Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/AG0ztBsDYIpjZd1wDVx3mJpSxwI.roa
File:                     AG0ztBsDYIpjZd1wDVx3mJpSxwI.roa (raw, json)
Hash identifier:          QXsML13qLnPhhV8OyZ5/ccL0b6xtx+LDbWUFhWILKnw=
Subject key identifier:   00:6D:33:B4:1B:03:60:8A:63:65:DD:70:0D:5C:77:98:9A:52:C7:02
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018CC493675261F9C5911780D33D94580A43
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/AG0ztBsDYIpjZd1wDVx3mJpSxwI.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52073
IP address blocks:        2a10:4646:120::/44 maxlen: 48
                          2a10:4646:120::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:67:52:61:f9:c5:91:17:80:d3:3d:94:58:0a:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=006d33b41b03608a6365dd700d5c77989a52c702
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:9b:55:8d:99:ae:b4:97:10:48:0a:98:f8:62:
                    2c:27:e1:44:73:3d:d4:a0:fe:e9:97:70:9d:21:48:
                    7c:e3:d5:7e:36:8f:86:16:aa:0f:0c:87:e7:ee:88:
                    13:2b:18:63:d6:ff:4f:ce:29:0b:a2:00:e9:12:bf:
                    24:b4:24:9e:a0:62:47:08:4b:ec:8b:28:c0:d4:5b:
                    d2:a2:92:88:33:f1:06:c7:3b:ec:f8:c3:f4:e1:4c:
                    b9:1e:81:07:e9:d8:ec:a4:ee:43:d4:31:44:7d:4f:
                    c1:b4:08:5e:2d:81:5d:dc:4f:40:e9:55:25:b9:74:
                    c0:17:94:72:4f:48:31:ed:86:e8:a3:1b:7f:6d:87:
                    87:7d:17:88:38:e2:55:b0:4e:24:f1:ef:8f:4a:2e:
                    bf:23:47:e8:8c:6b:13:58:9f:85:dc:07:70:e9:61:
                    3a:9e:7d:eb:df:b2:d1:3e:c6:d9:15:67:ea:05:a1:
                    14:d7:89:35:61:b5:c0:28:27:37:a2:02:24:3d:fd:
                    a9:2e:8e:25:77:98:64:d6:ae:82:26:0d:be:8d:67:
                    9d:1b:4d:35:fd:d3:30:51:ac:10:0f:15:ed:7f:0d:
                    da:82:7c:03:e6:bd:95:a9:fd:d2:b1:b0:da:2a:43:
                    a6:3b:d5:2d:de:c2:96:f5:96:4a:b6:b3:c4:4b:44:
                    1c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:6D:33:B4:1B:03:60:8A:63:65:DD:70:0D:5C:77:98:9A:52:C7:02
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/AG0ztBsDYIpjZd1wDVx3mJpSxwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:120::/44

    Signature Algorithm: sha256WithRSAEncryption
         bc:81:36:3b:ff:65:61:ed:a5:7b:94:de:d3:2f:1d:94:25:98:
         e6:f4:10:81:fa:a2:2b:3d:c0:27:d7:b2:08:5f:ab:72:bc:a5:
         63:2b:d1:05:97:9c:2a:65:26:c2:70:e3:f6:d9:4d:83:92:71:
         b7:0b:f9:17:bf:0e:b1:63:2c:d1:a3:fe:b2:9f:77:6d:ee:8b:
         9f:31:a5:58:21:82:48:8d:79:ec:ec:76:3c:e2:af:a7:27:8a:
         f9:fa:41:16:a5:cf:42:0e:7d:60:25:5b:d0:cf:47:19:ba:a6:
         df:91:3e:5d:a8:0d:e3:a0:6a:95:4f:d0:10:b3:0a:4c:cf:42:
         18:c6:56:ed:79:b2:92:32:4a:f0:70:ac:e5:72:e1:66:85:61:
         68:8a:7e:13:a5:76:8b:03:dc:b0:00:9a:9f:88:d1:43:fc:bc:
         b7:99:3d:12:7a:e3:38:48:a2:86:13:63:c5:5c:3f:e7:64:82:
         7b:18:a4:0c:eb:86:6e:bd:a1:4d:f2:ad:d0:53:c3:87:be:70:
         d9:88:11:27:82:13:11:28:45:0c:dd:af:e3:27:cb:c2:f4:76:
         2c:23:04:73:70:c6:0c:b8:6e:a9:a5:15:ab:c3:60:8a:2b:45:
         7e:7a:cc:6a:a6:9f:da:d6:31:da:1a:9e:45:50:13:bb:36:c4:
         5a:39:ca:a2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk2dSYfnFkReA0z2UWApDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDZkMzNiNDFiMDM2MDhhNjM2NWRkNzAwZDVjNzc5ODlhNTJjNzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZtVjZmutJcQSAqY+GIsJ+FEcz3U
oP7pl3CdIUh849V+No+GFqoPDIfn7ogTKxhj1v9PzikLogDpEr8ktCSeoGJHCEvs
iyjA1FvSopKIM/EGxzvs+MP04Uy5HoEH6djspO5D1DFEfU/BtAheLYFd3E9A6VUl
uXTAF5RyT0gx7Ybooxt/bYeHfReIOOJVsE4k8e+PSi6/I0fojGsTWJ+F3Adw6WE6
nn3r37LRPsbZFWfqBaEU14k1YbXAKCc3ogIkPf2pLo4ld5hk1q6CJg2+jWedG001
/dMwUawQDxXtfw3agnwD5r2Vqf3SsbDaKkOmO9Ut3sKW9ZZKtrPES0QcDQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFABtM7QbA2CKY2XdcA1cd5iaUscCMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvQUcwenRCc0RZSXBqWmQxd0RWeDNtSnBTeHdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgEg
MA0GCSqGSIb3DQEBCwUAA4IBAQC8gTY7/2Vh7aV7lN7TLx2UJZjm9BCB+qIrPcAn
17IIX6tyvKVjK9EFl5wqZSbCcOP22U2DknG3C/kXvw6xYyzRo/6yn3dt7oufMaVY
IYJIjXns7HY84q+nJ4r5+kEWpc9CDn1gJVvQz0cZuqbfkT5dqA3joGqVT9AQswpM
z0IYxlbtebKSMkrwcKzlcuFmhWFoin4TpXaLA9ywAJqfiNFD/Ly3mT0SeuM4SKKG
E2PFXD/nZIJ7GKQM64ZuvaFN8q3QU8OHvnDZiBEnghMRKEUM3a/jJ8vC9HYsIwRz
cMYMuG6ppRWrw2CKK0V+esxqpp/a1jHaGp5FUBO7NsRaOcqi
-----END CERTIFICATE-----