Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/8-TsSbIDkbqrxYzwLynjab917bE.roa
File:                     8-TsSbIDkbqrxYzwLynjab917bE.roa (raw, json)
Hash identifier:          VW6Ql7WuMcy1i/pGQ1o78RhPVAcyj6Btwxf0/TtNkfg=
Subject key identifier:   F3:E4:EC:49:B2:03:91:BA:AB:C5:8C:F0:2F:29:E3:69:BF:75:ED:B1
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018F3F088FEADB31AC6B29D4403DDAC316E2
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/8-TsSbIDkbqrxYzwLynjab917bE.roa
Signing time:             Fri 03 May 2024 15:17:56 +0000
ROA not before:           Fri 03 May 2024 15:17:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214986
IP address blocks:        2a10:4646:150::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3f:08:8f:ea:db:31:ac:6b:29:d4:40:3d:da:c3:16:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: May  3 15:17:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3e4ec49b20391baabc58cf02f29e369bf75edb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:cb:d9:28:91:8f:cf:82:77:55:02:08:6e:0e:
                    0a:37:ae:fc:a2:b8:20:59:f1:f2:75:cc:56:7a:f8:
                    9f:f4:cf:2d:53:61:05:65:01:29:ec:5d:7b:5c:bb:
                    6b:20:2a:85:e1:78:89:60:a1:5c:29:53:c9:ce:9e:
                    43:41:76:29:08:e2:60:c7:71:63:87:7d:3e:85:eb:
                    95:c6:83:55:cf:18:ba:83:43:15:5a:3d:81:e1:12:
                    b9:f2:a8:5f:05:f8:88:74:a2:c4:96:0b:07:e1:7b:
                    3a:35:02:f5:9e:a4:13:6f:7f:1c:83:f5:4f:e2:26:
                    92:5c:93:e7:7d:66:3a:92:16:db:92:c9:cf:6c:a2:
                    af:91:3f:38:07:cf:0d:06:e1:f2:5f:b2:2d:41:35:
                    32:7b:22:44:66:33:92:bd:64:2f:f4:5f:53:98:b8:
                    bb:41:08:23:57:9b:ee:bd:c1:eb:6a:b8:00:e9:f4:
                    7d:48:ba:7d:a1:6c:ad:40:84:4b:b8:b8:ad:5e:c8:
                    7e:22:5e:32:d9:f7:16:2b:92:5d:31:75:6b:4c:af:
                    cf:83:99:b9:9c:77:47:b1:de:4b:d4:09:cc:f1:29:
                    af:f8:9c:31:71:be:ff:dd:3c:21:19:fe:1a:63:06:
                    a6:2b:48:0d:b7:eb:16:b8:a8:b3:07:59:ad:fd:d7:
                    6d:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:E4:EC:49:B2:03:91:BA:AB:C5:8C:F0:2F:29:E3:69:BF:75:ED:B1
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/8-TsSbIDkbqrxYzwLynjab917bE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:150::/44

    Signature Algorithm: sha256WithRSAEncryption
         73:1d:1b:91:6a:8b:d3:cd:d6:1b:21:db:66:b6:e9:ab:34:aa:
         bb:2e:e2:2a:85:5c:33:17:64:c3:b2:73:23:22:5e:85:73:a7:
         ae:81:05:a1:2e:23:ac:39:81:a9:38:15:23:c0:53:a4:42:0b:
         55:0e:8b:64:99:e6:96:b3:6f:f6:29:64:c1:f9:ce:45:62:c9:
         74:0d:14:ca:27:2f:c8:2b:e9:d9:a5:bf:29:c7:22:43:ae:f5:
         3e:94:81:2a:72:6f:f7:d8:ef:03:1f:75:09:ef:2e:01:cc:d1:
         3f:f2:3b:c7:dd:92:64:22:14:ae:00:95:9f:a6:57:f2:39:71:
         3e:94:94:2f:b5:ce:7e:d4:96:7a:61:49:58:b7:82:37:0c:93:
         b3:b8:5b:b2:5a:a3:0b:b8:50:b8:56:7c:86:a0:6f:1e:1a:dd:
         59:f9:33:24:77:40:46:69:57:c9:c5:f1:ef:71:33:b6:ff:28:
         7a:7f:f4:84:fc:26:97:29:ad:53:64:76:72:8f:68:d4:c0:7c:
         11:c9:88:4b:0e:3d:09:dc:bd:d3:0d:2c:a3:81:58:47:ca:3e:
         19:20:55:aa:8d:4d:da:e9:dd:5c:df:e2:9a:33:37:13:bd:d7:
         55:c9:be:93:60:3a:2e:c9:85:43:01:ac:90:3a:8c:3d:81:82:
         48:35:66:86
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8/CI/q2zGsaynUQD3awxbiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwNTAzMTUxNzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2U0ZWM0OWIyMDM5MWJhYWJjNThjZjAyZjI5ZTM2OWJmNzVlZGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8vZKJGPz4J3VQIIbg4KN678orgg
WfHydcxWevif9M8tU2EFZQEp7F17XLtrICqF4XiJYKFcKVPJzp5DQXYpCOJgx3Fj
h30+heuVxoNVzxi6g0MVWj2B4RK58qhfBfiIdKLElgsH4Xs6NQL1nqQTb38cg/VP
4iaSXJPnfWY6khbbksnPbKKvkT84B88NBuHyX7ItQTUyeyJEZjOSvWQv9F9TmLi7
QQgjV5vuvcHrargA6fR9SLp9oWytQIRLuLitXsh+Il4y2fcWK5JdMXVrTK/Pg5m5
nHdHsd5L1AnM8Smv+Jwxcb7/3TwhGf4aYwamK0gNt+sWuKizB1mt/ddthwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPPk7EmyA5G6q8WM8C8p42m/de2xMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvOC1Uc1NiSURrYnFyeFl6d0x5bmphYjkxN2JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgFQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBzHRuRaovTzdYbIdtmtumrNKq7LuIqhVwzF2TD
snMjIl6Fc6eugQWhLiOsOYGpOBUjwFOkQgtVDotkmeaWs2/2KWTB+c5FYsl0DRTK
Jy/IK+nZpb8pxyJDrvU+lIEqcm/32O8DH3UJ7y4BzNE/8jvH3ZJkIhSuAJWfplfy
OXE+lJQvtc5+1JZ6YUlYt4I3DJOzuFuyWqMLuFC4VnyGoG8eGt1Z+TMkd0BGaVfJ
xfHvcTO2/yh6f/SE/CaXKa1TZHZyj2jUwHwRyYhLDj0J3L3TDSyjgVhHyj4ZIFWq
jU3a6d1c3+KaMzcTvddVyb6TYDouyYVDAayQOow9gYJINWaG
-----END CERTIFICATE-----