fb:da:bb:8f:9d:4a:6f:5d:39:4f:fd:9d:ff:e5:4c:
         dd:bb:02:36:ce:82:8e:ed:f4:a4:43:50:9e:c1:a0:8a:69:c9:
         08:2a:7c:0e:61:f1:14:ff:03:ed:81:70:bc:30:53:b9:64:4d:
         98:6d:7d:7b:d6:db:f7:9d:05:b4:e4:44:ec:9f:0a:a9:3c:4c:
         0b:d3:1d:06:29:eb:14:14:c9:f3:db:ef:e8:a5:d0:69:6f:c6:
         6d:fe:ef:7f:b9:98:3c:2c:19:20:37:6f:8d:2b:49:ff:57:8b:
         99:66:7e:f8:46:f1:35:36:1a:af:03:92:2b:b2:0a:b1:b1:2a:
         38:2b:0b:51:b6:0c:5b:cb:c3:f7:6b:f9:16:70:0d:b8:3c:58:
         08:d4:b3:59:e2:4a:9d:3c:a3:5e:73:11:07:a3:3a:64:2e:4c:
         e7:d4:45:e4:7e:b8:58:16:13:8d:1b:07:84:43:e5:b7:75:45:
         ec:f7:6e:bb:2d:84:02:9c:93:43:d2:f2:0b:82:ae:80:5a:cf:
         11:2d:ec:66:ce:89:95:94:29:d6:be:45:91:01:04:9a:f8:f8:
         8e:1f:f2:4f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvRqDz6hFfgs39PfdstO4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjE4YmFlNDc4ZTcyY2ZiYzdlZGZhNGY3YjEzMzYxMTJlZTQ1MTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgU42fEuGH4tXNvA51fFn0XgCGUSU
LaYLQdamHm7SP3lpYpZPi+071wAKzIEVeo+MYEiWGZlbMbHI1l/mTex139eBSDaJ
ll5tTznULEHn5ZH6r6cjLLikb/+IXCPVU7vUtf9XkWJsEBF+z5DcBqzkMdIwHnMF
3WydgMSOV6RHLTYtMl5wsWOwAhgzDgRTgSE5nnABn5yO82gIpGf4y7NRFbPxZMog
hDUNxashgdzthV8jWaojWJtLkILsx8/wRNtdyKVtVz3bzh7WgkmBX73A2LB3LJ6y
sJPVDeRGqyXQ08QU9fvDk2EvsT4gK5fCRcckuh9YAjDe1xF1ZjdKTLfjRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHIYuuR45yz7x+36T3sTNhEu5FFhMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvY2hpNjVIam5MUHZIN2ZwUGV4TTJFUzdrVVdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAF9
MA0GCSqGSIb3DQEBCwUAA4IBAQA+MgxXA0oub7OGzIuHvle89FTldVn9ht/V4cAp
K+QCyj234RWThFr72ruPnUpvXTlP/Z3/5UzduwI2zoKO7fSkQ1CewaCKackIKnwO
YfEU/wPtgXC8MFO5ZE2YbX171tv3nQW05ETsnwqpPEwL0x0GKesUFMnz2+/opdBp
b8Zt/u9/uZg8LBkgN2+NK0n/V4uZZn74RvE1NhqvA5IrsgqxsSo4KwtRtgxby8P3
a/kWcA24PFgI1LNZ4kqdPKNecxEHozpkLkzn1EXkfrhYFhONGweEQ+W3dUXs9267
LYQCnJND0vILgq6AWs8RLexmzomVlCnWvkWRAQSa+PiOH/JP
-----END CERTIFICATE-----