Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/roGzy9Hh3diM6nB74033mpvoFU0.roa
File:                     roGzy9Hh3diM6nB74033mpvoFU0.roa (raw, json)
Hash identifier:          3bgXUeRKM+BmH6+/kZBTTLiMoDlqx70jhCXZL96syqs=
Subject key identifier:   AE:81:B3:CB:D1:E1:DD:D8:8C:EA:70:7B:E3:4D:F7:9A:9B:E8:15:4D
Certificate issuer:       /CN=217b7ab062bc828b348d05306e65354748b9d6d6
Certificate serial:       018CC9BC13F249A28634B5ADFAAB7589BD6D
Authority key identifier: 21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/roGzy9Hh3diM6nB74033mpvoFU0.roa
Signing time:             Tue 02 Jan 2024 10:33:15 +0000
ROA not before:           Tue 02 Jan 2024 10:33:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63023
IP address blocks:        2a10:cbc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:13:f2:49:a2:86:34:b5:ad:fa:ab:75:89:bd:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=217b7ab062bc828b348d05306e65354748b9d6d6
        Validity
            Not Before: Jan  2 10:33:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae81b3cbd1e1ddd88cea707be34df79a9be8154d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:6d:80:0a:bd:6e:df:b4:7a:51:bc:ae:46:f9:
                    39:3d:53:f2:40:d7:07:03:d4:c6:da:3a:45:c4:14:
                    18:14:5d:b3:11:b8:b5:6b:91:bd:53:2d:50:4b:cc:
                    cb:1c:fe:d0:35:a5:aa:cd:0f:2e:34:96:40:89:3c:
                    91:87:ff:48:3f:16:a1:5f:ed:9d:00:13:d7:ec:22:
                    36:cf:37:80:25:75:51:39:3c:9a:8c:47:33:af:42:
                    74:9c:8a:55:c0:b3:7d:f5:de:10:00:0b:47:b1:82:
                    03:04:1e:c2:d0:02:0f:56:bc:5d:0c:2c:1a:36:f0:
                    db:5f:5d:92:52:57:88:02:a8:cd:16:b5:28:c2:4d:
                    11:c4:25:33:9a:a7:54:77:b1:ee:d4:6f:79:87:cc:
                    4c:a8:1e:9c:e0:a2:c3:cb:67:4a:3d:47:9a:0f:a8:
                    78:9d:93:bd:0d:0c:9b:9e:4f:39:bc:33:97:d3:98:
                    f0:6c:0e:54:07:e1:ea:d3:95:42:c0:55:18:ab:c0:
                    c2:5e:23:1c:bd:14:b5:2d:d1:1f:84:1b:0a:39:69:
                    02:fb:71:68:b6:2f:58:f3:f8:e4:2e:6c:a1:2a:36:
                    4a:41:38:fd:58:74:a1:4d:3f:d9:76:d4:f5:6a:4a:
                    0e:ea:86:44:83:f8:87:a4:e1:ac:b5:05:06:fe:10:
                    a3:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:81:B3:CB:D1:E1:DD:D8:8C:EA:70:7B:E3:4D:F7:9A:9B:E8:15:4D
            X509v3 Authority Key Identifier:
