Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/rDsKgfLcPz_OfABZNFr8q4_rRe8.roa
File:                     rDsKgfLcPz_OfABZNFr8q4_rRe8.roa (raw, json)
Hash identifier:          b1cHt9C/jn3vDdPlWsBV9/7mkc+k0q6D/6RQQXt1VJg=
Subject key identifier:   AC:3B:0A:81:F2:DC:3F:3F:CE:7C:00:59:34:5A:FC:AB:8F:EB:45:EF
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD25FBF9CD5D30178E1B9B5C1E9700
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/rDsKgfLcPz_OfABZNFr8q4_rRe8.roa
Signing time:             Tue 02 Jan 2024 10:34:25 +0000
ROA not before:           Tue 02 Jan 2024 10:34:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210606
IP address blocks:        2a10:2f00:175::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:25:fb:f9:cd:5d:30:17:8e:1b:9b:5c:1e:97:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac3b0a81f2dc3f3fce7c0059345afcab8feb45ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:42:89:45:23:15:f3:23:ed:90:5a:28:bf:90:
                    d0:9d:14:66:cf:4a:a4:b2:e4:bb:c5:49:f2:d8:57:
                    fa:b7:a3:2f:fb:77:f7:88:fc:b2:29:19:5c:bc:bd:
                    b4:94:85:cc:0e:83:2f:af:8c:eb:d3:99:3b:7a:46:
                    39:43:60:e0:1f:f6:6e:30:5a:b1:23:69:c7:77:8d:
                    98:5c:d2:8a:bb:fa:25:88:21:83:e2:13:ee:b1:f8:
                    e1:38:12:12:21:13:22:de:70:bd:96:ea:ca:57:b0:
                    82:dc:33:15:09:03:35:2f:d4:94:c1:b0:e8:f8:8a:
                    31:c2:20:43:c2:68:7e:be:e8:aa:c2:ab:d0:48:9b:
                    96:a8:0c:08:e2:89:c9:f7:34:4e:aa:6e:42:d5:73:
                    38:29:25:a6:c3:91:da:31:1f:63:31:54:8f:f0:a9:
                    79:be:16:32:7c:d9:39:15:03:73:98:79:ac:45:3e:
                    b8:fe:aa:3e:10:9f:77:a9:52:f4:83:82:e5:85:08:
                    ab:2c:11:66:15:34:5b:67:a6:ee:04:c3:60:6f:22:
                    67:a6:a6:68:fa:5a:14:1b:1d:55:c4:f0:5a:83:59:
                    4a:a8:ed:dc:b9:ae:df:b2:ed:b8:7f:95:ed:d0:dd:
                    75:05:08:70:19:0b:3b:54:d1:14:d0:60:66:23:a4:
                    3f:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:3B:0A:81:F2:DC:3F:3F:CE:7C:00:59:34:5A:FC:AB:8F:EB:45:EF
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/rDsKgfLcPz_OfABZNFr8q4_rRe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:175::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:df:6e:c5:69:a7:a6:e3:62:7a:2e:c1:2f:ca:d7:ce:ce:13:
         c7:71:5f:d2:04:c6:78:5b:62:70:9f:f9:f0:15:70:45:63:4d:
         f6:58:3f:57:aa:5f:da:cc:5d:b6:44:41:3f:54:65:45:bc:81:
         f2:0e:a9:f8:67:b3:be:67:e7:72:90:37:3a:05:37:ca:f0:fd:
         c9:53:90:2b:b7:3b:bc:a8:74:82:71:52:e9:18:43:a7:44:98:
         46:0a:c8:ab:bf:ce:2d:ea:7e:7b:c3:1f:a6:17:d2:26:95:3e:
         de:93:0a:a1:aa:1d:6a:7b:24:bc:41:4d:92:e7:e9:53:b7:08:
         f5:46:df:82:20:04:ab:03:d0:8f:e1:c9:66:ce:3f:0b:07:24:
         fc:64:85:d4:82:d0:ac:c5:c7:18:25:b9:34:5d:96:08:d9:25:
         bb:73:96:81:7b:a8:97:d9:ca:53:73:54:e8:c3:6c:72:5f:ba:
         02:62:49:99:f2:24:7e:95:77:97:b8:3c:64:11:7e:08:ec:01:
         9f:82:8f:32:f7:6f:97:ab:e8:eb:14:bb:92:19:09:57:6a:a7:
         28:2b:ad:bb:d3:ee:62:dd:7b:31:aa:4f:2f:32:d0:73:23:e4:
         ea:db:c8:f7:7a:43:e4:4a:c0:5c:81:dd:85:43:07:4a:9c:56:
         7b:48:e6:83
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvSX7+c1dMBeOG5tcHpcAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzNiMGE4MWYyZGMzZjNmY2U3YzAwNTkzNDVhZmNhYjhmZWI0NWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0KJRSMV8yPtkFoov5DQnRRmz0qk
suS7xUny2Ff6t6Mv+3f3iPyyKRlcvL20lIXMDoMvr4zr05k7ekY5Q2DgH/ZuMFqx
I2nHd42YXNKKu/oliCGD4hPusfjhOBISIRMi3nC9lurKV7CC3DMVCQM1L9SUwbDo
+IoxwiBDwmh+vuiqwqvQSJuWqAwI4onJ9zROqm5C1XM4KSWmw5HaMR9jMVSP8Kl5
vhYyfNk5FQNzmHmsRT64/qo+EJ93qVL0g4LlhQirLBFmFTRbZ6buBMNgbyJnpqZo
+loUGx1VxPBag1lKqO3cua7fsu24f5Xt0N11BQhwGQs7VNEU0GBmI6Q/mQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKw7CoHy3D8/znwAWTRa/KuP60XvMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvckRzS2dmTGNQel9PZkFCWk5GcjhxNF9yUmU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAF1
MA0GCSqGSIb3DQEBCwUAA4IBAQCZ327Faaem42J6LsEvytfOzhPHcV/SBMZ4W2Jw
n/nwFXBFY032WD9Xql/azF22REE/VGVFvIHyDqn4Z7O+Z+dykDc6BTfK8P3JU5Ar
tzu8qHSCcVLpGEOnRJhGCsirv84t6n57wx+mF9ImlT7ekwqhqh1qeyS8QU2S5+lT
twj1Rt+CIASrA9CP4clmzj8LByT8ZIXUgtCsxccYJbk0XZYI2SW7c5aBe6iX2cpT
c1Tow2xyX7oCYkmZ8iR+lXeXuDxkEX4I7AGfgo8y92+Xq+jrFLuSGQlXaqcoK627
0+5i3Xsxqk8vMtBzI+Tq28j3ekPkSsBcgd2FQwdKnFZ7SOaD
-----END CERTIFICATE-----