Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/i25jdEB8orTXd-KuFCSewNU7O-I.roa
File:                     i25jdEB8orTXd-KuFCSewNU7O-I.roa (raw, json)
Hash identifier:          ou+w9wSfQ69EZraZ6ROwx//HrryeLF4PfUq7k113Umw=
Subject key identifier:   8B:6E:63:74:40:7C:A2:B4:D7:77:E2:AE:14:24:9E:C0:D5:3B:3B:E2
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0190FFB4EC266F8C8DFB5855C17AC29D590E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/i25jdEB8orTXd-KuFCSewNU7O-I.roa
Signing time:             Mon 29 Jul 2024 18:16:05 +0000
ROA not before:           Mon 29 Jul 2024 18:16:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215131
IP address blocks:        2a10:ccc5:2a10::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Sep 2024 07:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ff:b4:ec:26:6f:8c:8d:fb:58:55:c1:7a:c2:9d:59:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jul 29 18:16:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b6e6374407ca2b4d777e2ae14249ec0d53b3be2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c1:e5:b1:b7:52:32:fb:84:41:f1:7e:5c:0c:
                    32:f9:a0:54:13:dc:ae:46:e5:f9:c3:35:12:2a:0e:
                    ff:fb:8c:9b:73:7f:8d:38:84:41:0a:43:2f:a5:e8:
                    37:9e:85:41:da:ed:a6:c7:64:c2:3f:c0:0d:f0:cd:
                    aa:dd:30:d3:2e:fe:d6:4e:0b:2d:b8:3e:83:a0:19:
                    1a:96:21:72:de:47:c5:ad:a8:0e:9d:68:7f:b7:e2:
                    72:4f:c8:a3:f1:b9:8f:04:db:15:0d:e2:fd:66:d9:
                    c4:a2:c4:14:49:0d:b5:bf:1f:e9:19:44:e2:7c:67:
                    dd:0e:30:fc:e7:cd:ae:2d:ba:ba:94:60:3c:1a:c0:
                    80:a1:55:93:41:0f:54:dc:89:57:20:28:05:ae:44:
                    bb:0a:76:63:6d:d8:71:00:ae:4d:02:d4:c6:16:22:
                    01:9e:30:80:21:6f:d5:28:cc:02:80:e6:e3:aa:6d:
                    3b:ac:4b:92:7c:46:6e:0c:f8:1a:68:cb:50:b3:72:
                    7a:c6:6f:e7:f0:46:4a:da:1c:1e:e8:85:49:d5:d3:
                    88:8e:11:a7:de:a3:f8:53:6c:61:b9:7b:5e:4e:a3:
                    fb:27:94:ca:e6:a2:8d:05:27:1c:86:e3:85:c1:8d:
                    ac:a9:29:0f:29:dd:d0:44:c3:e9:b8:c1:fb:2d:8c:
                    87:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:6E:63:74:40:7C:A2:B4:D7:77:E2:AE:14:24:9E:C0:D5:3B:3B:E2
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/i25jdEB8orTXd-KuFCSewNU7O-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc5:2a10::/44

    Signature Algorithm: sha256WithRSAEncryption
         5d:f1:95:04:7f:74:d1:35:52:d6:f1:cc:27:96:9e:37:38:e9:
         5b:58:21:79:9e:a2:1f:5f:0a:1d:43:f5:4f:f3:38:4e:ad:95:
         5b:e7:81:ec:c2:80:c4:58:37:47:62:f3:39:71:15:bf:a9:d6:
         13:6c:3f:ab:2c:c3:55:88:23:85:13:72:43:23:a7:4e:dc:ed:
         18:28:c3:59:d9:7e:27:2d:4b:68:89:a0:f6:56:bb:17:cf:5c:
         a9:57:c2:0a:38:7b:b9:8b:2e:b7:5e:e7:f4:47:18:b4:a6:5b:
         bf:0b:ff:9b:81:4f:40:75:8b:05:e0:5a:8a:1e:4a:b2:99:75:
         bc:6d:de:da:d6:eb:67:56:7a:36:b3:af:4b:fc:2a:ac:42:f3:
         4e:21:e9:a5:1a:10:13:af:20:90:e6:22:ee:b8:80:59:fb:db:
         03:90:6b:f3:11:fb:f1:14:86:b6:fb:1c:80:07:4f:16:e0:3c:
         0a:a9:45:ae:bb:b1:10:bb:0e:76:53:d4:68:0e:9f:67:9a:34:
         fc:73:b2:01:b8:51:da:f3:c6:b5:7d:78:5d:c4:59:23:50:c5:
         7a:a3:e3:b9:45:08:5d:a8:95:eb:ae:38:f1:2b:09:67:09:62:
         9e:7a:03:ca:f7:df:02:b1:3c:bf:eb:83:32:f2:cc:0c:c6:7d:
         9d:71:40:78
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZD/tOwmb4yN+1hVwXrCnVkOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNzI5MTgxNjA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjZlNjM3NDQwN2NhMmI0ZDc3N2UyYWUxNDI0OWVjMGQ1M2IzYmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8HlsbdSMvuEQfF+XAwy+aBUE9yu
RuX5wzUSKg7/+4ybc3+NOIRBCkMvpeg3noVB2u2mx2TCP8AN8M2q3TDTLv7WTgst
uD6DoBkaliFy3kfFragOnWh/t+JyT8ij8bmPBNsVDeL9ZtnEosQUSQ21vx/pGUTi
fGfdDjD8582uLbq6lGA8GsCAoVWTQQ9U3IlXICgFrkS7CnZjbdhxAK5NAtTGFiIB
njCAIW/VKMwCgObjqm07rEuSfEZuDPgaaMtQs3J6xm/n8EZK2hwe6IVJ1dOIjhGn
3qP4U2xhuXteTqP7J5TK5qKNBScchuOFwY2sqSkPKd3QRMPpuMH7LYyHPwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFItuY3RAfKK013firhQknsDVOzviMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvaTI1amRFQjhvclRYZC1LdUZDU2V3TlU3Ty1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhDMxSoQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBd8ZUEf3TRNVLW8cwnlp43OOlbWCF5nqIfXwod
Q/VP8zhOrZVb54HswoDEWDdHYvM5cRW/qdYTbD+rLMNViCOFE3JDI6dO3O0YKMNZ
2X4nLUtoiaD2VrsXz1ypV8IKOHu5iy63Xuf0Rxi0plu/C/+bgU9AdYsF4FqKHkqy
mXW8bd7a1utnVno2s69L/CqsQvNOIemlGhATryCQ5iLuuIBZ+9sDkGvzEfvxFIa2
+xyAB08W4DwKqUWuu7EQuw52U9RoDp9nmjT8c7IBuFHa88a1fXhdxFkjUMV6o+O5
RQhdqJXrrjjxKwlnCWKeegPK998CsTy/64My8swMxn2dcUB4
-----END CERTIFICATE-----