Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/7bxgZXoMAXCGiquO-EVVIWl3j8k.roa
File:                     7bxgZXoMAXCGiquO-EVVIWl3j8k.roa (raw, json)
Hash identifier:          cyIEl1FogKobN6k3GL5LYhZtuNOSsiH8NSpfQ+oICMk=
Subject key identifier:   ED:BC:60:65:7A:0C:01:70:86:8A:AB:8E:F8:45:55:21:69:77:8F:C9
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018CC4936C57FABC2D9CDFA1F07653E38CF0
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/7bxgZXoMAXCGiquO-EVVIWl3j8k.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206569
IP address blocks:        2a10:4646:1a0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6c:57:fa:bc:2d:9c:df:a1:f0:76:53:e3:8c:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=edbc60657a0c0170868aab8ef845552169778fc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:9d:c8:f9:0a:ae:98:5e:13:44:b6:6c:da:d8:
                    d4:7b:40:19:05:89:6e:99:30:eb:f3:cc:a4:1b:80:
                    df:e0:aa:bf:60:c9:44:bb:3e:86:13:85:87:06:4c:
                    a0:69:0b:0d:12:a4:c1:db:c9:ab:b4:88:00:f4:00:
                    97:12:97:d0:b6:08:f7:20:a6:f0:50:af:38:4a:fd:
                    94:03:a6:3e:d2:f0:be:4f:3c:27:7c:05:29:33:57:
                    06:6c:40:96:66:3a:0e:93:be:13:fb:31:b2:5d:49:
                    08:c8:20:18:77:c4:8c:a7:58:a0:ef:37:12:7b:a4:
                    2d:f5:b0:0c:e4:50:cf:83:0e:d0:60:5b:bd:f0:5f:
                    5c:11:22:b4:b3:2e:fd:6d:17:6f:3c:34:9d:ce:c0:
                    63:bf:b4:00:92:09:cf:00:32:cc:ed:b0:a8:7e:c7:
                    69:34:a4:20:d7:90:d5:86:0c:73:7d:98:31:48:38:
                    85:71:3b:4c:35:6e:45:72:f5:63:be:2f:51:93:d2:
                    87:09:00:2d:90:b6:7c:2b:e8:34:f1:c6:d1:ae:ce:
                    1c:b3:50:24:43:7c:75:c4:9c:76:86:9f:65:fb:a5:
                    0a:41:cd:b0:66:8c:a3:18:58:0b:cc:af:ef:42:26:
                    5b:1f:43:a3:41:39:9b:5a:5b:df:2c:35:31:d2:4f:
                    2e:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:BC:60:65:7A:0C:01:70:86:8A:AB:8E:F8:45:55:21:69:77:8F:C9
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/7bxgZXoMAXCGiquO-EVVIWl3j8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:1a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         45:3f:e7:aa:13:9a:c9:f0:c7:ec:c4:a6:42:b6:7b:72:ba:49:
         9d:0c:95:32:ca:39:79:0d:a0:3f:6d:6d:f0:f9:b8:8d:1a:c6:
         1c:2a:f1:aa:27:f6:50:12:43:50:3c:c9:18:a8:24:8f:70:17:
         73:43:6b:59:88:f8:4e:9d:42:61:64:0e:db:d1:b6:36:19:71:
         31:4d:bf:2f:17:bd:bf:3c:e8:1d:03:6e:3f:2c:b6:91:51:92:
         22:41:61:4b:5a:5e:7d:d7:b2:f0:9e:89:94:7c:b9:a5:80:93:
         4b:ea:a1:35:48:a2:2e:d4:b1:3a:3f:19:1f:b1:32:a2:a3:4c:
         e0:ce:5e:6e:89:a6:2f:69:31:42:73:bb:f6:66:a7:89:48:90:
         86:94:de:5d:c3:39:f7:37:c6:74:84:c6:dc:40:76:a5:36:70:
         9a:22:6d:34:49:fd:d8:61:e1:17:40:ed:3a:2b:cd:08:c2:26:
         a0:61:96:77:22:3e:84:25:0a:8a:37:a4:0e:c4:e0:ef:cd:24:
         a1:97:9c:8e:61:9a:fb:27:0e:36:8d:fa:12:e5:7c:6d:b9:6b:
         5c:e2:3e:99:f5:69:61:ab:e7:32:7f:12:4c:5f:65:57:30:ad:
         d5:0b:58:5a:06:78:be:2c:20:d9:79:42:5c:ff:81:35:20:61:
         7b:a0:b3:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk2xX+rwtnN+h8HZT44zwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGJjNjA2NTdhMGMwMTcwODY4YWFiOGVmODQ1NTUyMTY5Nzc4ZmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsp3I+QqumF4TRLZs2tjUe0AZBYlu
mTDr88ykG4Df4Kq/YMlEuz6GE4WHBkygaQsNEqTB28mrtIgA9ACXEpfQtgj3IKbw
UK84Sv2UA6Y+0vC+TzwnfAUpM1cGbECWZjoOk74T+zGyXUkIyCAYd8SMp1ig7zcS
e6Qt9bAM5FDPgw7QYFu98F9cESK0sy79bRdvPDSdzsBjv7QAkgnPADLM7bCofsdp
NKQg15DVhgxzfZgxSDiFcTtMNW5FcvVjvi9Rk9KHCQAtkLZ8K+g08cbRrs4cs1Ak
Q3x1xJx2hp9l+6UKQc2wZoyjGFgLzK/vQiZbH0OjQTmbWlvfLDUx0k8u3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO28YGV6DAFwhoqrjvhFVSFpd4/JMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvN2J4Z1pYb01BWENHaXF1Ty1FVlZJV2wzajhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgGg
MA0GCSqGSIb3DQEBCwUAA4IBAQBFP+eqE5rJ8MfsxKZCtntyukmdDJUyyjl5DaA/
bW3w+biNGsYcKvGqJ/ZQEkNQPMkYqCSPcBdzQ2tZiPhOnUJhZA7b0bY2GXExTb8v
F72/POgdA24/LLaRUZIiQWFLWl5917LwnomUfLmlgJNL6qE1SKIu1LE6PxkfsTKi
o0zgzl5uiaYvaTFCc7v2ZqeJSJCGlN5dwzn3N8Z0hMbcQHalNnCaIm00Sf3YYeEX
QO06K80IwiagYZZ3Ij6EJQqKN6QOxODvzSShl5yOYZr7Jw42jfoS5XxtuWtc4j6Z
9Wlhq+cyfxJMX2VXMK3VC1haBni+LCDZeUJc/4E1IGF7oLNM
-----END CERTIFICATE-----