Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hiE79PXP33D6PjkepXP8T4r2fhE.roa
File:                     hiE79PXP33D6PjkepXP8T4r2fhE.roa (raw, json)
Hash identifier:          rcqiX9IY2uUiCFN31BBewd+ZvKMYKiZZovHd9me4EPE=
Subject key identifier:   86:21:3B:F4:F5:CF:DF:70:FA:3E:39:1E:A5:73:FC:4F:8A:F6:7E:11
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCCBCDDAFAEDEDDE7D9BFC27DC75CF
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hiE79PXP33D6PjkepXP8T4r2fhE.roa
Signing time:             Tue 02 Jan 2024 10:34:02 +0000
ROA not before:           Tue 02 Jan 2024 10:34:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44553
IP address blocks:        2a10:2f00:19e::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:cb:cd:da:fa:ed:ed:de:7d:9b:fc:27:dc:75:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86213bf4f5cfdf70fa3e391ea573fc4f8af67e11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:5d:ba:94:ca:de:0c:53:c8:f2:ae:4b:99:20:
                    37:c9:4b:70:1d:39:94:d6:42:3f:15:34:dd:20:90:
                    2b:73:a0:71:86:9f:f5:4c:25:cf:c5:98:47:ca:ea:
                    3d:ea:13:ce:2f:d5:2e:1a:32:81:15:d1:d8:20:33:
                    4f:f5:c9:96:5e:0b:ac:5c:2f:f1:fb:33:c2:36:93:
                    7b:8a:dd:ad:24:04:07:85:7c:94:18:50:2a:b4:16:
                    b4:ba:4c:e9:d1:ae:02:1b:df:93:54:a3:74:d9:b0:
                    aa:47:24:64:93:a5:6b:11:b6:92:6e:d7:6c:40:32:
                    9c:10:f5:5c:33:4d:01:78:6a:ef:80:4e:5f:5d:be:
                    06:af:86:29:11:2f:f4:75:8d:00:dc:71:f9:6f:b3:
                    58:67:ad:f5:6f:45:7c:35:68:7b:28:44:d2:59:25:
                    79:1b:16:92:f1:2c:6e:3c:cb:ee:5c:98:7e:98:c5:
                    c0:77:75:af:47:15:2f:b6:26:96:b7:36:e1:3b:13:
                    f8:51:1d:9f:4e:ec:23:b7:f1:64:ec:6e:69:76:2b:
                    ff:8f:34:a0:bc:64:bf:65:9b:63:3e:86:2c:e0:2a:
                    66:71:ca:b5:2c:57:df:1d:53:1d:83:6c:8d:84:f3:
                    bb:cd:93:7c:db:1a:62:38:a0:25:41:f5:9e:7f:41:
                    18:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:21:3B:F4:F5:CF:DF:70:FA:3E:39:1E:A5:73:FC:4F:8A:F6:7E:11
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hiE79PXP33D6PjkepXP8T4r2fhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:19e::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:cf:eb:18:72:16:9a:3b:4e:64:1c:79:28:8b:3e:3d:ba:19:
         2a:74:58:59:76:80:56:55:c8:0e:61:b3:e3:f2:d5:bf:6e:eb:
         cd:42:ac:a0:0b:b9:50:39:ca:63:d5:05:de:2e:4b:79:1c:57:
         63:e0:54:d5:4e:59:5d:11:73:9a:e8:d8:90:80:ff:fd:06:4b:
         a2:73:a6:10:7a:0d:40:72:c2:35:6e:4d:a5:ee:77:fa:f0:2b:
         98:e1:7a:26:3b:ae:cb:00:c8:2a:7e:92:d3:23:cc:9d:72:5c:
         ae:48:ab:06:b4:8e:d3:5c:ee:51:6b:27:74:e9:b0:78:e2:fb:
         0e:5e:f0:27:a8:93:f2:bc:44:84:cc:d5:89:b8:2c:52:de:bb:
         31:c5:b0:6a:19:d1:ad:6d:d5:96:29:9d:4f:ab:a4:3f:a7:de:
         cf:b1:ec:9d:d6:55:e3:b4:fa:26:ef:e5:e7:ff:17:98:b8:8b:
         14:59:51:39:55:e1:1b:ce:70:ac:da:a0:d0:17:f6:73:25:df:
         08:9a:9f:9b:bd:1f:84:9e:ed:3c:9f:40:1e:e8:42:8d:54:33:
         df:61:28:b8:dd:a4:f9:9b:03:a2:76:90:7a:dd:bd:33:8e:81:
         69:00:b9:27:cf:0d:3f:ff:35:1b:89:cc:bf:d5:4b:7f:da:e8:
         3e:34:8b:f7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvMvN2vrt7d59m/wn3HXPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjIxM2JmNGY1Y2ZkZjcwZmEzZTM5MWVhNTczZmM0ZjhhZjY3ZTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyV26lMreDFPI8q5LmSA3yUtwHTmU
1kI/FTTdIJArc6Bxhp/1TCXPxZhHyuo96hPOL9UuGjKBFdHYIDNP9cmWXgusXC/x
+zPCNpN7it2tJAQHhXyUGFAqtBa0ukzp0a4CG9+TVKN02bCqRyRkk6VrEbaSbtds
QDKcEPVcM00BeGrvgE5fXb4Gr4YpES/0dY0A3HH5b7NYZ631b0V8NWh7KETSWSV5
GxaS8SxuPMvuXJh+mMXAd3WvRxUvtiaWtzbhOxP4UR2fTuwjt/Fk7G5pdiv/jzSg
vGS/ZZtjPoYs4Cpmccq1LFffHVMdg2yNhPO7zZN82xpiOKAlQfWef0EY0wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIYhO/T1z99w+j45HqVz/E+K9n4RMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvaGlFNzlQWFAzM0Q2UGprZXBYUDhUNHIyZmhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAGe
MA0GCSqGSIb3DQEBCwUAA4IBAQAuz+sYchaaO05kHHkoiz49uhkqdFhZdoBWVcgO
YbPj8tW/buvNQqygC7lQOcpj1QXeLkt5HFdj4FTVTlldEXOa6NiQgP/9Bkuic6YQ
eg1AcsI1bk2l7nf68CuY4XomO67LAMgqfpLTI8ydclyuSKsGtI7TXO5Rayd06bB4
4vsOXvAnqJPyvESEzNWJuCxS3rsxxbBqGdGtbdWWKZ1Pq6Q/p97Pseyd1lXjtPom
7+Xn/xeYuIsUWVE5VeEbznCs2qDQF/ZzJd8Imp+bvR+Enu08n0Ae6EKNVDPfYSi4
3aT5mwOidpB63b0zjoFpALknzw0//zUbicy/1Ut/2ug+NIv3
-----END CERTIFICATE-----