Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/uNvTWrJEaknWCCPtr3oCd6Hcst4.roa
File:                     uNvTWrJEaknWCCPtr3oCd6Hcst4.roa (raw, json)
Hash identifier:          MKYkXxMpEWn01L/Z+g2YLk4Cq27q6a1wS3jennosuW0=
Subject key identifier:   B8:DB:D3:5A:B2:44:6A:49:D6:08:23:ED:AF:7A:02:77:A1:DC:B2:DE
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD25A25625C6E888ECE2F550DB9B68
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/uNvTWrJEaknWCCPtr3oCd6Hcst4.roa
Signing time:             Tue 02 Jan 2024 10:34:25 +0000
ROA not before:           Tue 02 Jan 2024 10:34:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210563
IP address blocks:        2a10:cc44:170::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:25:a2:56:25:c6:e8:88:ec:e2:f5:50:db:9b:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b8dbd35ab2446a49d60823edaf7a0277a1dcb2de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:f2:31:46:0c:fa:20:3c:0a:33:eb:f4:78:92:
                    df:90:85:bf:7b:1e:a7:ac:32:36:47:a3:99:6d:5a:
                    3f:9b:c0:e3:49:5b:ad:62:08:85:75:75:33:2c:24:
                    cc:5e:8d:1c:dc:2f:cd:94:26:36:89:76:f1:27:c3:
                    bb:27:81:ce:5e:36:25:53:40:6f:d5:81:39:c8:65:
                    2f:ac:c0:e6:3c:27:7a:69:96:40:ce:bf:b8:5c:75:
                    5d:56:4e:20:f0:94:eb:92:50:72:e2:fa:a0:31:31:
                    85:2b:f5:ac:4a:0b:be:89:ea:25:77:fd:99:4d:07:
                    a6:aa:8f:e8:2b:cf:27:b6:36:f4:53:6b:89:19:ed:
                    af:ef:4b:9e:4b:e7:13:58:22:6a:19:fd:22:a9:44:
                    57:dd:fe:c5:8d:7e:94:80:a7:d7:cf:18:5e:60:7a:
                    d3:15:d4:3d:35:58:6b:ea:1c:73:fb:8b:13:2b:06:
                    2b:68:e9:df:ae:ab:14:6c:6b:62:cb:ae:55:3f:9e:
                    39:82:87:fd:e6:da:40:5f:76:3a:62:fb:1d:dd:e9:
                    b4:5a:82:e5:d5:c9:48:b8:90:20:50:1a:70:0b:b7:
                    47:6e:4b:71:81:42:95:b5:d8:65:e3:bf:78:21:ce:
                    f5:7c:62:13:c1:10:72:bc:4e:98:43:49:6e:9b:99:
                    e4:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:DB:D3:5A:B2:44:6A:49:D6:08:23:ED:AF:7A:02:77:A1:DC:B2:DE
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/uNvTWrJEaknWCCPtr3oCd6Hcst4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:cc44:170::/44

    Signature Algorithm: sha256WithRSAEncryption
         91:b7:50:49:71:60:d8:3b:33:87:dc:58:81:71:49:5d:71:99:
         36:31:66:8e:ce:76:c5:18:97:44:04:b4:b3:79:64:56:78:3c:
         4e:02:b9:1f:05:01:2a:6a:89:ae:29:62:bb:be:7c:93:f9:bd:
         c7:25:d4:df:cf:5e:ea:f7:08:54:d9:f8:88:b0:ad:ae:b4:12:
         48:72:37:e9:18:c4:c2:3d:59:f6:79:62:ba:0e:8d:64:82:f6:
         6b:ce:e3:c7:aa:c1:9c:4f:6f:a3:58:b3:27:19:37:59:78:94:
         ae:4a:9a:c5:17:f0:d4:98:eb:a1:d0:ba:b2:be:66:78:8a:e9:
         32:12:a7:c3:96:1a:f8:87:0b:17:0f:1d:11:f2:75:71:d9:78:
         7c:25:27:7a:99:04:58:e2:8b:f3:0b:26:c4:e5:e0:23:fe:3a:
         47:7c:10:fb:08:5b:f3:49:33:01:2e:16:e6:7c:b4:99:7d:2b:
         eb:1d:a8:3d:44:ad:3c:13:ed:51:58:71:d6:1e:5a:3d:3e:d2:
         5c:59:ba:26:ec:30:8c:ff:be:d5:7d:46:35:2c:1e:ec:c6:12:
         e2:c2:3b:95:01:a9:12:47:89:3c:9f:8d:30:e4:85:da:24:10:
         dc:4a:3f:e1:6e:0a:a0:32:9e:83:09:eb:c3:8c:46:c4:73:25:
         6b:0b:34:2a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvSWiViXG6Ijs4vVQ25toMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGRiZDM1YWIyNDQ2YTQ5ZDYwODIzZWRhZjdhMDI3N2ExZGNiMmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhPIxRgz6IDwKM+v0eJLfkIW/ex6n
rDI2R6OZbVo/m8DjSVutYgiFdXUzLCTMXo0c3C/NlCY2iXbxJ8O7J4HOXjYlU0Bv
1YE5yGUvrMDmPCd6aZZAzr+4XHVdVk4g8JTrklBy4vqgMTGFK/WsSgu+ieold/2Z
TQemqo/oK88ntjb0U2uJGe2v70ueS+cTWCJqGf0iqURX3f7FjX6UgKfXzxheYHrT
FdQ9NVhr6hxz+4sTKwYraOnfrqsUbGtiy65VP545gof95tpAX3Y6Yvsd3em0WoLl
1clIuJAgUBpwC7dHbktxgUKVtdhl4794Ic71fGITwRByvE6YQ0lum5nkrQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLjb01qyRGpJ1ggj7a96Aneh3LLeMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdU52VFdySkVha25XQ0NQdHIzb0NkNkhjc3Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhDMRAFw
MA0GCSqGSIb3DQEBCwUAA4IBAQCRt1BJcWDYOzOH3FiBcUldcZk2MWaOznbFGJdE
BLSzeWRWeDxOArkfBQEqaomuKWK7vnyT+b3HJdTfz17q9whU2fiIsK2utBJIcjfp
GMTCPVn2eWK6Do1kgvZrzuPHqsGcT2+jWLMnGTdZeJSuSprFF/DUmOuh0LqyvmZ4
iukyEqfDlhr4hwsXDx0R8nVx2Xh8JSd6mQRY4ovzCybE5eAj/jpHfBD7CFvzSTMB
LhbmfLSZfSvrHag9RK08E+1RWHHWHlo9PtJcWbom7DCM/77VfUY1LB7sxhLiwjuV
AakSR4k8n40w5IXaJBDcSj/hbgqgMp6DCevDjEbEcyVrCzQq
-----END CERTIFICATE-----