Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/O6la6v66tJUK1nvrXYuEyNEX52w.roa
File:                     O6la6v66tJUK1nvrXYuEyNEX52w.roa (raw, json)
Hash identifier:          5sIqpnuSrG+CKokkaCSwpP4vl/V7xzFw4GLj2V2lGsI=
Subject key identifier:   3B:A9:5A:EA:FE:BA:B4:95:0A:D6:7B:EB:5D:8B:84:C8:D1:17:E7:6C
Certificate issuer:       /CN=947320d030930178e6f7ceef91d2ab8784d3dc16
Certificate serial:       018CC6B7DDC0897C267C4AE0734853B68A42
Authority key identifier: 94:73:20:D0:30:93:01:78:E6:F7:CE:EF:91:D2:AB:87:84:D3:DC:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lHMg0DCTAXjm987vkdKrh4TT3BY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/O6la6v66tJUK1nvrXYuEyNEX52w.roa
Signing time:             Mon 01 Jan 2024 20:29:47 +0000
ROA not before:           Mon 01 Jan 2024 20:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42708
IP address blocks:        2a10:1fc0:9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/lHMg0DCTAXjm987vkdKrh4TT3BY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/lHMg0DCTAXjm987vkdKrh4TT3BY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lHMg0DCTAXjm987vkdKrh4TT3BY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:dd:c0:89:7c:26:7c:4a:e0:73:48:53:b6:8a:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=947320d030930178e6f7ceef91d2ab8784d3dc16
        Validity
            Not Before: Jan  1 20:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ba95aeafebab4950ad67beb5d8b84c8d117e76c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:25:71:3f:ea:a4:36:6f:5d:81:16:30:88:03:
                    3f:cf:42:3b:af:42:be:02:c7:87:46:84:30:58:c0:
                    b9:bb:83:50:54:bf:47:51:9b:83:d0:4c:d8:33:52:
                    39:06:d5:47:16:74:a2:fb:43:f4:a9:98:c2:08:eb:
                    70:14:a7:f1:f3:c6:90:df:61:1c:a6:27:a5:a9:1a:
                    d2:4f:35:68:7a:f5:23:8d:cc:4f:43:7e:10:8d:df:
                    19:98:40:55:dc:98:33:88:8c:e0:51:b9:e1:2a:d7:
                    a7:1d:54:4c:84:76:30:a5:7b:a5:2f:66:f0:cf:ff:
                    2d:91:99:37:bf:b7:f4:f9:06:7e:98:12:67:63:49:
                    c6:ae:58:4f:d1:21:dd:1b:cd:eb:3a:5f:ab:72:62:
                    be:2b:bc:1a:20:71:3b:2a:9a:f3:b2:da:42:54:c3:
                    f0:4c:c1:74:26:8d:bb:b8:9c:bc:e1:38:ca:f0:28:
                    0f:f2:cf:99:ab:28:bd:1b:a5:e7:d9:7d:ef:d0:77:
                    0f:82:79:6b:c9:8e:5e:11:db:fb:35:d6:7b:33:66:
                    d2:a1:63:77:42:00:e2:fc:bf:94:f7:59:a4:a6:2c:
                    dc:9c:f3:d2:b0:ec:62:b3:d2:fd:77:36:bc:e3:ab:
                    fa:a8:f8:73:da:4e:5c:d8:63:83:b5:cc:af:4d:fe:
                    be:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:A9:5A:EA:FE:BA:B4:95:0A:D6:7B:EB:5D:8B:84:C8:D1:17:E7:6C
            X509v3 Authority Key Identifier:
