Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tDqKCYxiXm6itZKEtqUUfKic7cE.roa
File:                     tDqKCYxiXm6itZKEtqUUfKic7cE.roa (raw, json)
Hash identifier:          Tols4k07MT5hhBY/icZr8351FVkTACLEobODWa95L8c=
Subject key identifier:   B4:3A:8A:09:8C:62:5E:6E:A2:B5:92:84:B6:A5:14:7C:A8:9C:ED:C1
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018E9B550A685BFB35389BE2F05B60B97EC4
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tDqKCYxiXm6itZKEtqUUfKic7cE.roa
Signing time:             Mon 01 Apr 2024 20:23:45 +0000
ROA not before:           Mon 01 Apr 2024 20:23:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215296
IP address blocks:        2a10:ccc0:140::/44 maxlen: 48
                          2a10:ccc0:140::/48 maxlen: 48
                          2a10:ccc0:141::/48 maxlen: 48
                          2a10:ccc0:142::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9b:55:0a:68:5b:fb:35:38:9b:e2:f0:5b:60:b9:7e:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr  1 20:23:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b43a8a098c625e6ea2b59284b6a5147ca89cedc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:31:c2:d6:f0:19:20:7d:92:c3:db:a5:e3:ec:
                    55:2a:99:32:60:9b:66:1f:0a:0f:af:43:dc:44:1d:
                    e0:10:8a:67:0d:ea:00:f0:92:f6:2c:79:1a:36:83:
                    62:ae:51:00:ef:dc:df:60:6e:9c:90:d0:67:69:99:
                    5a:81:67:b2:95:e7:66:9e:ba:a6:ab:0d:ff:13:02:
                    64:58:4d:79:8b:95:cc:e5:2b:e8:70:b1:c7:6c:ba:
                    72:bf:9e:ae:f0:a8:e0:a5:6a:34:ef:ef:a6:d3:02:
                    f5:40:62:2b:b9:a3:2e:68:93:ea:4c:90:45:d5:c3:
                    a2:30:b8:a5:39:c4:ab:86:8b:c9:26:e6:71:0d:50:
                    84:9b:81:5e:d3:ab:1f:d2:75:40:0a:3d:c6:7f:1c:
                    19:fb:28:36:5c:b1:09:e1:3c:3a:ea:ae:3f:07:d7:
                    65:e4:c6:25:fe:cc:fd:1b:d5:56:20:f7:6e:cb:be:
                    6d:ff:97:58:2a:8b:07:c7:89:41:32:c2:c1:fc:bc:
                    05:b2:75:3c:d3:b4:0f:8f:b5:3e:4e:6b:31:b8:86:
                    87:c2:e1:8a:1a:d4:d0:bc:23:91:f3:1a:14:bb:d1:
                    4a:bb:ae:a2:db:18:64:06:1f:b0:20:e9:73:5b:de:
                    b0:a4:88:9b:4c:d2:63:38:72:fc:7e:a6:93:16:2d:
                    d1:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:3A:8A:09:8C:62:5E:6E:A2:B5:92:84:B6:A5:14:7C:A8:9C:ED:C1
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tDqKCYxiXm6itZKEtqUUfKic7cE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc0:140::/44

    Signature Algorithm: sha256WithRSAEncryption
         ba:c7:45:80:79:d0:4d:37:e3:0d:fe:bd:52:84:5f:d3:ca:3b:
         52:c4:53:39:c4:8d:65:a7:ac:35:7d:37:a4:fa:31:23:c7:de:
         ad:85:f7:ac:ae:57:3c:4a:08:70:26:bc:57:47:eb:52:ff:4e:
         af:4c:5a:53:dc:41:7c:81:b1:91:48:0d:24:10:48:f6:b4:de:
         91:b8:40:37:2f:9e:2b:00:34:67:52:24:dd:63:aa:8b:96:23:
         ae:93:0e:d3:db:bb:c1:1e:96:df:a3:f1:9f:24:a3:b5:ac:63:
         1f:6c:6f:1e:0a:6c:b6:8c:b1:a2:53:b7:c4:bc:ff:40:90:a1:
         1b:6c:fb:2c:c3:52:30:79:bd:5a:62:70:3f:9a:a9:8b:36:7a:
         3a:5b:4b:88:45:e1:f2:c9:9d:0c:bc:36:e2:4a:8e:f9:0f:63:
         8c:d1:a6:18:f8:e6:db:2b:d8:79:8c:3c:6e:46:a1:bc:80:1d:
         63:88:e5:b8:77:af:59:a5:97:cb:f2:38:a5:d3:98:66:01:23:
         3a:75:67:57:dc:04:56:61:73:23:79:d7:3c:3b:1d:63:44:72:
         20:e7:9b:3a:ef:4a:e6:08:41:c9:dc:93:61:9a:2d:8d:e5:c1:
         31:a7:a1:9c:aa:c5:65:d4:f8:60:d5:db:2d:e0:9d:e2:f7:12:
         e1:09:35:0f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY6bVQpoW/s1OJvi8FtguX7EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNDAxMjAyMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDNhOGEwOThjNjI1ZTZlYTJiNTkyODRiNmE1MTQ3Y2E4OWNlZGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDHC1vAZIH2Sw9ul4+xVKpkyYJtm
HwoPr0PcRB3gEIpnDeoA8JL2LHkaNoNirlEA79zfYG6ckNBnaZlagWeyledmnrqm
qw3/EwJkWE15i5XM5SvocLHHbLpyv56u8KjgpWo07++m0wL1QGIruaMuaJPqTJBF
1cOiMLilOcSrhovJJuZxDVCEm4Fe06sf0nVACj3GfxwZ+yg2XLEJ4Tw66q4/B9dl
5MYl/sz9G9VWIPduy75t/5dYKosHx4lBMsLB/LwFsnU807QPj7U+TmsxuIaHwuGK
GtTQvCOR8xoUu9FKu66i2xhkBh+wIOlzW96wpIibTNJjOHL8fqaTFi3RdwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLQ6igmMYl5uorWShLalFHyonO3BMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdERxS0NZeGlYbTZpdFpLRXRxVVVmS2ljN2NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhDMwAFA
MA0GCSqGSIb3DQEBCwUAA4IBAQC6x0WAedBNN+MN/r1ShF/TyjtSxFM5xI1lp6w1
fTek+jEjx96thfesrlc8SghwJrxXR+tS/06vTFpT3EF8gbGRSA0kEEj2tN6RuEA3
L54rADRnUiTdY6qLliOukw7T27vBHpbfo/GfJKO1rGMfbG8eCmy2jLGiU7fEvP9A
kKEbbPssw1Iweb1aYnA/mqmLNno6W0uIReHyyZ0MvDbiSo75D2OM0aYY+ObbK9h5
jDxuRqG8gB1jiOW4d69ZpZfL8jil05hmASM6dWdX3ARWYXMjedc8Ox1jRHIg55s6
70rmCEHJ3JNhmi2N5cExp6GcqsVl1Phg1dst4J3i9xLhCTUP
-----END CERTIFICATE-----