Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/jRIpzlan5oCAoLUaZwGdxdmtJLw.roa
File:                     jRIpzlan5oCAoLUaZwGdxdmtJLw.roa (raw, json)
Hash identifier:          LeYWIZFjwqn/vBBxAuotvCHNxT55x30skeY5aO2A32w=
Subject key identifier:   8D:12:29:CE:56:A7:E6:80:80:A0:B5:1A:67:01:9D:C5:D9:AD:24:BC
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425220234718EB56D8735997DD119671C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/jRIpzlan5oCAoLUaZwGdxdmtJLw.roa
Signing time:             Thu 02 Jan 2025 03:49:33 +0000
ROA not before:           Thu 02 Jan 2025 03:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200890
IP address blocks:        2a10:cc40:180::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:02:34:71:8e:b5:6d:87:35:99:7d:d1:19:67:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d1229ce56a7e68080a0b51a67019dc5d9ad24bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ad:d4:2e:9f:d0:45:b0:cb:11:0f:2a:99:5e:
                    e2:58:f9:f6:44:e8:47:28:ba:dd:7d:8b:b7:f9:d9:
                    a7:15:40:68:54:e4:c0:d7:c3:56:29:4b:88:4a:c4:
                    be:07:82:be:1b:58:01:85:4a:34:15:cb:3e:8a:33:
                    c1:d1:3b:4a:49:a7:cc:a7:1d:b6:fb:b5:04:fb:13:
                    18:f3:61:c5:ad:1d:fc:97:9d:89:7f:fb:63:b5:1c:
                    d1:42:48:4b:db:38:b9:f1:31:a9:b5:14:9e:47:8b:
                    38:70:62:b9:ff:b1:af:2b:9f:7f:66:e6:64:4b:3f:
                    8e:43:16:61:b6:d5:13:b0:63:98:54:84:e9:8b:07:
                    e5:25:88:a2:52:37:b3:0e:39:0c:09:fe:5c:9c:69:
                    1d:80:7e:dc:d9:d8:29:47:11:fc:d8:78:59:f7:84:
                    17:15:f6:36:0d:a6:a2:d1:3e:ec:bc:d3:a8:73:ee:
                    b5:1f:9b:a5:3c:01:19:47:d8:75:ca:16:f0:bf:d6:
                    32:b9:32:74:47:81:25:69:50:cb:74:de:ac:72:e8:
                    c4:b6:41:56:43:72:57:6a:57:5d:1a:cf:c8:75:c4:
                    1c:f3:64:b6:f4:87:c5:26:85:07:9e:08:3a:f4:df:
                    d6:44:24:98:e4:40:01:0c:9d:68:6f:cb:29:69:8b:
                    53:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:12:29:CE:56:A7:E6:80:80:A0:B5:1A:67:01:9D:C5:D9:AD:24:BC
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/jRIpzlan5oCAoLUaZwGdxdmtJLw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:cc40:180::/44

    Signature Algorithm: sha256WithRSAEncryption
         73:91:93:f8:36:44:6d:1f:a3:76:aa:ce:85:b7:a8:66:00:48:
         59:a6:f5:85:dc:ed:ac:53:fc:2e:1f:4e:f5:37:bc:9b:10:fd:
         89:27:8f:6c:41:89:c1:ff:0f:03:a0:22:ab:eb:07:55:c5:e1:
         fa:52:83:0f:f2:1a:12:87:64:4b:5c:92:24:0f:63:d2:a2:f7:
         18:ed:c1:c3:da:d7:e3:bc:ec:73:3d:f3:66:cf:bd:76:ba:4a:
         2d:3a:c1:2d:a0:e7:f9:76:93:e9:7a:61:de:f2:40:07:66:7d:
         63:0f:fe:48:23:b7:58:b8:a6:b5:e2:c8:58:e0:d9:52:e0:54:
         84:aa:ab:4b:ce:3e:24:cf:e7:71:14:2a:76:5f:94:cc:d9:1e:
         df:87:6c:c6:da:09:f2:97:82:90:77:ca:86:aa:80:3c:89:8f:
         39:97:99:cb:27:cc:8f:3a:8c:10:08:1b:73:ea:64:cb:86:f1:
         dd:29:36:6e:64:ca:ae:7c:fb:29:c5:df:2c:df:ff:2e:8d:b8:
         4d:4f:bf:82:54:97:11:06:ce:f2:5e:93:53:bc:62:15:37:71:
         a2:92:9c:ab:5a:64:74:e9:9c:b0:aa:6e:72:77:e9:7d:b2:58:
         11:13:71:a8:c1:c3:0a:54:ad:f5:ff:60:0b:1e:8e:8c:08:21:
         d7:92:b1:3a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIgI0cY61bYc1mX3RGWccMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDEyMjljZTU2YTdlNjgwODBhMGI1MWE2NzAxOWRjNWQ5YWQyNGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAja3ULp/QRbDLEQ8qmV7iWPn2ROhH
KLrdfYu3+dmnFUBoVOTA18NWKUuISsS+B4K+G1gBhUo0Fcs+ijPB0TtKSafMpx22
+7UE+xMY82HFrR38l52Jf/tjtRzRQkhL2zi58TGptRSeR4s4cGK5/7GvK59/ZuZk
Sz+OQxZhttUTsGOYVITpiwflJYiiUjezDjkMCf5cnGkdgH7c2dgpRxH82HhZ94QX
FfY2Daai0T7svNOoc+61H5ulPAEZR9h1yhbwv9YyuTJ0R4ElaVDLdN6scujEtkFW
Q3JXalddGs/IdcQc82S29IfFJoUHngg69N/WRCSY5EABDJ1ob8spaYtT7wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI0SKc5Wp+aAgKC1GmcBncXZrSS8MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvalJJcHpsYW41b0NBb0xVYVp3R2R4ZG10Skx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhDMQAGA
MA0GCSqGSIb3DQEBCwUAA4IBAQBzkZP4NkRtH6N2qs6Ft6hmAEhZpvWF3O2sU/wu
H071N7ybEP2JJ49sQYnB/w8DoCKr6wdVxeH6UoMP8hoSh2RLXJIkD2PSovcY7cHD
2tfjvOxzPfNmz712ukotOsEtoOf5dpPpemHe8kAHZn1jD/5II7dYuKa14shY4NlS
4FSEqqtLzj4kz+dxFCp2X5TM2R7fh2zG2gnyl4KQd8qGqoA8iY85l5nLJ8yPOowQ
CBtz6mTLhvHdKTZuZMqufPspxd8s3/8ujbhNT7+CVJcRBs7yXpNTvGIVN3Gikpyr
WmR06Zywqm5yd+l9slgRE3GowcMKVK31/2ALHo6MCCHXkrE6
-----END CERTIFICATE-----