Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/rD_pLTiICwv9FsKeIpbNsMy6C3k.roa
File:                     rD_pLTiICwv9FsKeIpbNsMy6C3k.roa (raw, json)
Hash identifier:          5bX7RBNcz4zR+sjUCz+nb3CWXgIAFrql26RpDhEPiUU=
Subject key identifier:   AC:3F:E9:2D:38:88:0B:0B:FD:16:C2:9E:22:96:CD:B0:CC:BA:0B:79
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521FDBA0EB18A266E9CE6EA72E372DA
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/rD_pLTiICwv9FsKeIpbNsMy6C3k.roa
Signing time:             Thu 02 Jan 2025 03:49:32 +0000
ROA not before:           Thu 02 Jan 2025 03:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200270
IP address blocks:        2a10:2f00:190::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:fd:ba:0e:b1:8a:26:6e:9c:e6:ea:72:e3:72:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac3fe92d38880b0bfd16c29e2296cdb0ccba0b79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:37:1f:4e:a8:86:08:88:5c:e5:cd:b3:16:34:
                    b6:33:5c:cd:69:ed:fe:08:db:cf:c0:6b:d2:a4:98:
                    40:3f:fd:86:98:d9:a0:a7:ca:36:13:41:14:bb:06:
                    68:e4:7f:e4:82:51:f7:a3:f8:64:07:9c:98:0b:50:
                    4f:49:73:35:4b:32:ca:00:04:51:be:22:15:fa:d8:
                    c0:9b:4b:cd:77:16:05:2a:e7:23:86:d3:61:22:2c:
                    cc:f7:7c:f5:f3:7c:c8:3b:7c:34:62:48:57:95:bd:
                    54:b3:0b:28:cc:fe:4c:ee:40:3d:20:0e:b7:f1:5e:
                    1c:fb:e6:0b:54:9e:c5:4f:fd:16:b2:7a:d7:9c:42:
                    4a:dc:57:9e:8c:18:4f:81:59:56:17:71:17:9a:9a:
                    cd:69:2f:0e:76:7a:af:88:7e:dc:69:a4:37:2d:f5:
                    0a:78:09:4c:26:91:64:52:2c:3c:8a:08:92:a4:a3:
                    e3:b6:ea:38:fe:21:85:c2:b9:1a:a3:9f:3c:f0:d1:
                    89:b5:db:ee:13:76:42:5a:4b:b3:47:7a:6f:83:ee:
                    ae:56:24:68:51:f8:61:87:eb:70:01:d1:32:aa:5a:
                    ff:ba:bf:83:91:2b:e9:ca:7b:49:f7:0a:b8:18:3f:
                    f3:1c:e5:04:90:ce:d9:6a:ab:9b:1b:0e:c3:b4:13:
                    2c:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:3F:E9:2D:38:88:0B:0B:FD:16:C2:9E:22:96:CD:B0:CC:BA:0B:79
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/rD_pLTiICwv9FsKeIpbNsMy6C3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:190::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:85:8c:91:87:fd:b8:17:8e:32:5d:bb:b2:51:03:db:54:41:
         9c:d8:b8:da:cd:d9:63:8a:2c:16:d4:92:a5:b7:a4:93:25:21:
         bd:70:bb:2c:0f:2f:49:60:04:34:f1:ab:cc:d6:e7:f5:4c:86:
         b6:49:2f:5d:72:dc:f3:5b:62:b4:d8:4f:ad:1e:6f:02:0d:03:
         16:09:e2:11:14:8f:90:7a:65:cf:26:71:a4:8a:d4:4c:29:f4:
         4e:e6:a7:0e:84:f1:13:57:60:00:36:0d:6e:65:ce:b6:14:0b:
         96:0c:13:e5:a0:0c:2b:b8:09:cb:85:c1:ff:4f:93:d5:d0:a9:
         8b:25:56:93:00:6d:a0:c3:dc:a4:6d:18:7f:95:20:a9:b2:a3:
         22:8d:01:a3:7b:bf:d1:99:91:2f:be:e4:3b:55:7c:17:a3:44:
         93:7c:52:09:39:89:5a:28:ca:e7:65:b1:b3:22:74:4f:42:54:
         79:df:df:36:cd:bb:48:46:b8:ae:ea:bf:d1:7c:d6:35:6a:9c:
         b5:6d:6e:02:a3:ff:64:be:4f:25:a8:3b:93:99:ac:b5:fc:07:
         05:e6:0d:05:85:3c:bd:5c:c6:51:05:1e:a8:3f:eb:d3:cf:e4:
         f9:fa:4b:e5:24:02:52:e5:6a:00:26:0e:e1:d4:6c:09:fc:4c:
         ab:6b:29:f1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIf26DrGKJm6c5upy43LaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzNmZTkyZDM4ODgwYjBiZmQxNmMyOWUyMjk2Y2RiMGNjYmEwYjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzcfTqiGCIhc5c2zFjS2M1zNae3+
CNvPwGvSpJhAP/2GmNmgp8o2E0EUuwZo5H/kglH3o/hkB5yYC1BPSXM1SzLKAARR
viIV+tjAm0vNdxYFKucjhtNhIizM93z183zIO3w0YkhXlb1UswsozP5M7kA9IA63
8V4c++YLVJ7FT/0WsnrXnEJK3FeejBhPgVlWF3EXmprNaS8OdnqviH7caaQ3LfUK
eAlMJpFkUiw8igiSpKPjtuo4/iGFwrkao5888NGJtdvuE3ZCWkuzR3pvg+6uViRo
Ufhhh+twAdEyqlr/ur+DkSvpyntJ9wq4GD/zHOUEkM7ZaqubGw7DtBMsjQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKw/6S04iAsL/RbCniKWzbDMugt5MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvckRfcExUaUlDd3Y5RnNLZUlwYk5zTXk2QzNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAGQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBfhYyRh/24F44yXbuyUQPbVEGc2LjazdljiiwW
1JKlt6STJSG9cLssDy9JYAQ08avM1uf1TIa2SS9dctzzW2K02E+tHm8CDQMWCeIR
FI+QemXPJnGkitRMKfRO5qcOhPETV2AANg1uZc62FAuWDBPloAwruAnLhcH/T5PV
0KmLJVaTAG2gw9ykbRh/lSCpsqMijQGje7/RmZEvvuQ7VXwXo0STfFIJOYlaKMrn
ZbGzInRPQlR53982zbtIRriu6r/RfNY1apy1bW4Co/9kvk8lqDuTmay1/AcF5g0F
hTy9XMZRBR6oP+vTz+T5+kvlJAJS5WoAJg7h1GwJ/Eyraynx
-----END CERTIFICATE-----