Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/iR2ld4vTkWHc8ICL7yoZ4qnkfho.roa
File:                     iR2ld4vTkWHc8ICL7yoZ4qnkfho.roa (raw, json)
Hash identifier:          N0/nq9olm5XDeZc0dQ3z/cFuD8HuQ9MX0fngFiPNfHs=
Subject key identifier:   89:1D:A5:77:8B:D3:91:61:DC:F0:80:8B:EF:2A:19:E2:A9:E4:7E:1A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018E63863CC03CA53860E27B18799AB1380E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/iR2ld4vTkWHc8ICL7yoZ4qnkfho.roa
Signing time:             Fri 22 Mar 2024 00:18:45 +0000
ROA not before:           Fri 22 Mar 2024 00:18:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215751
IP address blocks:        2a10:cc40:cc40::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:63:86:3c:c0:3c:a5:38:60:e2:7b:18:79:9a:b1:38:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Mar 22 00:18:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=891da5778bd39161dcf0808bef2a19e2a9e47e1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a7:2e:be:4e:67:50:e8:01:cb:a7:6f:a4:5a:
                    f6:65:f2:44:2c:ef:84:9d:b9:93:18:2a:f6:5a:d0:
                    32:31:db:32:59:6a:37:51:85:99:6d:87:a9:96:03:
                    f8:cf:12:44:90:9b:6d:d3:69:fc:c0:85:b4:21:a5:
                    91:0a:a0:d7:da:54:b0:19:77:72:a5:40:3e:2a:f7:
                    cd:41:11:a8:75:e9:a9:a2:46:0a:03:ef:f2:47:86:
                    3e:80:b3:e2:d2:e7:be:63:32:2b:4f:28:10:36:a1:
                    23:c2:72:24:69:e5:48:50:1f:2f:c6:ab:c6:82:78:
                    53:3b:05:92:95:0f:13:b3:2a:b8:dc:36:06:7b:a6:
                    4e:28:d8:11:35:ea:ee:25:ce:0c:69:ce:aa:51:99:
                    67:93:35:2b:5d:34:fa:9d:b0:a2:71:96:c1:24:51:
                    08:b2:84:9f:8b:87:85:db:f3:67:af:83:c7:7d:6b:
                    c3:e4:91:d5:ab:ee:a4:ca:93:ac:e7:eb:6c:98:b3:
                    70:0f:20:d9:81:dd:4d:b3:28:fb:f6:08:37:d1:a5:
                    9b:b0:51:01:d2:42:81:42:b8:74:8f:f8:cc:db:18:
                    06:56:97:7a:d0:0e:49:14:8f:9f:59:c1:ea:ae:6e:
                    84:c7:5d:17:91:67:04:d7:43:88:6c:92:fd:ec:52:
                    14:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:1D:A5:77:8B:D3:91:61:DC:F0:80:8B:EF:2A:19:E2:A9:E4:7E:1A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/iR2ld4vTkWHc8ICL7yoZ4qnkfho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:cc40:cc40::/44

    Signature Algorithm: sha256WithRSAEncryption
         be:3f:69:7e:77:28:cf:25:07:f6:f8:1d:73:01:2b:2e:e1:86:
         7d:8f:88:af:55:ee:57:60:1a:07:3e:82:8a:c1:1d:b0:26:4b:
         66:08:2f:90:9f:18:60:4a:13:9e:ab:3b:7c:1a:fd:5b:a6:88:
         e8:cd:f5:98:71:5a:4d:1f:a8:fc:3c:74:e2:36:c0:fe:36:76:
         38:67:f0:8a:24:f7:dc:f8:f1:3b:b8:75:f3:55:55:04:3d:f5:
         bb:05:27:0a:be:a0:c6:a5:07:67:6a:e1:4d:0d:77:49:1b:94:
         d7:d6:0e:10:c0:45:a0:5d:0f:03:16:10:9c:74:aa:b3:87:2d:
         fa:57:17:da:60:bc:f4:2a:ab:99:da:26:e8:54:5d:b5:54:cf:
         91:c4:7e:bf:ec:93:68:5a:e5:2e:06:65:e5:4c:82:d3:79:1c:
         e5:6f:a3:23:d4:d7:34:09:7f:bc:00:9d:99:4a:03:32:be:6e:
         ba:a2:cc:3e:bc:d9:f7:28:b4:14:85:75:6b:18:bc:2e:fd:7c:
         04:15:4b:32:5d:38:ea:3b:48:7e:cd:e1:fd:94:a2:bd:b1:18:
         dc:f1:82:24:eb:36:07:f3:04:06:b9:ca:ee:b9:ce:e3:ff:d7:
         84:97:50:48:c2:a6:28:13:32:4d:75:7a:4d:31:02:5f:f8:af:
         1f:79:f0:92
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY5jhjzAPKU4YOJ7GHmasTgOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMzIyMDAxODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTFkYTU3NzhiZDM5MTYxZGNmMDgwOGJlZjJhMTllMmE5ZTQ3ZTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqcuvk5nUOgBy6dvpFr2ZfJELO+E
nbmTGCr2WtAyMdsyWWo3UYWZbYeplgP4zxJEkJtt02n8wIW0IaWRCqDX2lSwGXdy
pUA+KvfNQRGodempokYKA+/yR4Y+gLPi0ue+YzIrTygQNqEjwnIkaeVIUB8vxqvG
gnhTOwWSlQ8Tsyq43DYGe6ZOKNgRNeruJc4Mac6qUZlnkzUrXTT6nbCicZbBJFEI
soSfi4eF2/Nnr4PHfWvD5JHVq+6kypOs5+tsmLNwDyDZgd1Nsyj79gg30aWbsFEB
0kKBQrh0j/jM2xgGVpd60A5JFI+fWcHqrm6Ex10XkWcE10OIbJL97FIUswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIkdpXeL05Fh3PCAi+8qGeKp5H4aMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvaVIybGQ0dlRrV0hjOElDTDd5b1o0cW5rZmhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhDMQMxA
MA0GCSqGSIb3DQEBCwUAA4IBAQC+P2l+dyjPJQf2+B1zASsu4YZ9j4ivVe5XYBoH
PoKKwR2wJktmCC+QnxhgShOeqzt8Gv1bpojozfWYcVpNH6j8PHTiNsD+NnY4Z/CK
JPfc+PE7uHXzVVUEPfW7BScKvqDGpQdnauFNDXdJG5TX1g4QwEWgXQ8DFhCcdKqz
hy36VxfaYLz0KquZ2iboVF21VM+RxH6/7JNoWuUuBmXlTILTeRzlb6Mj1Nc0CX+8
AJ2ZSgMyvm66osw+vNn3KLQUhXVrGLwu/XwEFUsyXTjqO0h+zeH9lKK9sRjc8YIk
6zYH8wQGucruuc7j/9eEl1BIwqYoEzJNdXpNMQJf+K8fefCS
-----END CERTIFICATE-----