Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cpeMIIAmrkTgEU4efCzcchfXfGI.roa
File:                     cpeMIIAmrkTgEU4efCzcchfXfGI.roa (raw, json)
Hash identifier:          LnfmY6wlwd+WFowFOAOd7/P4zgkacvxas1Bchs9q+Rc=
Subject key identifier:   72:97:8C:20:80:26:AE:44:E0:11:4E:1E:7C:2C:DC:72:17:D7:7C:62
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018E4422A7236AA3CE18C62E0189434701A1
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cpeMIIAmrkTgEU4efCzcchfXfGI.roa
Signing time:             Fri 15 Mar 2024 22:01:45 +0000
ROA not before:           Fri 15 Mar 2024 22:01:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211640
IP address blocks:        2a10:2f00:168::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:44:22:a7:23:6a:a3:ce:18:c6:2e:01:89:43:47:01:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Mar 15 22:01:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72978c208026ae44e0114e1e7c2cdc7217d77c62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ad:dd:6f:30:ae:d8:7d:5c:45:86:56:0c:9d:
                    df:89:12:36:d7:b4:21:b0:4e:8e:61:83:4e:a1:bd:
                    24:62:43:c9:ad:f3:bc:36:d3:d2:52:bf:3f:48:38:
                    37:4e:07:2e:aa:b8:90:ea:7e:8a:fe:18:72:f9:bb:
                    4f:df:eb:c9:1c:3f:84:44:ab:e3:b6:95:8c:45:41:
                    cf:e2:30:41:8d:fb:1a:97:1a:cd:cf:3e:ba:22:b9:
                    d1:a3:a4:02:f1:e5:39:07:71:90:71:aa:bc:b7:d4:
                    76:12:18:44:43:7d:1a:9c:50:61:bc:d6:67:1a:47:
                    cb:08:72:04:71:01:af:c0:72:ab:c2:7b:45:07:a8:
                    ac:96:c9:7f:39:8d:7e:b6:8c:80:8a:b3:af:44:19:
                    b5:78:7b:0d:b5:d2:ca:19:22:3e:67:34:b5:a9:24:
                    99:d8:9a:64:1e:47:c3:b9:4f:39:26:e5:35:8f:90:
                    ba:38:71:f0:8b:b2:9b:f0:e2:de:08:13:97:30:4c:
                    1e:cb:cb:0b:f3:ae:c1:08:25:a5:b6:0d:f5:1b:a0:
                    97:92:b4:fc:a0:84:69:44:ad:00:e5:fa:9b:95:01:
                    2b:d2:cd:20:89:f4:c2:07:b9:e8:ae:a2:5b:90:95:
                    5f:e9:eb:e4:88:59:29:0b:8f:05:7e:13:80:3d:b8:
                    05:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:97:8C:20:80:26:AE:44:E0:11:4E:1E:7C:2C:DC:72:17:D7:7C:62
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/cpeMIIAmrkTgEU4efCzcchfXfGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:168::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:81:98:a6:21:20:3e:1c:de:e2:95:a5:ba:e2:b8:9a:36:90:
         35:00:a8:0b:fd:65:65:97:c9:57:36:98:84:17:23:af:9d:e8:
         e0:85:91:bd:51:0e:07:50:0e:18:de:63:52:3f:2e:cf:5e:22:
         f3:90:a0:53:31:ce:8a:ca:82:7d:b5:97:71:80:c1:b7:af:5d:
         9d:e2:8c:1f:0e:06:cc:86:fb:74:ac:77:9d:c2:05:9a:31:70:
         2e:9e:d0:ba:ce:c4:6a:e3:fb:3b:fa:17:38:0f:93:34:c5:b3:
         c7:75:44:e1:0e:0f:30:28:dc:f6:31:54:47:03:7d:db:25:1e:
         f1:b7:8d:c3:28:e7:e2:16:7d:07:70:ce:5c:b2:2c:b9:17:31:
         90:bf:7d:c2:96:5a:f8:08:75:6e:f2:76:58:05:2d:e4:f5:ea:
         47:ba:57:80:c1:f6:61:65:61:6d:ed:a8:5b:2c:f4:b8:64:3b:
         eb:74:4b:09:3f:82:94:1e:73:52:c4:29:62:8c:96:b7:0e:89:
         57:ba:cc:d3:b9:a6:fe:33:4d:9e:d4:98:48:a5:29:c9:59:9a:
         22:b7:8a:b7:8b:84:85:fa:2d:a2:71:5d:47:9c:a9:40:cc:b4:
         97:73:ee:e2:d4:3e:b5:3e:92:23:68:b9:8d:ad:68:28:0a:29:
         eb:71:e5:81
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY5EIqcjaqPOGMYuAYlDRwGhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMzE1MjIwMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mjk3OGMyMDgwMjZhZTQ0ZTAxMTRlMWU3YzJjZGM3MjE3ZDc3YzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlK3dbzCu2H1cRYZWDJ3fiRI217Qh
sE6OYYNOob0kYkPJrfO8NtPSUr8/SDg3TgcuqriQ6n6K/hhy+btP3+vJHD+ERKvj
tpWMRUHP4jBBjfsalxrNzz66IrnRo6QC8eU5B3GQcaq8t9R2EhhEQ30anFBhvNZn
GkfLCHIEcQGvwHKrwntFB6islsl/OY1+toyAirOvRBm1eHsNtdLKGSI+ZzS1qSSZ
2JpkHkfDuU85JuU1j5C6OHHwi7Kb8OLeCBOXMEwey8sL867BCCWltg31G6CXkrT8
oIRpRK0A5fqblQEr0s0gifTCB7norqJbkJVf6evkiFkpC48FfhOAPbgFUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHKXjCCAJq5E4BFOHnws3HIX13xiMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvY3BlTUlJQW1ya1RnRVU0ZWZDemNjaGZYZkdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAFo
MA0GCSqGSIb3DQEBCwUAA4IBAQB+gZimISA+HN7ilaW64riaNpA1AKgL/WVll8lX
NpiEFyOvnejghZG9UQ4HUA4Y3mNSPy7PXiLzkKBTMc6KyoJ9tZdxgMG3r12d4owf
DgbMhvt0rHedwgWaMXAuntC6zsRq4/s7+hc4D5M0xbPHdUThDg8wKNz2MVRHA33b
JR7xt43DKOfiFn0HcM5csiy5FzGQv33Cllr4CHVu8nZYBS3k9epHuleAwfZhZWFt
7ahbLPS4ZDvrdEsJP4KUHnNSxClijJa3DolXuszTuab+M02e1JhIpSnJWZoit4q3
i4SF+i2icV1HnKlAzLSXc+7i1D61PpIjaLmNrWgoCinrceWB
-----END CERTIFICATE-----