Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/YjHodLlKJI1u41bvnymifvXT0d8.roa
File:                     YjHodLlKJI1u41bvnymifvXT0d8.roa (raw, json)
Hash identifier:          GzC9nN0+ITy8LWqc2azjPqCRbUH0LeY7Jp/uFfP//84=
Subject key identifier:   62:31:E8:74:B9:4A:24:8D:6E:E3:56:EF:9F:29:A2:7E:F5:D3:D1:DF
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018CC49370CDA6E12D0FFA12832033D1E08E
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/YjHodLlKJI1u41bvnymifvXT0d8.roa
Signing time:             Mon 01 Jan 2024 10:30:46 +0000
ROA not before:           Mon 01 Jan 2024 10:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212124
IP address blocks:        2a10:4646:10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 28 Jun 2024 09:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:70:cd:a6:e1:2d:0f:fa:12:83:20:33:d1:e0:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  1 10:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6231e874b94a248d6ee356ef9f29a27ef5d3d1df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f3:85:67:fb:0a:32:f1:b6:d9:eb:7b:06:09:
                    f3:6c:95:2c:5d:fe:bf:73:0a:da:54:a1:f1:e8:99:
                    d4:ab:56:42:83:8e:f4:8b:bd:77:0b:84:d2:10:f8:
                    fa:08:07:d9:2b:8f:89:3f:b6:71:ea:cf:bb:d4:e3:
                    9f:c2:d1:6a:3a:a4:46:c4:8e:86:e0:16:9d:d8:b0:
                    ef:8a:6c:1d:45:28:7e:c5:4f:03:02:76:bd:99:84:
                    f4:4f:78:0d:c2:aa:e4:a0:3a:dc:d3:30:4b:04:e0:
                    c6:84:1a:b2:e8:52:c7:98:78:57:c0:16:e3:10:00:
                    db:a2:52:b1:5a:66:af:b4:28:31:0e:f1:cb:ad:9d:
                    e6:9f:6c:3b:8d:86:2a:f0:74:17:89:a4:f0:98:fe:
                    4e:33:b8:cc:1d:2b:28:de:d1:d3:71:17:a0:a5:c7:
                    81:f8:4f:b7:ad:b0:89:7b:cb:8a:43:f9:b7:f6:20:
                    f5:35:f4:fd:4d:c3:d1:51:91:52:47:99:e0:fe:05:
                    98:1c:48:cb:04:f5:e6:16:f0:0f:fc:98:d6:ff:43:
                    d2:86:77:3a:ab:fc:07:03:07:88:8b:19:38:4b:a4:
                    ed:59:8a:51:d4:2e:ae:3e:3a:7d:2b:1f:75:59:d3:
                    1f:63:ef:82:85:2d:22:9e:74:26:45:6d:ca:15:39:
                    5f:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:31:E8:74:B9:4A:24:8D:6E:E3:56:EF:9F:29:A2:7E:F5:D3:D1:DF
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/YjHodLlKJI1u41bvnymifvXT0d8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:0d:23:21:d8:b0:30:d4:28:3c:be:16:e4:17:5d:18:90:bb:
         37:4b:b6:30:ae:a0:ad:c6:6c:ac:74:68:92:75:af:71:1b:f1:
         6f:49:3a:eb:05:2d:63:2e:50:48:18:86:60:e2:26:b5:c6:d1:
         87:f3:3f:9e:f2:a2:59:bd:79:bd:8b:da:be:12:29:3e:5a:ca:
         b7:d1:e5:3d:d1:11:99:65:54:62:99:a3:d6:9b:e7:69:25:c1:
         c7:9b:b3:e4:1b:c0:d8:39:f0:cb:8c:25:9f:2e:70:29:a0:ee:
         5d:aa:36:65:f5:8a:35:e0:01:47:9c:31:56:85:0b:ee:da:d8:
         1d:55:a4:cc:b5:90:1d:71:ad:9a:a5:8f:af:82:93:d6:75:c1:
         09:ba:fa:1d:37:fe:92:53:62:c6:c9:72:f1:21:91:67:9a:86:
         ba:09:53:4f:e3:15:29:07:67:99:ee:90:1e:13:68:59:96:40:
         d3:ef:06:c5:fe:98:42:e5:c5:85:e2:14:96:79:b4:ca:25:17:
         50:ee:ee:8d:7e:24:49:18:42:36:f8:89:8d:cd:9d:45:3c:c6:
         f7:8b:91:99:b9:22:7e:a0:56:20:19:74:11:6b:b1:0b:3b:55:
         d4:95:d7:1b:9d:1d:40:1e:4e:91:b1:47:b1:94:cb:6f:0b:a1:
         97:2c:54:e1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk3DNpuEtD/oSgyAz0eCOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTAxMTAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjMxZTg3NGI5NGEyNDhkNmVlMzU2ZWY5ZjI5YTI3ZWY1ZDNkMWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPOFZ/sKMvG22et7BgnzbJUsXf6/
cwraVKHx6JnUq1ZCg470i713C4TSEPj6CAfZK4+JP7Zx6s+71OOfwtFqOqRGxI6G
4Bad2LDvimwdRSh+xU8DAna9mYT0T3gNwqrkoDrc0zBLBODGhBqy6FLHmHhXwBbj
EADbolKxWmavtCgxDvHLrZ3mn2w7jYYq8HQXiaTwmP5OM7jMHSso3tHTcRegpceB
+E+3rbCJe8uKQ/m39iD1NfT9TcPRUZFSR5ng/gWYHEjLBPXmFvAP/JjW/0PShnc6
q/wHAweIixk4S6TtWYpR1C6uPjp9Kx91WdMfY++ChS0innQmRW3KFTlf7wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGIx6HS5SiSNbuNW758pon7109HfMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvWWpIb2RMbEtKSTF1NDFidm55bWlmdlhUMGQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhBGRgAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAUDSMh2LAw1Cg8vhbkF10YkLs3S7YwrqCtxmys
dGiSda9xG/FvSTrrBS1jLlBIGIZg4ia1xtGH8z+e8qJZvXm9i9q+Eik+Wsq30eU9
0RGZZVRimaPWm+dpJcHHm7PkG8DYOfDLjCWfLnApoO5dqjZl9Yo14AFHnDFWhQvu
2tgdVaTMtZAdca2apY+vgpPWdcEJuvodN/6SU2LGyXLxIZFnmoa6CVNP4xUpB2eZ
7pAeE2hZlkDT7wbF/phC5cWF4hSWebTKJRdQ7u6NfiRJGEI2+ImNzZ1FPMb3i5GZ
uSJ+oFYgGXQRa7ELO1XUldcbnR1AHk6RsUexlMtvC6GXLFTh
-----END CERTIFICATE-----