Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Zcz_qG4mWMoNathPXuQil6c420Q.roa
File:                     Zcz_qG4mWMoNathPXuQil6c420Q.roa (raw, json)
Hash identifier:          HAbTnhBV8bwvrBQTEt07WzSEikvKbQB0emTGl5vEagk=
Subject key identifier:   65:CC:FF:A8:6E:26:58:CA:0D:6A:D8:4F:5E:E4:22:97:A7:38:DB:44
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018D08FB91C68786F21297BD6CADFE7AECD2
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Zcz_qG4mWMoNathPXuQil6c420Q.roa
Signing time:             Sun 14 Jan 2024 17:18:41 +0000
ROA not before:           Sun 14 Jan 2024 17:18:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216187
IP address blocks:        2a10:4646:3a0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:08:fb:91:c6:87:86:f2:12:97:bd:6c:ad:fe:7a:ec:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan 14 17:18:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65ccffa86e2658ca0d6ad84f5ee42297a738db44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:de:85:e5:b4:05:d0:34:bc:fd:59:c9:00:0c:
                    3b:35:67:05:54:16:f7:be:e5:7f:fa:80:1a:80:7d:
                    b2:9c:f1:a5:41:40:c0:af:d0:12:32:0d:a4:9d:64:
                    ef:bd:b6:ab:67:c4:62:16:34:3e:fb:5d:21:00:b7:
                    4f:5f:d3:5c:c9:03:9e:91:f2:d9:03:7d:8b:b0:89:
                    20:c2:be:49:ce:f7:49:a9:72:60:e9:0e:99:19:9b:
                    58:b1:15:73:e1:83:0b:dd:d6:ad:8d:1c:24:d9:2b:
                    a2:a6:06:a4:26:62:4f:53:18:e4:30:c1:af:32:88:
                    88:a3:32:31:88:79:00:7b:25:da:15:b2:7e:e4:20:
                    c7:b3:31:50:11:22:5e:b5:40:52:b9:75:d9:13:c4:
                    bd:5c:be:65:fb:28:0c:5b:23:32:7c:6c:fa:6d:6d:
                    a2:7d:38:6f:db:91:6a:c1:14:a1:01:96:ac:1a:34:
                    ae:65:c7:d4:54:2d:bb:d8:3c:fc:fe:9c:2b:66:31:
                    7c:03:73:4a:26:6f:98:17:f9:56:e0:7c:19:a3:a6:
                    21:59:dc:77:4c:1c:61:61:da:aa:e0:a4:99:80:44:
                    34:8d:92:7e:36:2b:1d:ce:08:6c:d4:88:1c:15:cf:
                    6a:8a:b5:b5:28:ac:26:f3:da:21:43:0b:73:57:8f:
                    da:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:CC:FF:A8:6E:26:58:CA:0D:6A:D8:4F:5E:E4:22:97:A7:38:DB:44
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Zcz_qG4mWMoNathPXuQil6c420Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:3a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         b0:a3:51:26:2d:8e:5f:9d:ef:63:0a:52:0d:b7:52:34:71:18:
         9f:0d:84:40:d2:cc:ec:e2:8e:1d:3d:18:c9:74:f3:03:4c:7a:
         e7:dc:0d:61:22:a4:b3:cc:6d:02:d7:fb:ee:fd:15:20:fc:47:
         e0:3b:5f:e7:07:5d:49:45:44:eb:5a:b3:49:cb:77:bb:ea:45:
         67:60:54:e9:85:b9:e1:5f:d0:05:e6:b7:32:68:43:cd:ad:5c:
         f8:18:59:2a:fc:2a:8b:aa:81:3c:40:89:ae:a1:34:cd:87:32:
         a6:c1:46:e7:7e:e9:c7:51:09:e2:d3:dc:52:e2:a4:0b:ef:2e:
         bd:50:07:a4:11:2b:45:f5:d1:0f:16:f6:a2:c5:4c:20:90:22:
         db:61:61:9e:58:47:b6:10:59:8e:24:0b:c5:67:6a:d4:63:67:
         69:76:aa:6f:7e:00:5b:5e:4b:0c:90:81:d1:76:74:d4:fb:7b:
         18:35:7f:f7:ae:62:60:f2:f3:59:38:01:b5:f6:22:85:6e:2b:
         ad:51:9f:54:3d:36:5f:a2:cd:cb:5e:f5:2a:34:ab:1f:c8:34:
         59:9b:9c:92:bc:7a:5d:e6:63:48:2b:97:97:c5:e2:dd:09:06:
         d4:8f:9a:7e:5c:46:b1:3f:7e:19:2a:51:50:ca:22:6b:8e:f0:
         cb:b9:2c:ec
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY0I+5HGh4byEpe9bK3+euzSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTE0MTcxODQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWNjZmZhODZlMjY1OGNhMGQ2YWQ4NGY1ZWU0MjI5N2E3MzhkYjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApd6F5bQF0DS8/VnJAAw7NWcFVBb3
vuV/+oAagH2ynPGlQUDAr9ASMg2knWTvvbarZ8RiFjQ++10hALdPX9NcyQOekfLZ
A32LsIkgwr5JzvdJqXJg6Q6ZGZtYsRVz4YML3datjRwk2SuipgakJmJPUxjkMMGv
MoiIozIxiHkAeyXaFbJ+5CDHszFQESJetUBSuXXZE8S9XL5l+ygMWyMyfGz6bW2i
fThv25FqwRShAZasGjSuZcfUVC272Dz8/pwrZjF8A3NKJm+YF/lW4HwZo6YhWdx3
TBxhYdqq4KSZgEQ0jZJ+Nisdzghs1IgcFc9qirW1KKwm89ohQwtzV4/aswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGXM/6huJljKDWrYT17kIpenONtEMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvWmN6X3FHNG1XTW9OYXRoUFh1UWlsNmM0MjBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgOg
MA0GCSqGSIb3DQEBCwUAA4IBAQCwo1EmLY5fne9jClINt1I0cRifDYRA0szs4o4d
PRjJdPMDTHrn3A1hIqSzzG0C1/vu/RUg/EfgO1/nB11JRUTrWrNJy3e76kVnYFTp
hbnhX9AF5rcyaEPNrVz4GFkq/CqLqoE8QImuoTTNhzKmwUbnfunHUQni09xS4qQL
7y69UAekEStF9dEPFvaixUwgkCLbYWGeWEe2EFmOJAvFZ2rUY2dpdqpvfgBbXksM
kIHRdnTU+3sYNX/3rmJg8vNZOAG19iKFbiutUZ9UPTZfos3LXvUqNKsfyDRZm5yS
vHpd5mNIK5eXxeLdCQbUj5p+XEaxP34ZKlFQyiJrjvDLuSzs
-----END CERTIFICATE-----