Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/17SfWE-obcFtFEDHZrtdKCw8vZk.roa
File:                     17SfWE-obcFtFEDHZrtdKCw8vZk.roa (raw, json)
Hash identifier:          OMy8FnKUI49Rx5Kahlca5iqrV8Wc3pnfpFF9NN65e/s=
Subject key identifier:   D7:B4:9F:58:4F:A8:6D:C1:6D:14:40:C7:66:BB:5D:28:2C:3C:BD:99
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018CC4936B20F689B6FFE13FA2B964B1733F
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/17SfWE-obcFtFEDHZrtdKCw8vZk.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201480
IP address blocks:        2a10:4646:250::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6b:20:f6:89:b6:ff:e1:3f:a2:b9:64:b1:73:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7b49f584fa86dc16d1440c766bb5d282c3cbd99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:3c:eb:fb:36:9e:c2:5a:00:7e:39:b3:17:ae:
                    1f:6f:92:f4:57:95:e7:93:74:62:1c:9c:64:63:27:
                    41:4b:af:66:3f:c0:89:7a:b1:9e:af:52:a1:64:12:
                    bb:04:15:f4:d3:57:62:7a:0e:31:75:6b:cf:9f:bc:
                    8c:9b:08:62:54:57:22:cf:01:a6:b7:1e:1b:ad:9f:
                    bb:dd:1c:69:91:51:1a:af:80:6b:18:46:38:2b:46:
                    6f:58:53:56:ff:a5:da:49:26:42:24:d0:05:45:8b:
                    51:ea:0a:51:5f:db:28:4b:cd:5f:5c:15:be:ba:a0:
                    64:ce:e2:53:ba:54:35:81:2f:23:ef:4f:ef:79:c4:
                    e1:ac:57:30:f3:c2:7c:58:e7:8e:03:7d:4a:22:bf:
                    20:4a:a4:f0:0c:fd:32:cf:a1:a4:07:22:92:44:55:
                    20:a7:fd:e7:48:bc:bb:04:b2:2b:42:43:8c:53:e9:
                    35:48:e5:8f:1b:f9:bb:80:2f:e5:d6:e3:3b:65:bc:
                    da:5d:ce:03:50:7b:aa:d4:2e:18:3a:44:dd:73:95:
                    25:6b:ed:34:b3:b9:b0:b5:26:4b:27:48:db:83:33:
                    e5:6c:76:4c:a8:ff:7d:23:a0:c4:24:66:ec:0d:dd:
                    21:29:b3:6d:6c:b9:27:12:2f:24:c8:55:db:94:e4:
                    9c:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:B4:9F:58:4F:A8:6D:C1:6D:14:40:C7:66:BB:5D:28:2C:3C:BD:99
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/17SfWE-obcFtFEDHZrtdKCw8vZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:250::/44

    Signature Algorithm: sha256WithRSAEncryption
         3e:aa:ae:4c:42:d4:06:78:6a:51:13:15:d1:b3:68:c8:12:f7:
         66:f5:d9:01:15:ba:23:95:3e:d6:d0:6a:24:c0:6a:ec:e6:82:
         66:e6:97:8f:ba:7c:b9:3b:ea:0d:18:b6:47:a6:3a:d2:2f:02:
         df:9a:11:0c:61:e7:cc:32:3a:14:4f:5b:b8:2f:07:a0:2d:36:
         a1:66:0b:b3:6b:bc:ec:a0:2d:42:d2:db:dd:2b:fc:66:ed:a8:
         e6:cb:8d:56:5c:d6:cf:27:f6:7b:4b:16:41:4b:38:38:88:7a:
         ca:e7:31:cc:8f:af:0f:b9:89:7e:6e:c2:1f:24:97:a1:13:46:
         b0:3d:fc:f8:41:26:74:76:52:2d:5a:8a:01:d0:77:12:fe:9e:
         e2:f1:76:03:a7:d6:4d:fe:a1:b4:97:1e:b7:2b:c3:d6:8f:eb:
         3b:78:0c:d9:6f:cb:d4:b9:af:a3:b7:73:fe:d6:27:25:7f:06:
         83:f4:fe:01:96:0f:fe:84:0a:aa:da:52:e6:4c:ef:7b:78:f4:
         94:98:8d:0e:c6:14:d5:fc:d9:15:bf:c4:8f:da:ba:c5:97:46:
         ff:48:4a:ce:5a:ea:4b:e7:b9:0f:a8:b5:26:4b:d6:94:65:e1:
         42:46:3e:ea:90:9d:5d:12:f4:aa:23:4c:db:23:4b:63:78:3a:
         0d:5f:1b:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk2sg9om2/+E/orlksXM/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2I0OWY1ODRmYTg2ZGMxNmQxNDQwYzc2NmJiNWQyODJjM2NiZDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzzr+zaewloAfjmzF64fb5L0V5Xn
k3RiHJxkYydBS69mP8CJerGer1KhZBK7BBX001dieg4xdWvPn7yMmwhiVFcizwGm
tx4brZ+73RxpkVEar4BrGEY4K0ZvWFNW/6XaSSZCJNAFRYtR6gpRX9soS81fXBW+
uqBkzuJTulQ1gS8j70/vecThrFcw88J8WOeOA31KIr8gSqTwDP0yz6GkByKSRFUg
p/3nSLy7BLIrQkOMU+k1SOWPG/m7gC/l1uM7ZbzaXc4DUHuq1C4YOkTdc5Ula+00
s7mwtSZLJ0jbgzPlbHZMqP99I6DEJGbsDd0hKbNtbLknEi8kyFXblOScuwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNe0n1hPqG3BbRRAx2a7XSgsPL2ZMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvMTdTZldFLW9iY0Z0RkVESFpydGRLQ3c4dlprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgJQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA+qq5MQtQGeGpRExXRs2jIEvdm9dkBFbojlT7W
0GokwGrs5oJm5pePuny5O+oNGLZHpjrSLwLfmhEMYefMMjoUT1u4LwegLTahZguz
a7zsoC1C0tvdK/xm7ajmy41WXNbPJ/Z7SxZBSzg4iHrK5zHMj68PuYl+bsIfJJeh
E0awPfz4QSZ0dlItWooB0HcS/p7i8XYDp9ZN/qG0lx63K8PWj+s7eAzZb8vUua+j
t3P+1iclfwaD9P4Blg/+hAqq2lLmTO97ePSUmI0OxhTV/NkVv8SP2rrFl0b/SErO
WupL57kPqLUmS9aUZeFCRj7qkJ1dEvSqI0zbI0tjeDoNXxvv
-----END CERTIFICATE-----