Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/DGYTbW9Ir9KMBgCraqJM7GTIy4A.roa
File:                     DGYTbW9Ir9KMBgCraqJM7GTIy4A.roa (raw, json)
Hash identifier:          Mirl8dOytZmD+kKVHs6j2ofk7bwQ7qZrvcazoL5oyCw=
Subject key identifier:   0C:66:13:6D:6F:48:AF:D2:8C:06:00:AB:6A:A2:4C:EC:64:C8:CB:80
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       01942746FB7DE1EB17D9D38047E64EAFC6A7
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/DGYTbW9Ir9KMBgCraqJM7GTIy4A.roa
Signing time:             Thu 02 Jan 2025 13:49:10 +0000
ROA not before:           Thu 02 Jan 2025 13:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205007
IP address blocks:        2a10:9686::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:fb:7d:e1:eb:17:d9:d3:80:47:e6:4e:af:c6:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Jan  2 13:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c66136d6f48afd28c0600ab6aa24cec64c8cb80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c8:0d:b4:30:4e:f7:4d:3e:d6:ee:b8:8d:77:
                    fd:69:a3:28:69:4c:7f:ed:aa:e5:87:fb:fc:f4:88:
                    00:fc:49:75:08:76:38:4d:81:80:48:ef:e4:2f:ca:
                    bf:1c:24:f5:3a:f3:1a:59:8b:a7:bb:a1:32:bb:c2:
                    68:0f:3a:1d:a8:cc:83:6e:dd:d2:ca:d3:e8:b4:ce:
                    b6:a8:47:bc:7a:10:04:77:1c:ca:7e:7d:10:97:67:
                    cf:5b:c0:b0:6c:a7:78:59:86:e6:69:73:9b:d6:0e:
                    ca:93:a0:46:0a:e0:a0:52:46:43:35:e6:d1:6b:d8:
                    43:bc:50:08:f3:1f:c1:47:f7:19:95:6b:6d:23:39:
                    c6:44:48:c5:7b:cc:fc:4e:0c:29:21:27:37:87:fe:
                    6c:19:f8:0a:6e:68:17:33:94:a6:ce:61:b1:70:e0:
                    a3:76:76:f7:25:45:0b:ec:16:66:e7:bb:f4:88:60:
                    ec:b4:7a:9a:a0:3e:24:ec:19:44:dd:10:cb:93:3f:
                    33:81:68:a9:12:2f:10:c1:2a:f9:71:09:2e:cf:d2:
                    aa:c2:55:0a:68:bf:35:08:d7:60:76:61:3e:c8:39:
                    95:6a:57:ce:dc:56:a5:97:d5:bd:9a:5d:a6:85:73:
                    e5:15:64:0c:1d:84:28:d2:7e:79:14:0e:a1:b8:92:
                    8d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:66:13:6D:6F:48:AF:D2:8C:06:00:AB:6A:A2:4C:EC:64:C8:CB:80
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/DGYTbW9Ir9KMBgCraqJM7GTIy4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:9686::/32

    Signature Algorithm: sha256WithRSAEncryption
         05:2c:d1:ea:ae:be:53:47:05:e5:bb:fc:ad:e4:b2:b6:77:25:
         48:b4:49:b3:7b:2a:51:60:c7:8d:54:b3:66:c0:9c:8c:4f:90:
         d8:c5:44:32:a1:2b:62:7c:7a:a6:fc:6f:83:40:97:56:ed:19:
         03:4a:5e:2f:45:6a:9e:ff:16:c7:9b:b3:5b:14:01:6f:6f:ae:
         78:76:bc:ce:10:7d:e3:35:9b:42:26:4d:39:ad:a2:35:66:e2:
         5c:97:a6:4e:8f:87:f2:d4:c2:f7:54:83:05:e4:8e:3c:51:e6:
         00:20:89:75:5d:1a:75:d7:e1:f7:e6:65:24:57:19:9e:6a:44:
         f8:8d:33:86:b2:1b:b2:4b:c3:03:e4:bb:65:73:8c:27:0d:41:
         13:ea:c3:8f:28:ab:f8:17:24:4d:68:48:28:86:b2:d5:fc:14:
         6a:df:ac:76:34:8a:58:28:2f:74:cb:54:3e:86:e9:9e:bc:7d:
         d1:fd:be:f4:72:3a:d5:fe:88:8f:f7:b5:09:23:41:5b:cf:5f:
         c2:f8:ba:66:20:27:73:5f:4d:02:d9:76:16:14:9f:58:71:53:
         d6:b9:89:6a:08:db:ab:6d:96:b8:43:fc:0a:17:d2:6c:77:28:
         49:c2:ea:a7:07:27:fb:c4:e7:6a:99:cd:19:d2:89:75:b8:ba:
         09:00:6f:3d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQnRvt94esX2dOAR+ZOr8anMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjUwMTAyMTM0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzY2MTM2ZDZmNDhhZmQyOGMwNjAwYWI2YWEyNGNlYzY0YzhjYjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtsgNtDBO900+1u64jXf9aaMoaUx/
7arlh/v89IgA/El1CHY4TYGASO/kL8q/HCT1OvMaWYunu6Eyu8JoDzodqMyDbt3S
ytPotM62qEe8ehAEdxzKfn0Ql2fPW8CwbKd4WYbmaXOb1g7Kk6BGCuCgUkZDNebR
a9hDvFAI8x/BR/cZlWttIznGREjFe8z8TgwpISc3h/5sGfgKbmgXM5SmzmGxcOCj
dnb3JUUL7BZm57v0iGDstHqaoD4k7BlE3RDLkz8zgWipEi8QwSr5cQkuz9KqwlUK
aL81CNdgdmE+yDmValfO3Fall9W9ml2mhXPlFWQMHYQo0n55FA6huJKNBwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAxmE21vSK/SjAYAq2qiTOxkyMuAMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvREdZVGJXOUlyOUtNQmdDcmFxSk03R1RJeTRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhCWhjAN
BgkqhkiG9w0BAQsFAAOCAQEABSzR6q6+U0cF5bv8reSytnclSLRJs3sqUWDHjVSz
ZsCcjE+Q2MVEMqErYnx6pvxvg0CXVu0ZA0peL0Vqnv8Wx5uzWxQBb2+ueHa8zhB9
4zWbQiZNOa2iNWbiXJemTo+H8tTC91SDBeSOPFHmACCJdV0addfh9+ZlJFcZnmpE
+I0zhrIbskvDA+S7ZXOMJw1BE+rDjyir+BckTWhIKIay1fwUat+sdjSKWCgvdMtU
Pobpnrx90f2+9HI61f6Ij/e1CSNBW89fwvi6ZiAnc19NAtl2FhSfWHFT1rmJagjb
q22WuEP8ChfSbHcoScLqpwcn+8TnapnNGdKJdbi6CQBvPQ==
-----END CERTIFICATE-----