Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kFyFFBq-X9MHM2Y2E9PrrA-dAL0.roa
File:                     kFyFFBq-X9MHM2Y2E9PrrA-dAL0.roa (raw, json)
Hash identifier:          PbCpdWVxDe8jxod6fwlJ7RFmsn72bsr7z9AfbAp8+R8=
Subject key identifier:   90:5C:85:14:1A:BE:5F:D3:07:33:66:36:13:D3:EB:AC:0F:9D:00:BD
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD448D019E44D0A5974A7648F1A509
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kFyFFBq-X9MHM2Y2E9PrrA-dAL0.roa
Signing time:             Tue 02 Jan 2024 10:34:33 +0000
ROA not before:           Tue 02 Jan 2024 10:34:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212425
IP address blocks:        2a10:2f00:157::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:44:8d:01:9e:44:d0:a5:97:4a:76:48:f1:a5:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=905c85141abe5fd30733663613d3ebac0f9d00bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:1d:c9:07:36:f8:c6:2a:bb:e2:ea:d7:17:a2:
                    e4:97:a7:ac:a3:e6:27:5d:43:a3:2d:e2:17:34:4d:
                    1a:13:ca:b1:0c:cf:a7:7f:9a:f9:05:52:48:7e:d2:
                    25:d0:dd:63:e8:99:00:fd:75:73:4c:04:41:c1:6e:
                    19:11:47:59:c2:8b:cb:b4:70:4a:a1:01:1e:7e:8d:
                    19:34:2c:3b:32:35:23:b2:21:c0:e5:5f:20:3e:bd:
                    1f:35:fc:32:be:26:f4:ac:c5:85:f7:d6:23:83:d6:
                    6e:0d:4f:99:ad:89:f6:27:68:fa:5d:11:68:18:fc:
                    bf:5d:d7:fb:44:f0:8e:70:98:e8:4e:1c:18:14:4f:
                    cb:6f:e3:31:8d:f5:56:f6:7f:00:df:82:73:a4:16:
                    95:75:18:03:f6:7d:e8:3a:5c:b5:f0:a5:8d:5d:22:
                    68:7d:ee:80:dc:b9:b5:fb:6e:8a:d8:a4:91:8c:1b:
                    04:03:bc:39:36:6f:8e:f5:aa:e4:74:52:27:e0:40:
                    9d:d6:1b:a5:ba:85:61:57:b3:26:bd:64:dc:d3:ec:
                    19:5e:a8:0a:60:7f:b8:01:ef:c8:35:1b:00:52:df:
                    03:d3:13:40:de:dd:c5:af:f0:2f:a3:be:02:aa:57:
                    93:51:82:a5:bf:5c:25:a9:9d:91:1a:8b:5f:7b:3c:
                    12:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:5C:85:14:1A:BE:5F:D3:07:33:66:36:13:D3:EB:AC:0F:9D:00:BD
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kFyFFBq-X9MHM2Y2E9PrrA-dAL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:157::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:52:9e:7e:ae:b4:1b:8d:0c:b0:11:a6:58:e0:f8:08:64:09:
         e7:08:02:1e:50:5b:2a:93:ba:b9:ed:30:71:0d:83:3b:88:58:
         cd:99:2c:7f:dc:fe:3d:9e:13:78:86:4f:b9:21:c3:8d:54:9d:
         ad:7a:ca:c3:53:59:f6:3c:76:bb:7c:8f:86:65:29:9e:2d:45:
         dd:77:ce:f7:e3:6c:ad:b5:7e:03:f3:d3:01:6e:0d:1e:02:ba:
         78:05:4f:95:26:66:d1:7a:39:6d:d5:82:91:38:1b:cc:94:33:
         c1:5c:99:24:ce:3a:3a:46:30:f7:97:87:ef:33:d3:0b:44:57:
         ef:51:5c:e5:1d:a8:1f:20:52:09:19:25:02:55:7f:a6:f3:47:
         b3:c9:0e:bf:47:62:53:66:83:d4:6a:98:22:76:6b:ec:57:49:
         1a:34:96:19:47:e2:9e:54:e6:e2:71:57:af:d0:19:4d:9b:09:
         c3:7b:62:39:40:c1:c5:4d:e8:89:34:6c:79:43:ad:47:ec:0c:
         9c:b8:62:82:84:bb:fb:18:36:fd:35:a8:27:89:b8:bc:ad:aa:
         ea:63:8c:19:f5:70:77:b5:17:34:c0:dc:84:df:e8:71:7c:a1:
         c8:61:f3:2e:f8:93:82:56:20:70:1c:39:f6:c8:d5:6f:49:fa:
         80:cc:bd:8b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvUSNAZ5E0KWXSnZI8aUJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDVjODUxNDFhYmU1ZmQzMDczMzY2MzYxM2QzZWJhYzBmOWQwMGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2B3JBzb4xiq74urXF6Lkl6eso+Yn
XUOjLeIXNE0aE8qxDM+nf5r5BVJIftIl0N1j6JkA/XVzTARBwW4ZEUdZwovLtHBK
oQEefo0ZNCw7MjUjsiHA5V8gPr0fNfwyvib0rMWF99Yjg9ZuDU+ZrYn2J2j6XRFo
GPy/Xdf7RPCOcJjoThwYFE/Lb+MxjfVW9n8A34JzpBaVdRgD9n3oOly18KWNXSJo
fe6A3Lm1+26K2KSRjBsEA7w5Nm+O9arkdFIn4ECd1huluoVhV7MmvWTc0+wZXqgK
YH+4Ae/INRsAUt8D0xNA3t3Fr/Avo74CqleTUYKlv1wlqZ2RGotfezwSTwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJBchRQavl/TBzNmNhPT66wPnQC9MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEva0Z5RkZCcS1YOU1ITTJZMkU5UHJyQS1kQUwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAFX
MA0GCSqGSIb3DQEBCwUAA4IBAQBKUp5+rrQbjQywEaZY4PgIZAnnCAIeUFsqk7q5
7TBxDYM7iFjNmSx/3P49nhN4hk+5IcONVJ2tesrDU1n2PHa7fI+GZSmeLUXdd873
42yttX4D89MBbg0eArp4BU+VJmbRejlt1YKROBvMlDPBXJkkzjo6RjD3l4fvM9ML
RFfvUVzlHagfIFIJGSUCVX+m80ezyQ6/R2JTZoPUapgidmvsV0kaNJYZR+KeVObi
cVev0BlNmwnDe2I5QMHFTeiJNGx5Q61H7AycuGKChLv7GDb9Nagnibi8rarqY4wZ
9XB3tRc0wNyE3+hxfKHIYfMu+JOCViBwHDn2yNVvSfqAzL2L
-----END CERTIFICATE-----