Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/8a71cCqeSx4PqeZLOvLBT3JuaDo.roa
File:                     8a71cCqeSx4PqeZLOvLBT3JuaDo.roa (raw, json)
Hash identifier:          ydeePUSX4l/d7logQzvr+grLW0agC761zY5KZdoRgMs=
Subject key identifier:   F1:AE:F5:70:2A:9E:4B:1E:0F:A9:E6:4B:3A:F2:C1:4F:72:6E:68:3A
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018F960D4ABA7DF662813032A675E8DD16D1
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/8a71cCqeSx4PqeZLOvLBT3JuaDo.roa
Signing time:             Mon 20 May 2024 12:50:04 +0000
ROA not before:           Mon 20 May 2024 12:50:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200063
IP address blocks:        2a10:4646:290::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:96:0d:4a:ba:7d:f6:62:81:30:32:a6:75:e8:dd:16:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: May 20 12:50:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1aef5702a9e4b1e0fa9e64b3af2c14f726e683a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:be:a5:e7:96:d3:04:a9:84:34:da:cf:35:19:
                    ba:f2:45:f4:8b:b5:f9:49:38:c3:cd:ee:31:d8:e6:
                    94:ac:8d:3e:26:2f:0d:00:72:c5:50:f2:29:4d:52:
                    ba:68:ec:12:08:46:65:99:f1:50:f1:de:86:66:41:
                    99:35:8f:c4:ec:34:ab:15:80:5f:8e:28:56:cd:45:
                    d0:01:af:e2:09:f6:af:34:ce:52:38:19:04:67:07:
                    0c:91:08:e2:67:2a:5d:e8:1c:1d:c3:7f:79:a5:6e:
                    d9:6f:56:db:bd:8d:b3:87:a8:81:b9:2d:5b:94:d5:
                    f6:8a:86:13:89:69:a4:f7:45:1e:96:05:b5:72:d0:
                    22:f7:df:46:1c:f3:4d:6c:7a:b1:9c:c1:32:07:99:
                    e8:b7:d7:12:4d:a8:06:80:d3:90:9b:2f:a9:02:1b:
                    f3:09:79:2a:5d:ae:41:53:bf:72:73:bf:cd:31:ed:
                    4e:1a:93:b0:d0:42:57:61:a5:fe:09:f0:01:6c:c4:
                    3a:ef:89:56:d2:fc:03:54:49:77:bb:89:64:c2:66:
                    84:3f:3d:94:da:5c:6e:51:f9:1d:4d:dd:9c:be:e1:
                    c2:ff:ce:e0:09:2d:6a:1d:5e:d6:0c:f4:25:b2:8c:
                    47:62:59:f9:eb:14:63:6f:b9:84:1f:d1:99:92:47:
                    99:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:AE:F5:70:2A:9E:4B:1E:0F:A9:E6:4B:3A:F2:C1:4F:72:6E:68:3A
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/8a71cCqeSx4PqeZLOvLBT3JuaDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:290::/44

    Signature Algorithm: sha256WithRSAEncryption
         b0:aa:a4:e6:a3:c2:15:58:73:72:53:a4:42:21:0a:81:84:ec:
         d0:fa:54:30:8d:a1:da:0e:b2:7e:e3:e1:cf:34:20:83:50:b8:
         47:75:f6:6c:9b:4d:7d:b7:de:09:41:b1:aa:c8:bc:4d:25:45:
         85:d8:70:d9:64:1d:9f:ad:31:03:1b:30:17:58:79:c4:c4:63:
         3f:3d:b1:f6:ac:5d:10:7f:11:d9:7e:33:a3:3f:12:77:e7:e1:
         74:e7:99:2b:73:ac:f1:e0:44:da:82:e4:22:11:6e:6e:3d:42:
         ed:3a:51:1b:b5:c0:45:14:0f:57:63:b3:a3:79:d1:54:63:bc:
         fa:52:c0:59:45:f5:e8:8d:a9:d6:07:d7:2e:cd:fb:dd:03:6b:
         ce:fe:03:9c:2f:8a:0a:9c:6d:bd:e5:a8:be:79:3c:39:f8:1c:
         df:0b:81:67:cc:35:35:7c:94:ed:cb:42:09:44:70:f7:ce:5f:
         ef:a5:5e:14:8e:d1:9d:e8:00:bc:89:84:30:a9:5d:0d:73:6a:
         d4:02:ce:67:42:da:f0:89:e1:63:20:78:9a:e4:6d:94:0c:f6:
         ff:6a:ff:3e:b4:19:ba:d6:cf:e9:bb:b5:0f:ed:5d:44:27:a2:
         df:49:76:ab:66:cb:73:fb:2f:be:e5:cd:34:06:87:dd:40:63:
         c8:13:84:14
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY+WDUq6ffZigTAypnXo3RbRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwNTIwMTI1MDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWFlZjU3MDJhOWU0YjFlMGZhOWU2NGIzYWYyYzE0ZjcyNmU2ODNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwr6l55bTBKmENNrPNRm68kX0i7X5
STjDze4x2OaUrI0+Ji8NAHLFUPIpTVK6aOwSCEZlmfFQ8d6GZkGZNY/E7DSrFYBf
jihWzUXQAa/iCfavNM5SOBkEZwcMkQjiZypd6Bwdw395pW7Zb1bbvY2zh6iBuS1b
lNX2ioYTiWmk90UelgW1ctAi999GHPNNbHqxnMEyB5not9cSTagGgNOQmy+pAhvz
CXkqXa5BU79yc7/NMe1OGpOw0EJXYaX+CfABbMQ674lW0vwDVEl3u4lkwmaEPz2U
2lxuUfkdTd2cvuHC/87gCS1qHV7WDPQlsoxHYln56xRjb7mEH9GZkkeZawIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPGu9XAqnkseD6nmSzrywU9ybmg6MB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvOGE3MWNDcWVTeDRQcWVaTE92TEJUM0p1YURvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgKQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCwqqTmo8IVWHNyU6RCIQqBhOzQ+lQwjaHaDrJ+
4+HPNCCDULhHdfZsm019t94JQbGqyLxNJUWF2HDZZB2frTEDGzAXWHnExGM/PbH2
rF0QfxHZfjOjPxJ35+F055krc6zx4ETaguQiEW5uPULtOlEbtcBFFA9XY7OjedFU
Y7z6UsBZRfXojanWB9cuzfvdA2vO/gOcL4oKnG295ai+eTw5+BzfC4FnzDU1fJTt
y0IJRHD3zl/vpV4UjtGd6AC8iYQwqV0Nc2rUAs5nQtrwieFjIHia5G2UDPb/av8+
tBm61s/pu7UP7V1EJ6LfSXarZstz+y++5c00BofdQGPIE4QU
-----END CERTIFICATE-----