Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/_QPsGh0HNtlcYaZPGUxvqUr4izg.roa
File:                     _QPsGh0HNtlcYaZPGUxvqUr4izg.roa (raw, json)
Hash identifier:          OcnJA+DhN3pF8jUv/C7g99AZqWWkoMue31qCVRVwPzE=
Subject key identifier:   FD:03:EC:1A:1D:07:36:D9:5C:61:A6:4F:19:4C:6F:A9:4A:F8:8B:38
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018D331EC7C286D91DDE46E950F264A5A270
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/_QPsGh0HNtlcYaZPGUxvqUr4izg.roa
Signing time:             Mon 22 Jan 2024 21:41:11 +0000
ROA not before:           Mon 22 Jan 2024 21:41:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216308
IP address blocks:        2a10:4646:390::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:33:1e:c7:c2:86:d9:1d:de:46:e9:50:f2:64:a5:a2:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan 22 21:41:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd03ec1a1d0736d95c61a64f194c6fa94af88b38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2b:86:b2:71:6f:69:ac:93:75:4d:19:d8:9f:
                    c4:86:6a:2c:86:a5:93:53:ca:39:78:86:d2:a9:08:
                    56:4d:a5:02:47:ff:b1:e6:55:29:53:69:7c:63:52:
                    06:95:38:d3:de:2e:77:6c:44:1f:58:a5:eb:08:60:
                    89:02:0d:24:28:9e:f5:74:97:d4:f0:64:68:eb:dd:
                    04:d8:9c:71:eb:ab:9e:66:70:5c:2b:20:78:fe:1c:
                    29:56:e3:08:80:a7:4e:b8:d0:dd:2e:f4:dc:01:33:
                    78:19:7b:d3:4c:53:aa:9b:90:ca:8e:bd:43:59:d0:
                    9b:6e:bf:82:b2:94:1c:a7:b4:8d:16:a0:64:47:bf:
                    9d:03:43:eb:e1:92:ac:83:7a:0f:03:59:b3:52:31:
                    c5:55:9a:e7:62:37:3f:d5:eb:4d:26:b2:aa:a2:8b:
                    01:15:93:87:1a:4d:f0:a8:9a:d1:b4:01:d4:c1:bd:
                    0d:8a:96:4e:0d:3d:f3:95:06:7f:94:a8:60:64:2b:
                    1a:5b:a1:c0:b2:27:db:e0:3e:81:31:6a:1c:48:a6:
                    ca:20:b6:b3:ab:88:a1:79:04:c3:37:74:57:63:af:
                    e6:c1:ac:6b:b9:36:da:3e:7f:53:e6:3f:d5:43:25:
                    80:80:6d:00:2d:93:7f:32:72:64:3a:f4:2f:0b:75:
                    dc:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:03:EC:1A:1D:07:36:D9:5C:61:A6:4F:19:4C:6F:A9:4A:F8:8B:38
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/_QPsGh0HNtlcYaZPGUxvqUr4izg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:390::/44

    Signature Algorithm: sha256WithRSAEncryption
         2d:8c:e7:e5:b8:9f:5a:b3:05:80:2f:84:20:82:81:2b:0e:21:
         5f:2e:f2:c3:f7:40:63:e7:3b:f9:d1:65:4b:ba:a4:46:6d:b1:
         f6:a9:2b:56:dd:d4:ac:c9:f4:1a:c7:d5:eb:fb:3c:df:a1:80:
         ca:c0:a5:14:df:7a:16:67:f6:6e:fd:ca:54:fb:23:ee:0c:e8:
         b7:ac:4d:74:b4:21:dd:c7:b7:ca:8d:81:c3:e9:0f:56:2d:d0:
         25:fc:1f:b7:60:4e:a1:52:0b:52:eb:9a:07:5e:bb:51:da:1e:
         e9:a4:f6:83:70:2b:2f:4a:fa:a7:85:1b:06:51:31:f2:88:c5:
         83:f3:00:89:df:fb:3e:28:85:e7:0e:6d:6a:ff:dc:31:b6:90:
         7c:a5:d1:17:6e:6d:b3:55:3f:5e:11:4f:3d:a0:a6:3d:82:a7:
         af:f7:f0:e1:c6:5e:f0:0f:62:ae:66:3b:9e:d3:0b:13:ea:71:
         47:4a:e7:33:be:ad:22:d6:3a:93:09:2a:24:67:d9:2d:00:cb:
         04:60:a0:7d:d7:47:c0:a1:9b:82:aa:95:c0:d7:93:e2:92:85:
         bc:05:f4:ad:69:f6:49:ea:57:b3:60:25:83:cc:ff:e8:cf:d4:
         dd:3f:1c:b0:b6:24:c6:5c:1b:35:28:50:c7:9e:33:68:14:71:
         4a:ac:17:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY0zHsfChtkd3kbpUPJkpaJwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTIyMjE0MTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDAzZWMxYTFkMDczNmQ5NWM2MWE2NGYxOTRjNmZhOTRhZjg4YjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCuGsnFvaayTdU0Z2J/EhmoshqWT
U8o5eIbSqQhWTaUCR/+x5lUpU2l8Y1IGlTjT3i53bEQfWKXrCGCJAg0kKJ71dJfU
8GRo690E2Jxx66ueZnBcKyB4/hwpVuMIgKdOuNDdLvTcATN4GXvTTFOqm5DKjr1D
WdCbbr+CspQcp7SNFqBkR7+dA0Pr4ZKsg3oPA1mzUjHFVZrnYjc/1etNJrKqoosB
FZOHGk3wqJrRtAHUwb0NipZODT3zlQZ/lKhgZCsaW6HAsifb4D6BMWocSKbKILaz
q4iheQTDN3RXY6/mwaxruTbaPn9T5j/VQyWAgG0ALZN/MnJkOvQvC3Xc/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP0D7BodBzbZXGGmTxlMb6lK+Is4MB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvX1FQc0doMEhOdGxjWWFaUEdVeHZxVXI0aXpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgOQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAtjOfluJ9aswWAL4QggoErDiFfLvLD90Bj5zv5
0WVLuqRGbbH2qStW3dSsyfQax9Xr+zzfoYDKwKUU33oWZ/Zu/cpU+yPuDOi3rE10
tCHdx7fKjYHD6Q9WLdAl/B+3YE6hUgtS65oHXrtR2h7ppPaDcCsvSvqnhRsGUTHy
iMWD8wCJ3/s+KIXnDm1q/9wxtpB8pdEXbm2zVT9eEU89oKY9gqev9/Dhxl7wD2Ku
Zjue0wsT6nFHSuczvq0i1jqTCSokZ9ktAMsEYKB910fAoZuCqpXA15PikoW8BfSt
afZJ6lezYCWDzP/oz9TdPxywtiTGXBs1KFDHnjNoFHFKrBcF
-----END CERTIFICATE-----