Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ex92rJzGeHMqSuXJS-Jf6Ptrd9U.roa
File:                     ex92rJzGeHMqSuXJS-Jf6Ptrd9U.roa (raw, json)
Hash identifier:          xvTsy1tbHKDMap5BHzDz249Xucy4ld8+/caZ/agqL3g=
Subject key identifier:   7B:1F:76:AC:9C:C6:78:73:2A:4A:E5:C9:4B:E2:5F:E8:FB:6B:77:D5
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCE4B6D7CD5CD402D59E81C9913D41
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ex92rJzGeHMqSuXJS-Jf6Ptrd9U.roa
Signing time:             Tue 02 Jan 2024 10:34:08 +0000
ROA not before:           Tue 02 Jan 2024 10:34:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151202
IP address blocks:        2a10:ccc0:cc0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e4:b6:d7:cd:5c:d4:02:d5:9e:81:c9:91:3d:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b1f76ac9cc678732a4ae5c94be25fe8fb6b77d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:53:23:79:0c:3b:2d:cb:e3:65:36:e9:56:e2:
                    91:23:8a:75:20:da:8e:e2:94:18:81:f2:37:5b:35:
                    f9:80:c7:c4:e1:04:2a:36:db:71:bb:6d:b2:d1:e8:
                    af:ed:15:2f:28:79:2c:43:90:fd:15:34:0d:80:f4:
                    57:4d:c2:fe:f2:83:a9:f8:66:c6:09:84:10:79:73:
                    e3:71:d0:74:20:31:dc:d1:c7:18:e2:26:91:e0:89:
                    11:07:48:ce:1a:b5:8f:39:a4:0c:1a:ba:a7:94:ab:
                    fd:f0:80:64:9f:19:eb:e7:4a:67:01:ef:78:0a:8e:
                    ba:74:36:0b:c8:7c:dc:90:2b:2e:60:5b:82:74:5b:
                    f0:a5:7d:8f:ff:2b:b0:3a:4d:3c:46:12:09:3e:7f:
                    00:43:f4:ec:ff:8b:f0:eb:96:f6:a1:d9:97:ec:ff:
                    f6:cb:d0:fa:7b:aa:41:ce:82:38:8a:b0:94:48:12:
                    8b:b8:88:08:d9:92:58:33:aa:3c:e7:e9:fc:54:1f:
                    e5:4c:31:d4:61:f4:1b:49:a4:de:96:80:56:24:87:
                    0b:f1:68:e8:ac:17:64:8d:34:da:ef:9b:43:c3:79:
                    d2:cf:2f:80:09:81:45:0b:74:04:48:85:ab:df:7d:
                    41:7d:34:f4:6d:36:3b:04:ae:d1:0d:c8:3c:ad:c2:
                    7e:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:1F:76:AC:9C:C6:78:73:2A:4A:E5:C9:4B:E2:5F:E8:FB:6B:77:D5
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ex92rJzGeHMqSuXJS-Jf6Ptrd9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc0:cc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         06:fa:92:55:a8:80:e7:4c:7e:19:68:6c:3a:ed:d6:08:fb:63:
         82:b5:bc:a1:67:1b:dc:c1:bd:e5:6e:8f:00:1e:a2:62:ee:b2:
         04:0f:33:d8:b3:74:65:4b:03:31:c5:2d:17:28:2d:c1:f6:c3:
         61:1f:ca:dd:92:ea:5f:c0:7d:7e:4d:6a:63:7e:1a:66:a5:50:
         da:08:57:4b:5e:fd:31:6c:f1:15:73:ae:51:ed:bd:42:70:ca:
         8c:8e:29:c3:e2:18:ba:ba:de:ad:91:19:c0:6f:b7:32:70:fe:
         9b:95:74:5c:72:42:9b:bd:6f:12:99:ec:19:ea:ab:18:2b:a4:
         cf:12:ce:29:88:08:a6:7e:43:47:f7:fc:8f:83:3a:6d:e2:ae:
         7e:73:6f:d2:d6:47:2c:cb:90:85:3d:a1:f1:b6:13:d1:e8:a9:
         3b:40:1c:c0:52:c6:f9:50:87:d6:30:7c:9c:b1:fd:ac:25:8e:
         78:d5:97:07:14:d7:e0:4a:35:fd:b2:32:93:ad:90:ea:6e:75:
         86:5a:e5:1a:fd:a0:d0:42:fb:45:d6:82:7c:1e:6a:82:9b:20:
         75:4d:49:5b:9d:4a:be:e5:0b:bc:8b:f1:ec:d8:31:cf:85:3a:
         37:7d:b8:f6:5a:88:85:bf:7d:90:5b:02:39:7e:06:af:e6:56:
         22:21:be:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvOS2181c1ALVnoHJkT1BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjFmNzZhYzljYzY3ODczMmE0YWU1Yzk0YmUyNWZlOGZiNmI3N2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFMjeQw7LcvjZTbpVuKRI4p1INqO
4pQYgfI3WzX5gMfE4QQqNttxu22y0eiv7RUvKHksQ5D9FTQNgPRXTcL+8oOp+GbG
CYQQeXPjcdB0IDHc0ccY4iaR4IkRB0jOGrWPOaQMGrqnlKv98IBknxnr50pnAe94
Co66dDYLyHzckCsuYFuCdFvwpX2P/yuwOk08RhIJPn8AQ/Ts/4vw65b2odmX7P/2
y9D6e6pBzoI4irCUSBKLuIgI2ZJYM6o85+n8VB/lTDHUYfQbSaTeloBWJIcL8Wjo
rBdkjTTa75tDw3nSzy+ACYFFC3QESIWr331BfTT0bTY7BK7RDcg8rcJ+4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHsfdqycxnhzKkrlyUviX+j7a3fVMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZXg5MnJKekdlSE1xU3VYSlMtSmY2UHRyZDlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhDMwAzA
MA0GCSqGSIb3DQEBCwUAA4IBAQAG+pJVqIDnTH4ZaGw67dYI+2OCtbyhZxvcwb3l
bo8AHqJi7rIEDzPYs3RlSwMxxS0XKC3B9sNhH8rdkupfwH1+TWpjfhpmpVDaCFdL
Xv0xbPEVc65R7b1CcMqMjinD4hi6ut6tkRnAb7cycP6blXRcckKbvW8SmewZ6qsY
K6TPEs4piAimfkNH9/yPgzpt4q5+c2/S1kcsy5CFPaHxthPR6Kk7QBzAUsb5UIfW
MHycsf2sJY541ZcHFNfgSjX9sjKTrZDqbnWGWuUa/aDQQvtF1oJ8HmqCmyB1TUlb
nUq+5Qu8i/Hs2DHPhTo3fbj2WoiFv32QWwI5fgav5lYiIb6z
-----END CERTIFICATE-----