Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/N7YeSuv_93Y_IOrbZqQ-j0jIasc.roa
File:                     N7YeSuv_93Y_IOrbZqQ-j0jIasc.roa (raw, json)
Hash identifier:          DIz8dWdET3me0/lQs7x9fWybUAUW0g3DQOCTOnZxG9k=
Subject key identifier:   37:B6:1E:4A:EB:FF:F7:76:3F:20:EA:DB:66:A4:3E:8F:48:C8:6A:C7
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018CC49370FD4796F8A919A3D6827BB34DDC
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/N7YeSuv_93Y_IOrbZqQ-j0jIasc.roa
Signing time:             Mon 01 Jan 2024 10:30:46 +0000
ROA not before:           Mon 01 Jan 2024 10:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212504
IP address blocks:        2a10:4646:140::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:70:fd:47:96:f8:a9:19:a3:d6:82:7b:b3:4d:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  1 10:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=37b61e4aebfff7763f20eadb66a43e8f48c86ac7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:0b:15:a3:4e:3b:4f:44:da:04:3c:7a:71:ac:
                    ef:12:2c:5f:9b:23:5c:66:4f:60:e3:5d:1f:fe:de:
                    fb:b9:ad:3b:0d:89:13:dd:bd:37:20:fc:6f:9a:a7:
                    8f:d3:47:08:d7:d9:d2:7b:87:fc:6e:cf:e1:47:4f:
                    b2:ac:e1:34:3a:80:bb:23:47:54:44:cd:0b:55:ee:
                    b3:66:2b:e9:48:e3:f2:37:09:8e:10:c6:2b:5c:b0:
                    84:46:71:d0:e1:e7:62:d3:9f:d7:23:02:e4:f2:eb:
                    30:8f:64:f6:26:f8:9b:c4:07:5d:d9:73:3d:5f:cb:
                    94:fc:3b:bb:ae:d0:04:2f:53:cc:c4:75:c2:70:6d:
                    c4:78:cd:3e:f6:21:a8:52:b4:a9:54:bb:45:5f:a0:
                    fb:30:84:af:08:55:43:38:4b:ff:3f:d1:dd:57:06:
                    ec:e7:87:63:2f:72:9b:b4:a7:9d:eb:dd:41:98:62:
                    bf:ca:80:9b:ba:1b:90:d3:6d:9d:5e:20:8c:fa:93:
                    4e:0b:25:8b:15:d5:dc:d6:8f:4d:e5:1e:41:05:75:
                    2f:70:17:0e:75:e5:a7:d7:41:b3:a2:9e:a0:1f:92:
                    e4:97:98:21:24:d8:e6:90:3d:bc:b7:ee:f8:ea:b5:
                    d0:a7:6e:79:a6:96:84:77:30:91:a6:b4:ba:b7:61:
                    d2:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:B6:1E:4A:EB:FF:F7:76:3F:20:EA:DB:66:A4:3E:8F:48:C8:6A:C7
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/N7YeSuv_93Y_IOrbZqQ-j0jIasc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:140::/44

    Signature Algorithm: sha256WithRSAEncryption
         4b:3d:f2:1d:2e:11:d8:62:c9:59:f9:8b:9c:38:a5:58:25:8c:
         e9:1f:75:37:8e:f9:80:5e:48:e8:ac:90:2b:2c:a8:8a:7b:6d:
         3a:5b:00:c2:73:fe:66:39:9f:41:fe:f6:30:bd:d7:a2:63:ae:
         a4:2b:c7:85:d3:64:38:a7:52:1e:d2:07:ae:08:93:a1:52:c0:
         8e:22:cf:a5:b6:06:3a:5d:d8:7e:81:9b:7d:20:5a:35:70:44:
         22:88:61:49:23:99:a4:3a:95:21:4e:00:56:f5:9c:c1:3f:3c:
         74:dd:6c:b5:ea:a4:cc:46:9c:b3:c1:87:5e:80:4e:03:8e:2b:
         44:45:40:c1:73:5b:fb:3c:8c:be:db:60:01:c4:5d:dd:d3:8b:
         0c:31:9b:b5:dd:37:c5:f7:5a:85:75:fe:d8:6f:49:38:67:ae:
         2b:c7:a8:aa:dd:9e:2e:64:14:85:ff:e8:a1:c6:ca:60:9d:bb:
         4d:97:c3:de:fe:d8:30:89:27:1f:0d:d6:ee:02:14:9b:c4:ba:
         3c:3e:31:dc:c4:82:c1:57:79:99:3b:12:dc:91:6a:bd:7a:9f:
         13:da:30:22:47:5a:e1:5e:6e:6a:0f:7b:e2:5f:6d:60:55:2d:
         6e:0a:b7:1e:71:dd:06:28:85:33:e4:31:65:d0:74:ee:90:cf:
         fe:e3:82:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk3D9R5b4qRmj1oJ7s03cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTAxMTAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2I2MWU0YWViZmZmNzc2M2YyMGVhZGI2NmE0M2U4ZjQ4Yzg2YWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3AsVo047T0TaBDx6cazvEixfmyNc
Zk9g410f/t77ua07DYkT3b03IPxvmqeP00cI19nSe4f8bs/hR0+yrOE0OoC7I0dU
RM0LVe6zZivpSOPyNwmOEMYrXLCERnHQ4edi05/XIwLk8uswj2T2JvibxAdd2XM9
X8uU/Du7rtAEL1PMxHXCcG3EeM0+9iGoUrSpVLtFX6D7MISvCFVDOEv/P9HdVwbs
54djL3KbtKed691BmGK/yoCbuhuQ022dXiCM+pNOCyWLFdXc1o9N5R5BBXUvcBcO
deWn10Gzop6gH5Lkl5ghJNjmkD28t+746rXQp255ppaEdzCRprS6t2HSFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDe2Hkrr//d2PyDq22akPo9IyGrHMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvTjdZZVN1dl85M1lfSU9yYlpxUS1qMGpJYXNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgFA
MA0GCSqGSIb3DQEBCwUAA4IBAQBLPfIdLhHYYslZ+YucOKVYJYzpH3U3jvmAXkjo
rJArLKiKe206WwDCc/5mOZ9B/vYwvdeiY66kK8eF02Q4p1Ie0geuCJOhUsCOIs+l
tgY6Xdh+gZt9IFo1cEQiiGFJI5mkOpUhTgBW9ZzBPzx03Wy16qTMRpyzwYdegE4D
jitERUDBc1v7PIy+22ABxF3d04sMMZu13TfF91qFdf7Yb0k4Z64rx6iq3Z4uZBSF
/+ihxspgnbtNl8Pe/tgwiScfDdbuAhSbxLo8PjHcxILBV3mZOxLckWq9ep8T2jAi
R1rhXm5qD3viX21gVS1uCrcecd0GKIUz5DFl0HTukM/+44L/
-----END CERTIFICATE-----