Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/M9oI1v5fCXV9PgArdgmXYRHTkXI.roa
File:                     M9oI1v5fCXV9PgArdgmXYRHTkXI.roa (raw, json)
Hash identifier:          aWNTApAucgNbp4V1SlapXdqo5ZORZhuwMCsuEE8pYxE=
Subject key identifier:   33:DA:08:D6:FE:5F:09:75:7D:3E:00:2B:76:09:97:61:11:D3:91:72
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018CC49368695C736F12159C32D91B04A0C9
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/M9oI1v5fCXV9PgArdgmXYRHTkXI.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198180
IP address blocks:        2a10:4646:370::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:68:69:5c:73:6f:12:15:9c:32:d9:1b:04:a0:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33da08d6fe5f09757d3e002b7609976111d39172
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:08:e9:6a:80:d6:e9:69:9d:ba:a5:db:48:15:
                    cf:d7:5f:5f:c8:26:55:93:54:d7:cf:ee:5e:df:b0:
                    d0:49:91:41:75:52:53:3f:2d:0b:03:c4:cf:41:20:
                    39:6a:32:3b:b8:70:f6:ed:96:76:0d:c7:fc:f8:b3:
                    b8:1c:f3:b1:2f:5e:2e:7a:62:52:dc:9c:e9:75:c3:
                    8c:df:32:08:92:20:30:a4:b2:49:33:52:9a:79:29:
                    1d:fb:ad:a2:78:d3:b3:75:ce:23:dd:a6:c4:29:32:
                    08:ac:ad:fa:e6:4c:9f:bf:50:7c:32:9c:33:ee:15:
                    f4:7c:72:73:9c:66:93:f4:16:af:bc:ff:b3:bc:30:
                    7a:8e:ee:4d:9e:03:cc:d2:88:80:2f:ee:a5:25:5f:
                    d2:2f:ad:8c:8e:fd:75:5d:3c:ea:82:7e:d3:47:83:
                    2f:e9:0d:32:ef:9e:35:83:41:e5:92:54:55:ad:96:
                    37:3d:02:7d:fd:cf:9d:b2:e2:35:36:8c:18:0b:56:
                    1b:08:00:fa:a7:1e:ec:fb:7b:d2:d2:ba:e3:2d:b0:
                    4b:4a:49:1a:f1:a8:58:0b:5d:1f:20:4a:92:23:29:
                    78:8e:3a:7b:e3:68:1e:65:ab:a8:cb:08:88:27:f1:
                    e5:e4:77:86:ac:f0:84:18:08:ce:1a:e6:64:9c:67:
                    35:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:DA:08:D6:FE:5F:09:75:7D:3E:00:2B:76:09:97:61:11:D3:91:72
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/M9oI1v5fCXV9PgArdgmXYRHTkXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:370::/44

    Signature Algorithm: sha256WithRSAEncryption
         1b:ad:34:3e:7d:97:f9:5c:99:92:98:4f:fb:a7:32:c4:ed:3a:
         32:18:66:4e:56:1b:7b:2c:b5:20:bb:19:a2:3b:4b:96:ef:db:
         33:15:7a:2a:1b:fc:b8:90:1f:d6:d7:b8:8f:6f:e9:51:67:b2:
         94:e9:71:0c:0e:45:5a:2f:9d:a2:f1:3e:ae:41:ca:73:9f:95:
         60:81:95:0a:3b:76:d8:bf:9c:fa:29:69:09:bf:fd:16:31:ba:
         a3:1c:3b:b5:bb:d1:dd:49:45:14:7e:a6:cb:d3:f7:37:ae:e9:
         59:03:d2:99:6f:fc:39:7b:46:69:3e:c6:7d:fa:74:57:70:67:
         06:df:06:75:b3:fe:2c:47:83:a9:dc:2d:23:74:2e:80:3a:5e:
         a2:9c:be:b0:ad:10:8a:09:99:a8:76:c9:80:8d:e6:0c:ce:84:
         69:09:5c:51:5b:34:9f:68:cd:54:84:4d:2b:98:fe:57:b4:3b:
         cf:64:4f:63:29:58:d2:4a:cd:61:22:f0:a2:99:c2:83:69:51:
         f4:d7:de:6d:3d:a5:f3:c4:44:76:a0:89:be:18:b2:63:21:29:
         54:e8:42:a2:04:8c:e4:cf:47:fc:50:9e:a4:36:b8:f3:3c:39:
         2e:2e:5e:d0:fe:81:3a:ce:73:92:9f:e1:7a:f4:f8:84:23:55:
         f6:b8:be:c1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk2hpXHNvEhWcMtkbBKDJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2RhMDhkNmZlNWYwOTc1N2QzZTAwMmI3NjA5OTc2MTExZDM5MTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAjpaoDW6WmduqXbSBXP119fyCZV
k1TXz+5e37DQSZFBdVJTPy0LA8TPQSA5ajI7uHD27ZZ2Dcf8+LO4HPOxL14uemJS
3JzpdcOM3zIIkiAwpLJJM1KaeSkd+62ieNOzdc4j3abEKTIIrK365kyfv1B8Mpwz
7hX0fHJznGaT9BavvP+zvDB6ju5NngPM0oiAL+6lJV/SL62Mjv11XTzqgn7TR4Mv
6Q0y7541g0HlklRVrZY3PQJ9/c+dsuI1NowYC1YbCAD6px7s+3vS0rrjLbBLSkka
8ahYC10fIEqSIyl4jjp742geZauoywiIJ/Hl5HeGrPCEGAjOGuZknGc18wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDPaCNb+Xwl1fT4AK3YJl2ER05FyMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvTTlvSTF2NWZDWFY5UGdBcmRnbVhZUkhUa1hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgNw
MA0GCSqGSIb3DQEBCwUAA4IBAQAbrTQ+fZf5XJmSmE/7pzLE7ToyGGZOVht7LLUg
uxmiO0uW79szFXoqG/y4kB/W17iPb+lRZ7KU6XEMDkVaL52i8T6uQcpzn5VggZUK
O3bYv5z6KWkJv/0WMbqjHDu1u9HdSUUUfqbL0/c3rulZA9KZb/w5e0ZpPsZ9+nRX
cGcG3wZ1s/4sR4Op3C0jdC6AOl6inL6wrRCKCZmodsmAjeYMzoRpCVxRWzSfaM1U
hE0rmP5XtDvPZE9jKVjSSs1hIvCimcKDaVH0195tPaXzxER2oIm+GLJjISlU6EKi
BIzkz0f8UJ6kNrjzPDkuLl7Q/oE6znOSn+F69PiEI1X2uL7B
-----END CERTIFICATE-----