Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Hn10CM3uPwktWs1rGYS_ar5MN78.roa
File:                     Hn10CM3uPwktWs1rGYS_ar5MN78.roa (raw, json)
Hash identifier:          eKEO3PeIbcXbxz8OkiuDu1YqtwuSDeemwwsRkJL3OGE=
Subject key identifier:   1E:7D:74:08:CD:EE:3F:09:2D:5A:CD:6B:19:84:BF:6A:BE:4C:37:BF
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018CC4937296EC068CA63578D1F05E1C5DFE
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Hn10CM3uPwktWs1rGYS_ar5MN78.roa
Signing time:             Mon 01 Jan 2024 10:30:46 +0000
ROA not before:           Mon 01 Jan 2024 10:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216174
IP address blocks:        2a10:4646:3b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:72:96:ec:06:8c:a6:35:78:d1:f0:5e:1c:5d:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  1 10:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e7d7408cdee3f092d5acd6b1984bf6abe4c37bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:4e:7b:20:03:1c:50:c4:83:a9:94:35:66:36:
                    ea:57:62:9b:dc:4f:6e:83:3e:45:a6:87:89:bb:63:
                    eb:b4:82:b2:c0:6a:a2:c0:0a:52:8d:8c:2f:01:bd:
                    68:3c:da:18:b8:0e:4e:37:37:82:48:d1:60:ac:1e:
                    06:5c:e5:bc:ee:02:bc:fc:99:80:e9:e7:3b:b1:33:
                    9f:a1:b2:79:d1:a6:4f:4e:e0:cf:25:f8:5d:76:4f:
                    9e:00:b6:11:67:da:da:69:cc:7a:8f:2e:34:fe:ee:
                    55:ae:a4:ce:34:6e:ae:e5:81:0f:e9:ed:65:2b:bf:
                    6f:41:85:96:c4:08:e3:bb:e8:f0:68:bb:ed:59:0b:
                    e3:ac:96:1d:ef:e3:6d:df:4e:73:11:69:d5:c0:e3:
                    be:8b:be:b7:11:f2:f4:12:fd:c9:7e:0a:fe:b3:d2:
                    50:45:e5:b5:27:83:03:83:68:0e:f2:9a:5d:84:a2:
                    ae:fd:97:63:7e:af:41:ac:8f:1c:3c:1a:e1:86:c3:
                    2c:6b:b9:83:de:0b:45:ff:65:c2:a8:ea:21:d0:6c:
                    35:9d:92:c7:b6:74:48:f2:7a:79:48:36:a6:78:60:
                    81:77:98:b4:06:12:d6:ac:97:94:67:96:58:80:c4:
                    80:2b:3f:f6:f5:34:a7:68:4e:53:85:79:42:e5:66:
                    1f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:7D:74:08:CD:EE:3F:09:2D:5A:CD:6B:19:84:BF:6A:BE:4C:37:BF
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Hn10CM3uPwktWs1rGYS_ar5MN78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:3b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         76:4e:15:7d:5d:c9:df:87:42:53:cf:cd:dd:56:b2:50:d8:34:
         73:9f:f0:cf:b1:5e:22:04:e8:01:a6:a1:97:6a:76:92:0f:85:
         b3:dd:1f:fc:02:9b:65:0d:65:bc:8c:d9:6e:d9:d4:c8:33:87:
         36:73:8e:11:9e:32:ec:65:46:85:f5:55:bc:b9:11:21:06:c5:
         fc:9d:7d:ee:11:f7:e1:41:42:77:5b:87:ef:89:4c:5a:02:2a:
         2b:54:39:f0:22:fb:fb:90:a4:9a:f3:07:68:db:c2:96:e8:0c:
         90:84:ca:24:73:b3:d7:75:39:0d:fa:6b:7b:99:58:b7:b9:21:
         bd:2b:5c:aa:5e:ab:08:44:d9:2a:7b:53:13:b9:3f:6c:6e:72:
         ee:0f:61:3a:f1:0f:c9:a8:99:91:ec:27:ed:3a:e5:b1:e1:1a:
         86:e4:d0:22:db:9c:65:d7:ac:b9:44:16:4e:cf:e2:f1:40:ae:
         d0:4c:76:43:35:12:a2:b5:d3:e6:a6:22:ef:8a:e7:52:43:f8:
         8a:49:21:0a:56:52:c0:23:1b:5b:50:0d:a3:52:2d:e5:ea:8e:
         b5:f0:84:f4:7d:c2:75:36:53:5b:57:87:a3:47:32:bb:8c:50:
         9d:f1:36:b8:cc:4f:10:8f:f3:fa:93:fb:91:74:77:b5:d8:40:
         22:e3:3d:57
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk3KW7AaMpjV40fBeHF3+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTAxMTAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTdkNzQwOGNkZWUzZjA5MmQ1YWNkNmIxOTg0YmY2YWJlNGMzN2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4U57IAMcUMSDqZQ1ZjbqV2Kb3E9u
gz5FpoeJu2PrtIKywGqiwApSjYwvAb1oPNoYuA5ONzeCSNFgrB4GXOW87gK8/JmA
6ec7sTOfobJ50aZPTuDPJfhddk+eALYRZ9raacx6jy40/u5VrqTONG6u5YEP6e1l
K79vQYWWxAjju+jwaLvtWQvjrJYd7+Nt305zEWnVwOO+i763EfL0Ev3Jfgr+s9JQ
ReW1J4MDg2gO8ppdhKKu/Zdjfq9BrI8cPBrhhsMsa7mD3gtF/2XCqOoh0Gw1nZLH
tnRI8np5SDameGCBd5i0BhLWrJeUZ5ZYgMSAKz/29TSnaE5ThXlC5WYfnwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB59dAjN7j8JLVrNaxmEv2q+TDe/MB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvSG4xMENNM3VQd2t0V3MxckdZU19hcjVNTjc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgOw
MA0GCSqGSIb3DQEBCwUAA4IBAQB2ThV9Xcnfh0JTz83dVrJQ2DRzn/DPsV4iBOgB
pqGXanaSD4Wz3R/8AptlDWW8jNlu2dTIM4c2c44RnjLsZUaF9VW8uREhBsX8nX3u
EffhQUJ3W4fviUxaAiorVDnwIvv7kKSa8wdo28KW6AyQhMokc7PXdTkN+mt7mVi3
uSG9K1yqXqsIRNkqe1MTuT9sbnLuD2E68Q/JqJmR7CftOuWx4RqG5NAi25xl16y5
RBZOz+LxQK7QTHZDNRKitdPmpiLviudSQ/iKSSEKVlLAIxtbUA2jUi3l6o618IT0
fcJ1NlNbV4ejRzK7jFCd8Ta4zE8Qj/P6k/uRdHe12EAi4z1X
-----END CERTIFICATE-----