Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/2eiy-_16euZlcY312olF09W31s4.roa
File:                     2eiy-_16euZlcY312olF09W31s4.roa (raw, json)
Hash identifier:          IUh18w7P0P6a+lmEiR7StlwVEgGLtk0s4vBFZb7XO5A=
Subject key identifier:   D9:E8:B2:FB:FD:7A:7A:E6:65:71:8D:F5:DA:89:45:D3:D5:B7:D6:CE
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019427B556F00A07A8B7E6C376DA841FC07C
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/2eiy-_16euZlcY312olF09W31s4.roa
Signing time:             Thu 02 Jan 2025 15:49:43 +0000
ROA not before:           Thu 02 Jan 2025 15:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47400
IP address blocks:        2a10:4640:7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:56:f0:0a:07:a8:b7:e6:c3:76:da:84:1f:c0:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 15:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9e8b2fbfd7a7ae665718df5da8945d3d5b7d6ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:1f:1a:96:cf:0b:ac:23:8a:62:62:0f:50:bc:
                    7c:ff:10:09:fd:64:de:8d:b7:90:1b:55:6c:29:00:
                    3c:c2:ee:ec:d8:c1:dd:d7:af:0c:64:18:37:3f:58:
                    d6:4e:17:45:f9:90:ec:9d:05:51:b1:40:86:0e:21:
                    47:00:91:1b:1f:c2:b0:fd:c0:51:cb:63:c1:67:95:
                    e1:28:ab:88:b8:bd:89:d3:7d:ae:ae:b2:d4:ee:ba:
                    c6:e3:99:e3:87:03:5c:43:ee:fd:4b:19:78:20:65:
                    f8:e3:0e:e0:3c:cc:8d:da:de:4c:06:ff:e9:d7:ab:
                    79:5b:42:6d:50:fd:8a:76:21:6c:7c:5c:21:6c:8e:
                    c8:e9:b0:44:c8:66:83:02:97:62:83:9f:44:02:9d:
                    6c:d6:50:5f:d0:67:0c:0c:c6:e4:e0:77:0f:8c:99:
                    0f:1a:02:41:46:a5:e3:cb:82:cc:3a:28:9f:51:57:
                    58:a1:5c:f9:77:9b:f5:10:e2:bf:a2:01:e7:30:80:
                    2b:85:2b:b5:87:c9:76:ff:fe:b6:b0:d1:e2:a0:dc:
                    66:54:b4:53:b8:ba:68:2d:67:a9:25:74:41:52:3f:
                    18:c4:d4:c5:62:81:8e:73:d0:4e:d5:42:b7:d6:84:
                    c0:2e:8b:17:5a:83:6a:42:ae:02:bb:7a:35:96:7f:
                    ce:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:E8:B2:FB:FD:7A:7A:E6:65:71:8D:F5:DA:89:45:D3:D5:B7:D6:CE
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/2eiy-_16euZlcY312olF09W31s4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4640:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:9a:b7:10:e1:aa:f8:93:7d:29:35:bb:49:74:2a:e8:1a:dc:
         6b:a6:8a:af:ed:bb:f4:8a:ed:30:2d:15:23:58:6f:4a:4f:92:
         4a:45:b2:13:33:c3:88:0d:34:56:7b:90:7d:c9:8b:55:6b:1c:
         c1:bc:cc:8c:4b:87:78:43:f1:fd:78:b1:76:76:8e:ac:fa:60:
         fc:44:26:b0:5a:ab:d3:9b:2e:00:f3:01:c8:a3:a8:14:0d:19:
         49:64:15:0a:d6:6d:02:45:d4:81:2c:9b:33:0d:1e:05:25:58:
         69:9a:4b:81:cc:c8:6e:6d:e5:45:dc:22:2e:fa:01:e3:18:fb:
         fa:a1:ac:b8:55:4e:5c:2c:82:ab:49:fe:c0:67:8f:16:ef:4b:
         09:77:c9:5a:ea:0f:5f:9f:b0:4d:49:da:66:a6:a0:75:31:13:
         a0:c6:89:f6:8c:4e:fe:4a:db:42:a1:93:6f:27:49:e9:c2:14:
         62:8c:57:25:d8:45:1c:ba:e9:12:40:00:6b:a2:56:cd:f0:d6:
         f2:e6:81:84:9c:f2:85:a5:aa:0d:2f:95:07:4a:7e:81:ff:9b:
         e7:24:cf:e0:8c:e5:b8:aa:ab:25:28:c2:ee:f3:77:63:ff:72:
         47:17:f8:c6:6e:aa:1e:14:ab:bb:90:a7:f0:95:b8:8a:85:cb:
         ee:bf:5f:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntVbwCgeot+bDdtqEH8B8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjUwMTAyMTU0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWU4YjJmYmZkN2E3YWU2NjU3MThkZjVkYTg5NDVkM2Q1YjdkNmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7B8als8LrCOKYmIPULx8/xAJ/WTe
jbeQG1VsKQA8wu7s2MHd168MZBg3P1jWThdF+ZDsnQVRsUCGDiFHAJEbH8Kw/cBR
y2PBZ5XhKKuIuL2J032urrLU7rrG45njhwNcQ+79Sxl4IGX44w7gPMyN2t5MBv/p
16t5W0JtUP2KdiFsfFwhbI7I6bBEyGaDApdig59EAp1s1lBf0GcMDMbk4HcPjJkP
GgJBRqXjy4LMOiifUVdYoVz5d5v1EOK/ogHnMIArhSu1h8l2//62sNHioNxmVLRT
uLpoLWepJXRBUj8YxNTFYoGOc9BO1UK31oTALosXWoNqQq4Cu3o1ln/OTQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNnosvv9enrmZXGN9dqJRdPVt9bOMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvMmVpeS1fMTZldVpsY1kzMTJvbEYwOVczMXM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhBGQAAH
MA0GCSqGSIb3DQEBCwUAA4IBAQBomrcQ4ar4k30pNbtJdCroGtxrpoqv7bv0iu0w
LRUjWG9KT5JKRbITM8OIDTRWe5B9yYtVaxzBvMyMS4d4Q/H9eLF2do6s+mD8RCaw
WqvTmy4A8wHIo6gUDRlJZBUK1m0CRdSBLJszDR4FJVhpmkuBzMhubeVF3CIu+gHj
GPv6oay4VU5cLIKrSf7AZ48W70sJd8la6g9fn7BNSdpmpqB1MROgxon2jE7+SttC
oZNvJ0npwhRijFcl2EUcuukSQABrolbN8Nby5oGEnPKFpaoNL5UHSn6B/5vnJM/g
jOW4qqslKMLu83dj/3JHF/jGbqoeFKu7kKfwlbiKhcvuv18e
-----END CERTIFICATE-----