Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/6a3f35-35b8-49e0-9f44-b818faecb717/1/sX_0yC7azswPX-GLQ-JYJAf1D88.roa
File:                     sX_0yC7azswPX-GLQ-JYJAf1D88.roa (raw, json)
Hash identifier:          bNnKBHAYs/WUl2CN9OujtpXskuRokJJ0JtxlxLEnQNk=
Subject key identifier:   B1:7F:F4:C8:2E:DA:CE:CC:0F:5F:E1:8B:43:E2:58:24:07:F5:0F:CF
Certificate issuer:       /CN=fa4e405359a2131708fc02438d472568e2c03470
Certificate serial:       018CC86F74C9D96DD46E3C630383DC1FCD09
Authority key identifier: FA:4E:40:53:59:A2:13:17:08:FC:02:43:8D:47:25:68:E2:C0:34:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-k5AU1miExcI_AJDjUclaOLANHA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/6a3f35-35b8-49e0-9f44-b818faecb717/1/sX_0yC7azswPX-GLQ-JYJAf1D88.roa
Signing time:             Tue 02 Jan 2024 04:29:56 +0000
ROA not before:           Tue 02 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31743
IP address blocks:        2a10:8800::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/6a3f35-35b8-49e0-9f44-b818faecb717/1/1-k5AU1miExcI_AJDjUclaOLANHA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/6a3f35-35b8-49e0-9f44-b818faecb717/1/1-k5AU1miExcI_AJDjUclaOLANHA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-k5AU1miExcI_AJDjUclaOLANHA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 01:03:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:74:c9:d9:6d:d4:6e:3c:63:03:83:dc:1f:cd:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa4e405359a2131708fc02438d472568e2c03470
        Validity
            Not Before: Jan  2 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b17ff4c82edacecc0f5fe18b43e2582407f50fcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a7:c1:df:ef:1d:4d:c3:16:b8:93:9a:8f:e5:
                    1a:a2:74:9a:ae:e3:80:d1:89:a1:54:3d:5d:0f:f8:
                    6a:2f:18:ae:21:1d:97:dc:bf:73:13:86:de:98:6c:
                    3a:2d:3a:22:e4:6f:90:65:e7:ef:4b:fd:67:76:75:
                    2f:8a:2b:f8:ed:85:8d:92:fe:4e:cd:11:24:89:d5:
                    33:c3:4a:81:a2:cf:8e:48:af:f2:4d:70:6d:a4:ac:
                    22:37:f2:47:ba:f2:dc:5f:e9:77:f5:f6:50:e5:46:
                    09:71:c6:ce:12:64:ff:69:88:eb:4c:23:ae:d5:b9:
                    08:ad:37:e9:8d:d8:a1:fd:12:f5:fd:26:fd:c0:9d:
                    81:98:18:d2:5a:1a:ac:fb:82:e2:20:e1:e0:95:dd:
                    df:85:27:63:24:2a:0b:45:45:3d:4e:3a:16:f4:76:
                    d6:9a:4c:b7:61:fc:3e:f9:77:61:e4:81:ad:b9:2e:
                    60:af:31:c8:16:68:9d:eb:ea:25:3f:e6:7c:0b:de:
                    ea:fa:62:b2:bf:cd:16:0d:2b:00:ad:d1:d1:e0:3a:
                    eb:aa:58:06:ea:e8:62:6a:63:44:74:f3:a8:15:8b:
                    a6:a5:31:b9:a1:96:8b:ec:ea:0f:74:61:78:78:4e:
                    1e:24:5f:05:b3:b8:64:31:42:1a:08:bf:4a:d6:43:
                    e5:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:7F:F4:C8:2E:DA:CE:CC:0F:5F:E1:8B:43:E2:58:24:07:F5:0F:CF
            X509v3 Authority Key Identifier:
