Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Kxd9m0uPzDFHysQ0yCWD40dhlKA.roa
File:                     Kxd9m0uPzDFHysQ0yCWD40dhlKA.roa (raw, json)
Hash identifier:          6Rnu39bYMoyharf4nKVkEOBqEBYLj9zt1HDOn7xKVT0=
Subject key identifier:   2B:17:7D:9B:4B:8F:CC:31:47:CA:C4:34:C8:25:83:E3:47:61:94:A0
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018CC4936707A88C29518BE9FC120EFF8E1E
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Kxd9m0uPzDFHysQ0yCWD40dhlKA.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47484
IP address blocks:        2a10:4646:2f0::/44 maxlen: 44
                          2a10:4646:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:67:07:a8:8c:29:51:8b:e9:fc:12:0e:ff:8e:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b177d9b4b8fcc3147cac434c82583e3476194a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:6e:30:cc:ee:9b:2b:f4:29:e7:c1:63:97:5b:
                    c1:0a:5f:55:af:2c:c7:b8:40:14:b5:6a:ad:50:ae:
                    8c:89:17:2c:0c:0b:e9:ca:64:e3:94:05:cc:09:e0:
                    86:b1:38:5c:b5:99:8f:92:b7:cc:24:ba:85:80:5e:
                    c8:e9:e3:39:ee:85:22:4f:e4:5d:a2:f7:3f:dd:cf:
                    c4:24:79:16:cd:d3:d2:a0:a3:0d:9c:7a:a1:16:9d:
                    f8:73:f1:cd:d4:84:f5:a9:78:24:ea:f4:cb:66:dc:
                    94:76:26:32:22:09:3a:2a:cf:16:66:62:82:ec:49:
                    97:fb:4c:49:45:2d:3b:b7:2a:a4:5f:df:bd:11:7c:
                    b6:be:a5:f5:76:ee:94:dc:6b:cf:56:77:0e:f0:8f:
                    e9:2e:f9:ac:d1:9b:75:af:bf:c8:15:52:ba:0d:24:
                    af:c6:9e:fc:9b:3b:21:f2:70:9d:c4:19:8b:da:4c:
                    db:09:dd:3d:9c:db:c2:76:36:16:28:c7:17:55:bf:
                    a5:04:3a:7b:eb:7c:cd:36:01:d0:d9:d5:6f:22:75:
                    62:6a:9c:fa:59:6c:f9:4e:8f:f2:9b:6d:67:d1:fe:
                    5f:39:9e:4b:a0:77:88:f7:d6:f4:4c:39:cf:23:22:
                    9a:13:ba:cd:9b:39:0b:db:e8:60:33:ed:64:1e:ff:
                    5f:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:17:7D:9B:4B:8F:CC:31:47:CA:C4:34:C8:25:83:E3:47:61:94:A0
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Kxd9m0uPzDFHysQ0yCWD40dhlKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:6::/48
                  2a10:4646:2f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         20:8d:95:4b:d6:35:03:5e:9e:3e:6d:95:ba:cb:8a:49:70:35:
         ec:8e:8e:34:04:54:11:d8:1d:82:ef:b2:57:e3:9b:c1:2c:b1:
         7c:a3:07:a0:3e:19:08:f1:79:1c:54:b1:13:de:66:0c:80:6f:
         4e:39:1b:f8:bf:cc:b4:80:8f:ef:5c:86:4a:9a:bb:a5:a6:37:
         96:57:d3:e7:74:0a:d1:ae:e8:fa:55:08:77:eb:23:c7:97:81:
         ba:80:f1:99:f2:d1:1b:64:0b:5e:56:d8:0d:6c:ad:f6:f1:8f:
         85:e7:53:d7:7c:64:0f:35:50:01:24:3a:f0:66:73:6f:46:b7:
         af:0d:e0:25:32:0b:ee:97:b4:bb:eb:0e:27:dd:a5:2e:cd:12:
         ce:cc:0e:28:1d:9f:2a:73:40:6e:3a:41:c6:0c:c3:dd:32:f8:
         63:81:62:5e:4c:32:81:9d:af:38:2b:f5:42:71:71:a8:df:f5:
         b9:97:75:7a:84:c7:b0:51:7b:33:0a:5d:b3:26:db:5e:dd:b2:
         38:be:9b:72:da:95:2b:ed:a2:73:e7:1c:d8:84:11:ec:35:79:
         8a:65:7a:d8:67:cb:57:78:71:a2:f1:51:1f:ce:f8:e6:13:46:
         c2:58:9d:27:a6:91:67:d7:e2:bd:05:60:95:00:78:2b:23:9a:
         fc:21:9e:b6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEk2cHqIwpUYvp/BIO/44eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjE3N2Q5YjRiOGZjYzMxNDdjYWM0MzRjODI1ODNlMzQ3NjE5NGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp24wzO6bK/Qp58Fjl1vBCl9VryzH
uEAUtWqtUK6MiRcsDAvpymTjlAXMCeCGsThctZmPkrfMJLqFgF7I6eM57oUiT+Rd
ovc/3c/EJHkWzdPSoKMNnHqhFp34c/HN1IT1qXgk6vTLZtyUdiYyIgk6Ks8WZmKC
7EmX+0xJRS07tyqkX9+9EXy2vqX1du6U3GvPVncO8I/pLvms0Zt1r7/IFVK6DSSv
xp78mzsh8nCdxBmL2kzbCd09nNvCdjYWKMcXVb+lBDp763zNNgHQ2dVvInViapz6
WWz5To/ym21n0f5fOZ5LoHeI99b0TDnPIyKaE7rNmzkL2+hgM+1kHv9f7wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCsXfZtLj8wxR8rENMglg+NHYZSgMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvS3hkOW0wdVB6REZIeXNRMHlDV0Q0MGRobEtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhBGRgAG
AwcEKhBGRgLwMA0GCSqGSIb3DQEBCwUAA4IBAQAgjZVL1jUDXp4+bZW6y4pJcDXs
jo40BFQR2B2C77JX45vBLLF8owegPhkI8XkcVLET3mYMgG9OORv4v8y0gI/vXIZK
mrulpjeWV9PndArRruj6VQh36yPHl4G6gPGZ8tEbZAteVtgNbK328Y+F51PXfGQP
NVABJDrwZnNvRrevDeAlMgvul7S76w4n3aUuzRLOzA4oHZ8qc0BuOkHGDMPdMvhj
gWJeTDKBna84K/VCcXGo3/W5l3V6hMewUXszCl2zJtte3bI4vpty2pUr7aJz5xzY
hBHsNXmKZXrYZ8tXeHGi8VEfzvjmE0bCWJ0nppFn1+K9BWCVAHgrI5r8IZ62
-----END CERTIFICATE-----