Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/CGMKrr-9pJqvibnkiMXlSivX5hc.roa
File:                     CGMKrr-9pJqvibnkiMXlSivX5hc.roa (raw, json)
Hash identifier:          IpwIdzCTUn4rhslz51MxO8Wfuc8jdM4cyGlfXRdV0u4=
Subject key identifier:   08:63:0A:AE:BF:BD:A4:9A:AF:89:B9:E4:88:C5:E5:4A:2B:D7:E6:17
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018CC49371D8CB4C20BFAB8D69F3AECB079A
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/CGMKrr-9pJqvibnkiMXlSivX5hc.roa
Signing time:             Mon 01 Jan 2024 10:30:46 +0000
ROA not before:           Mon 01 Jan 2024 10:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216117
IP address blocks:        2a10:4646:122::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:71:d8:cb:4c:20:bf:ab:8d:69:f3:ae:cb:07:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  1 10:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08630aaebfbda49aaf89b9e488c5e54a2bd7e617
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:73:09:a1:7c:1d:c0:fe:2e:97:ea:3f:44:b4:
                    84:06:4d:93:5c:77:57:00:b1:d6:c2:c6:82:c8:ab:
                    b7:0e:c8:7c:eb:55:5c:58:21:7b:ea:54:68:cb:48:
                    4a:92:71:31:18:f4:e4:e5:8a:4b:02:b9:77:c3:e4:
                    43:67:89:8f:27:76:68:36:00:75:84:67:fc:fa:26:
                    7d:f9:ef:b8:89:8c:a1:a4:68:97:de:a4:a9:c1:cb:
                    1f:60:1e:03:83:ed:01:6c:a2:d5:42:f9:16:c9:3c:
                    8f:9d:73:32:ca:9f:f7:a6:3e:da:23:0e:c5:c1:9b:
                    c7:48:37:d4:f0:ac:9e:ba:1d:60:ba:55:c9:0a:a5:
                    bc:48:1d:0e:e7:a4:59:bc:60:12:ec:36:d4:73:cf:
                    d4:64:7a:eb:e5:7a:3a:9e:e2:ac:fd:b9:34:dc:25:
                    e1:7b:ef:7a:bc:03:c2:2c:5d:67:1a:af:2c:4d:37:
                    67:78:82:5a:f2:95:e7:8d:d8:73:fe:1f:eb:10:d0:
                    92:a0:16:f9:e2:98:11:37:f1:16:5f:44:cd:11:71:
                    c8:9e:8c:d8:5b:e1:41:e0:70:8a:b2:58:a2:dc:0b:
                    f0:26:bc:88:3d:5b:c5:51:73:27:22:a7:e1:47:ed:
                    35:72:46:b7:8a:73:e2:08:24:d3:3e:09:18:be:0c:
                    8e:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:63:0A:AE:BF:BD:A4:9A:AF:89:B9:E4:88:C5:E5:4A:2B:D7:E6:17
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/CGMKrr-9pJqvibnkiMXlSivX5hc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:122::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:dd:ef:a3:e8:71:95:6b:7e:ee:bc:d3:2c:89:e4:41:d9:7f:
         9e:e9:b5:1f:65:b8:4f:86:33:a6:7c:70:7d:2d:c3:3b:f2:a3:
         3c:be:5d:40:45:8b:ba:1f:7a:b5:16:d9:f2:a4:e8:c3:86:3c:
         42:df:b9:13:b9:87:01:79:6b:31:2f:36:aa:4a:d7:f0:4e:34:
         53:4e:bd:99:1f:8c:11:9b:0c:96:1f:84:a8:f1:5b:c2:7f:fc:
         c4:67:1f:63:ae:26:f7:a7:ee:ef:cb:54:5e:4d:58:01:34:6c:
         f1:c1:65:50:2a:6b:04:54:95:21:56:d1:2f:98:08:6d:c3:4b:
         60:c8:9c:da:a4:89:51:2d:d4:a5:de:ef:ca:a6:37:cc:d8:3d:
         5c:04:67:48:46:9c:a0:96:bc:1a:19:29:c2:6e:57:3d:6f:5f:
         50:0f:30:5a:62:5b:ff:99:79:cb:7b:29:de:75:16:04:b8:41:
         4c:8d:c4:33:6d:9a:de:ca:dd:ae:21:04:c7:9f:4f:de:d6:69:
         b3:7d:c9:ca:e2:f9:6e:05:80:4e:93:44:17:b7:0f:1d:b5:87:
         fb:30:c3:93:81:da:5b:12:8d:55:f3:13:20:8c:87:87:34:81:
         6c:ee:ab:44:a0:35:43:b9:11:ff:3c:75:1f:86:14:cd:4b:f9:
         73:32:d3:48
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk3HYy0wgv6uNafOuyweaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTAxMTAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODYzMGFhZWJmYmRhNDlhYWY4OWI5ZTQ4OGM1ZTU0YTJiZDdlNjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3MJoXwdwP4ul+o/RLSEBk2TXHdX
ALHWwsaCyKu3Dsh861VcWCF76lRoy0hKknExGPTk5YpLArl3w+RDZ4mPJ3ZoNgB1
hGf8+iZ9+e+4iYyhpGiX3qSpwcsfYB4Dg+0BbKLVQvkWyTyPnXMyyp/3pj7aIw7F
wZvHSDfU8Kyeuh1gulXJCqW8SB0O56RZvGAS7DbUc8/UZHrr5Xo6nuKs/bk03CXh
e+96vAPCLF1nGq8sTTdneIJa8pXnjdhz/h/rENCSoBb54pgRN/EWX0TNEXHInozY
W+FB4HCKslii3AvwJryIPVvFUXMnIqfhR+01cka3inPiCCTTPgkYvgyOpQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAhjCq6/vaSar4m55IjF5Uor1+YXMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvQ0dNS3JyLTlwSnF2aWJua2lNWGxTaXZYNWhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhBGRgEi
MA0GCSqGSIb3DQEBCwUAA4IBAQCI3e+j6HGVa37uvNMsieRB2X+e6bUfZbhPhjOm
fHB9LcM78qM8vl1ARYu6H3q1FtnypOjDhjxC37kTuYcBeWsxLzaqStfwTjRTTr2Z
H4wRmwyWH4So8VvCf/zEZx9jrib3p+7vy1ReTVgBNGzxwWVQKmsEVJUhVtEvmAht
w0tgyJzapIlRLdSl3u/KpjfM2D1cBGdIRpyglrwaGSnCblc9b19QDzBaYlv/mXnL
eynedRYEuEFMjcQzbZreyt2uIQTHn0/e1mmzfcnK4vluBYBOk0QXtw8dtYf7MMOT
gdpbEo1V8xMgjIeHNIFs7qtEoDVDuRH/PHUfhhTNS/lzMtNI
-----END CERTIFICATE-----