Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/2CfSzSYmKHStODoBho7RAOz1WI4.roa
File:                     2CfSzSYmKHStODoBho7RAOz1WI4.roa (raw, json)
Hash identifier:          k6zjRYI7pxNhgX4md3fIM0dYsjvy0XPvrI4OzjNs4CY=
Subject key identifier:   D8:27:D2:CD:26:26:28:74:AD:38:3A:01:86:8E:D1:00:EC:F5:58:8E
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018CC4936F239D0F6524FABCFE202E8FF481
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/2CfSzSYmKHStODoBho7RAOz1WI4.roa
Signing time:             Mon 01 Jan 2024 10:30:45 +0000
ROA not before:           Mon 01 Jan 2024 10:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211693
IP address blocks:        2a10:4646:b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 09:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6f:23:9d:0f:65:24:fa:bc:fe:20:2e:8f:f4:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  1 10:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d827d2cd26262874ad383a01868ed100ecf5588e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:61:46:66:02:e0:9b:77:fc:cd:11:af:6e:08:
                    b5:31:e8:c8:53:af:6d:1d:1a:13:64:7f:70:c1:eb:
                    9e:e6:21:19:c6:12:c6:5a:70:40:a8:5e:9a:ca:b2:
                    29:3a:40:92:ab:ea:11:89:ac:15:28:af:41:42:5a:
                    a7:dd:35:a9:a8:d6:a3:bb:a5:15:24:d2:e0:f4:e1:
                    95:71:ab:a8:3d:23:08:1d:2e:ef:12:eb:c7:4e:21:
                    10:7c:b2:d1:f3:08:1b:c7:95:df:11:84:32:43:c2:
                    bc:27:d1:9f:51:f2:07:02:a6:2d:86:ef:bd:b3:5f:
                    b5:78:39:0a:e9:d3:fa:94:5b:0f:fc:0c:34:54:4c:
                    32:ec:40:19:61:94:65:d8:ce:9e:42:30:da:2e:dd:
                    92:df:88:85:12:0d:91:d8:0b:ba:ce:7d:2f:e3:86:
                    c3:14:92:15:2b:a3:3d:92:48:44:30:cf:d0:48:30:
                    02:11:6f:7f:cb:bb:c7:0c:9d:1e:ff:77:bc:2d:75:
                    78:c5:40:95:92:9d:e1:19:2f:e0:04:79:60:56:5b:
                    e1:42:d5:f6:84:8b:e1:c7:2b:52:ac:dd:5c:c2:cf:
                    ea:06:98:0f:2c:61:83:78:35:b4:67:a7:cf:58:10:
                    c4:cc:a3:bc:41:62:a5:a6:31:06:1f:f4:4c:b8:03:
                    aa:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:27:D2:CD:26:26:28:74:AD:38:3A:01:86:8E:D1:00:EC:F5:58:8E
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/2CfSzSYmKHStODoBho7RAOz1WI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:b::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:5d:8a:8d:b5:ae:7e:c7:1b:e9:2e:09:4b:1f:e5:f1:8e:a2:
         02:be:52:c5:d0:d9:1f:11:08:56:a8:70:21:fb:4b:84:ed:c5:
         da:29:21:47:c8:8f:ee:27:9b:b2:9a:3e:7e:24:85:6e:c0:8e:
         71:cb:df:7d:03:35:95:fe:7d:80:61:87:98:de:a3:5c:52:7e:
         f3:e5:50:e2:67:d0:24:90:5c:8d:24:bd:6d:49:df:a2:2b:de:
         e5:9f:ad:23:47:57:ff:8a:44:66:4c:4b:0d:13:1a:a1:3f:ab:
         73:a1:2f:af:ca:5f:44:01:c9:e3:2a:4f:13:22:fd:59:47:5f:
         a7:72:2e:3a:cb:c7:fa:30:9b:a1:1f:29:9e:85:70:8a:0f:60:
         d9:b0:f8:6a:8a:44:6d:a8:46:2d:70:2c:d4:5b:b1:f4:7b:99:
         a0:a3:97:37:69:d4:6d:66:c3:f5:1b:42:be:4c:df:9f:f9:1c:
         83:28:0d:42:4e:24:dc:d0:4e:19:36:29:e4:4e:11:5a:b1:92:
         81:d4:19:3e:c2:ca:e0:87:f4:69:c5:6a:10:de:98:8d:58:b3:
         7d:40:bd:74:04:bd:5a:cd:77:ed:cd:4c:06:c9:d2:75:91:37:
         c9:f8:aa:68:0b:a7:8f:4e:d2:98:4c:65:7f:5c:c6:f3:dd:0f:
         32:75:e8:34
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk28jnQ9lJPq8/iAuj/SBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTAxMTAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODI3ZDJjZDI2MjYyODc0YWQzODNhMDE4NjhlZDEwMGVjZjU1ODhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3mFGZgLgm3f8zRGvbgi1MejIU69t
HRoTZH9wweue5iEZxhLGWnBAqF6ayrIpOkCSq+oRiawVKK9BQlqn3TWpqNaju6UV
JNLg9OGVcauoPSMIHS7vEuvHTiEQfLLR8wgbx5XfEYQyQ8K8J9GfUfIHAqYthu+9
s1+1eDkK6dP6lFsP/Aw0VEwy7EAZYZRl2M6eQjDaLt2S34iFEg2R2Au6zn0v44bD
FJIVK6M9kkhEMM/QSDACEW9/y7vHDJ0e/3e8LXV4xUCVkp3hGS/gBHlgVlvhQtX2
hIvhxytSrN1cws/qBpgPLGGDeDW0Z6fPWBDEzKO8QWKlpjEGH/RMuAOquwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNgn0s0mJih0rTg6AYaO0QDs9ViOMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvMkNmU3pTWW1LSFN0T0RvQmhvN1JBT3oxV0k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhBGRgAL
MA0GCSqGSIb3DQEBCwUAA4IBAQBtXYqNta5+xxvpLglLH+XxjqICvlLF0NkfEQhW
qHAh+0uE7cXaKSFHyI/uJ5uymj5+JIVuwI5xy999AzWV/n2AYYeY3qNcUn7z5VDi
Z9AkkFyNJL1tSd+iK97ln60jR1f/ikRmTEsNExqhP6tzoS+vyl9EAcnjKk8TIv1Z
R1+nci46y8f6MJuhHymehXCKD2DZsPhqikRtqEYtcCzUW7H0e5mgo5c3adRtZsP1
G0K+TN+f+RyDKA1CTiTc0E4ZNinkThFasZKB1Bk+wsrgh/RpxWoQ3piNWLN9QL10
BL1azXftzUwGydJ1kTfJ+KpoC6ePTtKYTGV/XMbz3Q8ydeg0
-----END CERTIFICATE-----