                keyid:94:73:20:D0:30:93:01:78:E6:F7:CE:EF:91:D2:AB:87:84:D3:DC:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lHMg0DCTAXjm987vkdKrh4TT3BY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/O6la6v66tJUK1nvrXYuEyNEX52w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/lHMg0DCTAXjm987vkdKrh4TT3BY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:1fc0:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:be:ae:47:d5:dd:ea:b1:1e:1a:7f:8c:a6:ad:2c:83:7f:4f:
         fc:57:b1:1c:04:e1:62:5c:67:b1:0d:d6:3f:05:a3:2f:c1:d1:
         4f:d0:19:69:72:9e:e2:00:ef:b8:6a:bc:02:a8:bc:cb:58:89:
         d6:99:9a:9a:e5:b1:35:ae:d0:9a:c3:48:a4:a6:20:b2:34:26:
         82:18:2a:89:0b:d2:a2:b1:a7:f1:44:f9:b1:c4:09:c8:3a:c6:
         9e:88:de:02:40:ec:4e:40:49:14:e1:0a:9e:01:df:93:1a:f4:
         fe:01:6e:29:c1:27:9b:fa:6a:41:f5:2f:fe:85:f2:15:91:e6:
         d2:7a:17:49:b1:7d:a1:8c:04:0c:6a:f0:c2:d9:36:c4:c9:5c:
         7a:c9:85:c1:f6:73:3b:af:ac:7d:a2:9e:36:0d:a3:25:a0:ab:
         8a:49:a5:de:20:d5:1b:94:ba:35:c9:3f:8e:2d:af:ab:85:8d:
         6b:58:50:7c:ce:3c:1f:c1:7c:fc:7e:cd:0e:ad:84:4f:06:87:
         ea:7e:48:fa:36:18:b8:4b:82:5d:23:50:69:5d:b8:cd:b6:8c:
         76:26:b5:49:ce:84:97:1b:a7:34:9a:c4:8f:f1:7f:ff:05:2b:
         7c:8c:56:d4:4b:c0:09:8f:a9:18:32:3d:01:11:70:fd:a8:1c:
         20:17:6d:29
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGt93AiXwmfErgc0hTtopCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0NzMyMGQwMzA5MzAxNzhlNmY3Y2VlZjkxZDJhYjg3ODRk
M2RjMTYwHhcNMjQwMTAxMjAyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmE5NWFlYWZlYmFiNDk1MGFkNjdiZWI1ZDhiODRjOGQxMTdlNzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCVxP+qkNm9dgRYwiAM/z0I7r0K+
AseHRoQwWMC5u4NQVL9HUZuD0EzYM1I5BtVHFnSi+0P0qZjCCOtwFKfx88aQ32Ec
pielqRrSTzVoevUjjcxPQ34Qjd8ZmEBV3JgziIzgUbnhKtenHVRMhHYwpXulL2bw
z/8tkZk3v7f0+QZ+mBJnY0nGrlhP0SHdG83rOl+rcmK+K7waIHE7KprzstpCVMPw
TMF0Jo27uJy84TjK8CgP8s+Zqyi9G6Xn2X3v0HcPgnlryY5eEdv7NdZ7M2bSoWN3
QgDi/L+U91mkpizcnPPSsOxis9L9dza846v6qPhz2k5c2GODtcyvTf6+IQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDupWur+urSVCtZ7612LhMjRF+dsMB8GA1UdIwQY
MBaAFJRzINAwkwF45vfO75HSq4eE09wWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEhNZzBEQ1RBWGptOTg3dmtkS3JoNFRUM0JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC84MmU4NzYtYzk5Ny00NjA1LTg3YWEt
OGFjNGEyMTkzOGI0LzEvTzZsYTZ2NjZ0SlVLMW52clhZdUV5TkVYNTJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC84MmU4NzYtYzk5Ny00NjA1LTg3YWEtOGFjNGEyMTkzOGI0
LzEvbEhNZzBEQ1RBWGptOTg3dmtkS3JoNFRUM0JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAfwAAJ
MA0GCSqGSIb3DQEBCwUAA4IBAQChvq5H1d3qsR4af4ymrSyDf0/8V7EcBOFiXGex
DdY/BaMvwdFP0Blpcp7iAO+4arwCqLzLWInWmZqa5bE1rtCaw0ikpiCyNCaCGCqJ
C9KisafxRPmxxAnIOsaeiN4CQOxOQEkU4QqeAd+TGvT+AW4pwSeb+mpB9S/+hfIV
kebSehdJsX2hjAQMavDC2TbEyVx6yYXB9nM7r6x9op42DaMloKuKSaXeINUblLo1
yT+OLa+rhY1rWFB8zjwfwXz8fs0OrYRPBofqfkj6Nhi4S4JdI1BpXbjNtox2JrVJ
zoSXG6c0msSP8X//BSt8jFbUS8AJj6kYMj0BEXD9qBwgF20p
-----END CERTIFICATE-----