                keyid:FA:4E:40:53:59:A2:13:17:08:FC:02:43:8D:47:25:68:E2:C0:34:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-k5AU1miExcI_AJDjUclaOLANHA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/6a3f35-35b8-49e0-9f44-b818faecb717/1/sX_0yC7azswPX-GLQ-JYJAf1D88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/6a3f35-35b8-49e0-9f44-b818faecb717/1/1-k5AU1miExcI_AJDjUclaOLANHA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:8800::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:d5:9a:6f:b1:f2:bc:9e:0c:08:d7:9b:c6:4e:a0:55:65:40:
         9f:84:f0:01:68:2b:6a:94:d3:b6:5a:b7:0c:14:10:ea:c0:45:
         dd:eb:c1:b7:7c:90:6d:19:ed:a3:0d:bc:a0:aa:7c:18:90:26:
         43:98:25:6b:c0:44:16:3f:ef:61:09:4f:39:98:96:b7:b2:79:
         b6:e8:ca:d9:68:8d:0e:a0:1c:8c:61:e9:b0:a3:e6:3c:0a:32:
         20:6c:7d:3c:42:1f:9d:a5:12:1e:0b:5e:0d:21:69:c3:e0:28:
         d1:3c:6b:02:40:bd:b8:57:a6:90:42:a4:1a:e9:a7:72:9f:1c:
         4a:56:84:95:20:65:e0:a3:06:38:84:3e:08:c9:e0:2a:db:a7:
         3d:4c:d4:c6:a2:4e:2c:79:35:ed:72:cd:31:9d:dc:71:05:08:
         ee:e5:05:80:e2:e1:ab:49:aa:eb:ee:2e:75:ed:ba:7b:bd:99:
         a6:7c:ee:80:3c:5e:59:eb:a1:c3:71:aa:4e:e4:70:47:f6:67:
         04:b8:27:cf:99:cd:61:5b:c7:79:da:d5:3f:79:db:92:b7:fb:
         fc:cb:14:ee:3b:d4:69:11:c2:39:5a:59:d4:ce:44:c5:a1:5a:
         a1:b3:87:8c:1e:25:3c:aa:15:95:3f:db:80:2a:c0:c9:ec:79:
         93:d1:42:fd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIb3TJ2W3UbjxjA4PcH80JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhNGU0MDUzNTlhMjEzMTcwOGZjMDI0MzhkNDcyNTY4ZTJj
MDM0NzAwHhcNMjQwMTAyMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTdmZjRjODJlZGFjZWNjMGY1ZmUxOGI0M2UyNTgyNDA3ZjUwZmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKfB3+8dTcMWuJOaj+UaonSaruOA
0YmhVD1dD/hqLxiuIR2X3L9zE4bemGw6LToi5G+QZefvS/1ndnUviiv47YWNkv5O
zREkidUzw0qBos+OSK/yTXBtpKwiN/JHuvLcX+l39fZQ5UYJccbOEmT/aYjrTCOu
1bkIrTfpjdih/RL1/Sb9wJ2BmBjSWhqs+4LiIOHgld3fhSdjJCoLRUU9TjoW9HbW
mky3Yfw++Xdh5IGtuS5grzHIFmid6+olP+Z8C97q+mKyv80WDSsArdHR4DrrqlgG
6uhiamNEdPOoFYumpTG5oZaL7OoPdGF4eE4eJF8Fs7hkMUIaCL9K1kPl/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLF/9Mgu2s7MD1/hi0PiWCQH9Q/PMB8GA1UdIwQY
MBaAFPpOQFNZohMXCPwCQ41HJWjiwDRwMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1rNUFVMW1pRXhjSV9BSkRqVWNsYU9MQU5IQS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDcvNmEzZjM1LTM1YjgtNDllMC05ZjQ0
LWI4MThmYWVjYjcxNy8xL3NYXzB5QzdhenN3UFgtR0xRLUpZSkFmMUQ4OC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDcvNmEzZjM1LTM1YjgtNDllMC05ZjQ0LWI4MThmYWVjYjcx
Ny8xLzEtazVBVTFtaUV4Y0lfQUpEalVjbGFPTEFOSEEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQMqEIgA
MA0GCSqGSIb3DQEBCwUAA4IBAQCG1ZpvsfK8ngwI15vGTqBVZUCfhPABaCtqlNO2
WrcMFBDqwEXd68G3fJBtGe2jDbygqnwYkCZDmCVrwEQWP+9hCU85mJa3snm26MrZ
aI0OoByMYemwo+Y8CjIgbH08Qh+dpRIeC14NIWnD4CjRPGsCQL24V6aQQqQa6ady
nxxKVoSVIGXgowY4hD4IyeAq26c9TNTGok4seTXtcs0xndxxBQju5QWA4uGrSarr
7i517bp7vZmmfO6APF5Z66HDcapO5HBH9mcEuCfPmc1hW8d52tU/eduSt/v8yxTu
O9RpEcI5WlnUzkTFoVqhs4eMHiU8qhWVP9uAKsDJ7HmT0UL9
-----END CERTIFICATE-----