Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/yZIgfQ4WEct73-MtKA5osePp72g.roa
File:                     yZIgfQ4WEct73-MtKA5osePp72g.roa (raw, json)
Hash identifier:          zki9nlTpYVs6dbYfHoDX+GeUE4SfJrFAVnJFzBj6yKI=
Subject key identifier:   C9:92:20:7D:0E:16:11:CB:7B:DF:E3:2D:28:0E:68:B1:E3:E9:EF:68
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018E3D7CB11E5DE7092DEBBA9CF750D168B0
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/yZIgfQ4WEct73-MtKA5osePp72g.roa
Signing time:             Thu 14 Mar 2024 15:02:45 +0000
ROA not before:           Thu 14 Mar 2024 15:02:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     149476
IP address blocks:        2a10:ccc3:ccc0::/46 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3d:7c:b1:1e:5d:e7:09:2d:eb:ba:9c:f7:50:d1:68:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Mar 14 15:02:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c992207d0e1611cb7bdfe32d280e68b1e3e9ef68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:bb:c9:75:34:79:d6:6e:29:03:71:d5:68:67:
                    7b:c9:e3:26:63:6a:6e:b3:44:1b:62:91:86:2e:e1:
                    c1:c3:11:5c:98:bd:00:3a:cf:9d:4f:0a:30:dc:ce:
                    98:1f:8c:3d:e9:ed:9d:3e:04:7f:d0:01:42:7b:7d:
                    3e:8c:74:3c:00:fd:5a:7a:f4:26:fd:0c:26:f3:30:
                    f8:39:f8:bc:32:30:d0:e0:b8:d5:87:5b:41:84:76:
                    36:f3:cb:15:ab:a1:7a:32:fa:49:3c:ad:af:ea:24:
                    5f:43:7e:5b:f1:4d:dd:72:ce:0e:e9:af:1f:8e:4f:
                    a7:32:0e:4c:08:fc:95:07:fb:5b:11:b8:7f:78:33:
                    19:93:8f:12:e8:b1:84:fd:3f:b6:82:7c:46:44:a3:
                    5b:9d:d2:91:05:7d:2d:25:e9:7c:d5:c1:6f:8e:68:
                    5c:7a:dd:2c:e4:c2:fd:ac:c6:eb:65:09:64:21:f5:
                    8d:35:b5:fc:1a:db:58:63:72:3a:05:dc:dd:79:27:
                    f9:dd:bf:66:1b:db:58:5b:e6:43:d4:cc:00:b5:b3:
                    21:b6:b0:b9:e4:8e:60:f7:d1:b6:14:ea:d9:52:df:
                    7c:d4:09:d4:ed:68:e0:a8:a1:9d:0e:b1:36:e5:a0:
                    30:0e:71:aa:d2:24:5e:b2:71:75:c3:59:54:93:e9:
                    21:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:92:20:7D:0E:16:11:CB:7B:DF:E3:2D:28:0E:68:B1:E3:E9:EF:68
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/yZIgfQ4WEct73-MtKA5osePp72g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc3:ccc0::/46

    Signature Algorithm: sha256WithRSAEncryption
         c7:b2:07:7b:fc:23:c7:e6:28:4e:bd:cc:5a:89:29:d5:24:78:
         2b:6b:5e:ad:e4:cf:73:af:7f:85:cf:5a:e4:57:b9:a0:88:80:
         04:f2:ec:12:b6:f0:78:90:c9:61:d1:be:0b:f1:32:35:c5:f5:
         2c:77:d4:6a:ef:02:8c:12:6d:f6:b3:dd:de:68:ce:6d:8d:c4:
         ff:e6:09:b9:e2:43:4e:0c:e8:3c:f7:b5:86:55:93:28:ff:9b:
         c0:d6:0a:fd:31:1f:c4:7d:b8:9a:62:0e:ee:cb:a3:67:5c:0c:
         9c:ec:12:a3:c4:20:cb:b3:f0:39:30:a1:73:60:e8:0c:2b:68:
         0e:12:1a:e3:27:40:16:89:95:92:3b:8f:b5:30:19:22:cb:41:
         88:1f:a0:10:ba:ad:bb:05:57:46:a6:1f:ce:56:87:d5:99:6a:
         e6:c9:e2:97:33:7e:6b:2b:fc:7d:31:51:5b:d0:c9:d6:aa:78:
         ea:3c:ae:98:58:32:25:54:b2:3b:0d:30:4b:cd:05:18:f3:5b:
         33:38:27:03:d9:44:ba:3b:e9:a3:2a:92:48:ac:30:65:2f:bd:
         0f:f3:69:5f:04:c5:1d:ae:e0:17:26:fa:d0:e5:3b:c2:a5:ac:
         c8:5f:2d:7c:cd:75:82:2f:52:2c:f4:19:06:06:52:bb:dc:99:
         2c:c2:c0:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY49fLEeXecJLeu6nPdQ0WiwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMzE0MTUwMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTkyMjA3ZDBlMTYxMWNiN2JkZmUzMmQyODBlNjhiMWUzZTllZjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgrvJdTR51m4pA3HVaGd7yeMmY2pu
s0QbYpGGLuHBwxFcmL0AOs+dTwow3M6YH4w96e2dPgR/0AFCe30+jHQ8AP1aevQm
/Qwm8zD4Ofi8MjDQ4LjVh1tBhHY288sVq6F6MvpJPK2v6iRfQ35b8U3dcs4O6a8f
jk+nMg5MCPyVB/tbEbh/eDMZk48S6LGE/T+2gnxGRKNbndKRBX0tJel81cFvjmhc
et0s5ML9rMbrZQlkIfWNNbX8GttYY3I6BdzdeSf53b9mG9tYW+ZD1MwAtbMhtrC5
5I5g99G2FOrZUt981AnU7WjgqKGdDrE25aAwDnGq0iResnF1w1lUk+khowIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMmSIH0OFhHLe9/jLSgOaLHj6e9oMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEveVpJZ2ZRNFdFY3Q3My1NdEtBNW9zZVBwNzJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKhDMw8zA
MA0GCSqGSIb3DQEBCwUAA4IBAQDHsgd7/CPH5ihOvcxaiSnVJHgra16t5M9zr3+F
z1rkV7mgiIAE8uwStvB4kMlh0b4L8TI1xfUsd9Rq7wKMEm32s93eaM5tjcT/5gm5
4kNODOg897WGVZMo/5vA1gr9MR/EfbiaYg7uy6NnXAyc7BKjxCDLs/A5MKFzYOgM
K2gOEhrjJ0AWiZWSO4+1MBkiy0GIH6AQuq27BVdGph/OVofVmWrmyeKXM35rK/x9
MVFb0MnWqnjqPK6YWDIlVLI7DTBLzQUY81szOCcD2US6O+mjKpJIrDBlL70P82lf
BMUdruAXJvrQ5TvCpazIXy18zXWCL1Is9BkGBlK73JkswsB/
-----END CERTIFICATE-----