Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/1-KfmwOH34m_f6r77sOwst0JtBeI.roa
File:                     1-KfmwOH34m_f6r77sOwst0JtBeI.roa (raw, json)
Hash identifier:          Ri3NpiRxTX5tBPjsu6b8CcmQLtOesvoe35OOVrPDEeI=
Subject key identifier:   F8:A7:E6:C0:E1:F7:E2:6F:DF:EA:BE:FB:B0:EC:2C:B7:42:6D:05:E2
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018CC4936D366A6A551D6D8B5E43958271B0
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/1-KfmwOH34m_f6r77sOwst0JtBeI.roa
Signing time:             Mon 01 Jan 2024 10:30:45 +0000
ROA not before:           Mon 01 Jan 2024 10:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210810
IP address blocks:        2a10:4646:d0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 09:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6d:36:6a:6a:55:1d:6d:8b:5e:43:95:82:71:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  1 10:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8a7e6c0e1f7e26fdfeabefbb0ec2cb7426d05e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:67:02:4d:6c:32:71:bf:fb:8c:8f:fa:ac:c2:
                    b2:ac:3b:0f:24:b4:a2:02:60:51:74:22:e1:ce:74:
                    44:28:5e:e1:ef:9d:23:9c:30:cb:04:d0:b0:f8:a1:
                    b2:d2:86:fc:9a:b8:2e:19:0b:3d:cb:47:25:c0:5f:
                    62:f0:56:57:14:57:c5:75:b3:e8:8c:41:4f:25:67:
                    48:20:42:f2:40:4b:36:2b:e0:8c:76:00:7a:1c:75:
                    f4:c9:19:77:b2:5b:f9:40:54:4f:24:6e:39:f5:5c:
                    4c:cf:48:43:bc:47:88:96:ee:04:77:39:32:45:d4:
                    1a:c8:81:4e:64:01:e4:85:4a:a8:c3:f5:7c:bc:64:
                    8e:12:4d:b1:d8:01:b5:c4:15:dc:79:33:26:0c:f1:
                    94:d7:30:9d:45:82:90:92:c7:6a:9e:32:4f:e7:a3:
                    29:1c:03:e7:c1:f0:90:4a:08:63:68:e8:86:20:8b:
                    a3:73:8c:67:e6:91:85:78:9c:5f:63:42:5e:4c:95:
                    a9:3d:28:8b:fe:f7:ef:a9:16:df:a9:dd:76:73:28:
                    df:98:ca:c7:9e:d4:cd:93:85:7d:c9:4e:d5:e9:98:
                    2f:eb:c7:26:25:ee:aa:b6:06:c1:9f:d8:e3:04:86:
                    fd:78:18:25:3b:73:c0:4c:42:7f:05:42:40:ee:45:
                    08:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:A7:E6:C0:E1:F7:E2:6F:DF:EA:BE:FB:B0:EC:2C:B7:42:6D:05:E2
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/1-KfmwOH34m_f6r77sOwst0JtBeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         0f:d8:c5:5c:95:d6:ec:9d:5e:70:f9:a6:ff:83:83:08:35:61:
         26:e1:c5:59:0e:b2:3a:49:c4:45:d9:98:1d:b7:9c:a4:6e:e4:
         00:db:11:dd:ce:ec:f3:91:0e:46:4c:5c:23:01:e0:bc:b5:77:
         b0:ae:50:55:ec:e8:2a:06:77:e1:ee:ba:fc:9f:91:cd:05:d3:
         16:69:b2:f7:1f:fc:f3:43:16:3e:28:d2:4b:2c:ee:39:fd:97:
         63:1f:bf:36:f2:11:c3:2f:2a:84:e2:08:55:e0:dd:78:0b:13:
         f0:b4:d1:46:cc:c3:69:75:66:9c:88:6b:e4:11:86:41:0c:53:
         4f:42:cb:d0:39:af:04:0a:70:39:cf:e4:7d:31:fe:1f:af:c9:
         58:59:e4:33:75:7d:f9:9c:ba:0b:90:04:b8:d3:df:31:8e:0f:
         4c:a1:50:9c:63:47:56:99:c3:5f:c8:81:16:e3:f6:2f:bc:15:
         35:be:1b:e4:4a:32:80:1f:3a:bc:6d:68:64:b6:70:19:f3:f3:
         d8:17:f8:3f:38:c6:7e:d9:29:fa:2d:65:19:80:14:be:3b:4b:
         73:6a:64:f2:dc:b8:eb:6d:8e:11:58:97:c9:21:0d:48:43:33:
         32:66:4a:4a:09:60:2f:10:fe:e8:ce:45:35:67:ed:b7:33:c3:
         f0:3e:2e:16
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAYzEk202ampVHW2LXkOVgnGwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTAxMTAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGE3ZTZjMGUxZjdlMjZmZGZlYWJlZmJiMGVjMmNiNzQyNmQwNWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2cCTWwycb/7jI/6rMKyrDsPJLSi
AmBRdCLhznREKF7h750jnDDLBNCw+KGy0ob8mrguGQs9y0clwF9i8FZXFFfFdbPo
jEFPJWdIIELyQEs2K+CMdgB6HHX0yRl3slv5QFRPJG459VxMz0hDvEeIlu4Edzky
RdQayIFOZAHkhUqow/V8vGSOEk2x2AG1xBXceTMmDPGU1zCdRYKQksdqnjJP56Mp
HAPnwfCQSghjaOiGIIujc4xn5pGFeJxfY0JeTJWpPSiL/vfvqRbfqd12cyjfmMrH
ntTNk4V9yU7V6Zgv68cmJe6qtgbBn9jjBIb9eBglO3PATEJ/BUJA7kUIxQIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPin5sDh9+Jv3+q++7DsLLdCbQXiMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvMS1LZm13T0gzNG1fZjZyNzdzT3dzdDBKdEJlSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjAvOTQ4OGM3LTg0OWMtNGZmMS1hYjRjLWFlOTI4M2U3OTY0
ZS8xL1NtMG9GMGtkMHMwR2VBYU9OYW52eG9abjN3SS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCoQRkYA
0DANBgkqhkiG9w0BAQsFAAOCAQEAD9jFXJXW7J1ecPmm/4ODCDVhJuHFWQ6yOknE
RdmYHbecpG7kANsR3c7s85EORkxcIwHgvLV3sK5QVezoKgZ34e66/J+RzQXTFmmy
9x/880MWPijSSyzuOf2XYx+/NvIRwy8qhOIIVeDdeAsT8LTRRszDaXVmnIhr5BGG
QQxTT0LL0DmvBApwOc/kfTH+H6/JWFnkM3V9+Zy6C5AEuNPfMY4PTKFQnGNHVpnD
X8iBFuP2L7wVNb4b5EoygB86vG1oZLZwGfPz2Bf4PzjGftkp+i1lGYAUvjtLc2pk
8ty4622OEViXySENSEMzMmZKSglgLxD+6M5FNWfttzPD8D4uFg==
-----END CERTIFICATE-----