                keyid:21:7B:7A:B0:62:BC:82:8B:34:8D:05:30:6E:65:35:47:48:B9:D6:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IXt6sGK8gos0jQUwbmU1R0i51tY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/roGzy9Hh3diM6nB74033mpvoFU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/a8dadc-611b-4063-adb6-55b659cd82bb/1/IXt6sGK8gos0jQUwbmU1R0i51tY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:cbc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:f9:1a:76:eb:3c:8e:ac:4c:bf:c0:31:b5:4e:65:b2:fe:3c:
         2b:93:f3:dd:f2:b8:7e:9a:51:ff:d4:cd:72:be:3c:f8:52:bf:
         bd:24:a5:29:1b:50:4f:a4:3e:b6:ae:d7:c1:e0:f2:9f:bc:71:
         c0:0d:0f:ed:16:8c:e9:07:f8:59:70:ef:2a:b2:5b:a4:27:80:
         35:3b:da:0c:23:1c:0f:89:9a:a5:fa:8d:5a:81:c4:8c:d0:2f:
         41:d8:14:bf:29:33:ba:c4:34:d5:b8:80:36:df:be:97:4f:22:
         dc:f3:34:bd:a7:13:d4:49:47:42:3b:63:3f:3b:12:ac:b6:50:
         a1:e4:51:94:47:68:bc:66:67:a3:2b:6c:fe:49:a0:6b:27:8c:
         de:07:6d:fe:2d:48:41:89:58:99:4d:61:de:db:13:68:2b:51:
         44:c2:6e:d5:2f:cc:11:2e:d5:be:d2:62:83:c0:25:a9:ee:fc:
         8c:bb:51:cf:e9:04:dc:0b:f8:e3:6c:00:17:52:df:d2:85:33:
         14:2f:5c:8a:3a:2f:11:7f:49:f3:1f:f7:ad:97:15:71:cd:df:
         34:03:50:4f:71:cf:6d:39:e9:8b:7c:d4:04:6f:a3:f8:27:bf:
         e8:49:a2:50:af:90:3a:cd:e8:47:b8:8a:b0:1e:2b:2c:84:75:
         6c:42:37:ee
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJvBPySaKGNLWt+qt1ib1tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxN2I3YWIwNjJiYzgyOGIzNDhkMDUzMDZlNjUzNTQ3NDhi
OWQ2ZDYwHhcNMjQwMTAyMTAzMzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTgxYjNjYmQxZTFkZGQ4OGNlYTcwN2JlMzRkZjc5YTliZTgxNTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoG2ACr1u37R6UbyuRvk5PVPyQNcH
A9TG2jpFxBQYFF2zEbi1a5G9Uy1QS8zLHP7QNaWqzQ8uNJZAiTyRh/9IPxahX+2d
ABPX7CI2zzeAJXVROTyajEczr0J0nIpVwLN99d4QAAtHsYIDBB7C0AIPVrxdDCwa
NvDbX12SUleIAqjNFrUowk0RxCUzmqdUd7Hu1G95h8xMqB6c4KLDy2dKPUeaD6h4
nZO9DQybnk85vDOX05jwbA5UB+Hq05VCwFUYq8DCXiMcvRS1LdEfhBsKOWkC+3Fo
ti9Y8/jkLmyhKjZKQTj9WHShTT/ZdtT1akoO6oZEg/iHpOGstQUG/hCj7wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK6Bs8vR4d3YjOpwe+NN95qb6BVNMB8GA1UdIwQY
MBaAFCF7erBivIKLNI0FMG5lNUdIudbWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYt
NTViNjU5Y2Q4MmJiLzEvcm9Henk5SGgzZGlNNm5CNzQwMzNtcHZvRlUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9hOGRhZGMtNjExYi00MDYzLWFkYjYtNTViNjU5Y2Q4MmJi
LzEvSVh0NnNHSzhnb3MwalFVd2JtVTFSMGk1MXRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhDLwDAN
BgkqhkiG9w0BAQsFAAOCAQEAUvkadus8jqxMv8AxtU5lsv48K5Pz3fK4fppR/9TN
cr48+FK/vSSlKRtQT6Q+tq7XweDyn7xxwA0P7RaM6Qf4WXDvKrJbpCeANTvaDCMc
D4mapfqNWoHEjNAvQdgUvykzusQ01biANt++l08i3PM0vacT1ElHQjtjPzsSrLZQ
oeRRlEdovGZnoyts/kmgayeM3gdt/i1IQYlYmU1h3tsTaCtRRMJu1S/MES7VvtJi
g8Alqe78jLtRz+kE3Av442wAF1Lf0oUzFC9cijovEX9J8x/3rZcVcc3fNANQT3HP
bTnpi3zUBG+j+Ce/6EmiUK+QOs3oR7iKsB4rLIR1bEI37g==
-----END CERTIFICATE-----