Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/atXBqm0g5zV7ZIAyomhlGHuI0s0.roa
File:                     atXBqm0g5zV7ZIAyomhlGHuI0s0.roa (raw, json)
Hash identifier:          jRKb6aScL/LWJgG/hvJyhPlr81yDt1VrGtosvexznr8=
Subject key identifier:   6A:D5:C1:AA:6D:20:E7:35:7B:64:80:32:A2:68:65:18:7B:88:D2:CD
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018CC4936AA2BEE98AAF09FB2BB28482DF54
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/atXBqm0g5zV7ZIAyomhlGHuI0s0.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199415
IP address blocks:        2a10:4646:121::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6a:a2:be:e9:8a:af:09:fb:2b:b2:84:82:df:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ad5c1aa6d20e7357b648032a26865187b88d2cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:59:25:52:89:71:f6:12:f6:e8:0e:a5:67:0d:
                    3a:06:96:35:c4:5a:a3:5f:a8:d6:4f:bf:af:35:c2:
                    f5:65:62:6e:db:6d:2d:ec:82:b7:0b:4a:98:d3:b5:
                    ce:6f:ea:69:8f:57:34:21:e5:b7:ab:9f:c9:e6:07:
                    0d:cf:a1:ff:0b:bd:d3:77:20:12:bc:a3:d2:f2:36:
                    a5:9c:72:c7:1b:50:68:d5:93:a7:86:d5:01:d7:ac:
                    01:f9:40:ae:97:47:1b:55:b9:a8:2b:e8:9f:b1:3b:
                    a8:6e:5d:1f:41:6e:a4:5f:bb:e2:61:3d:ea:cb:75:
                    37:79:dd:8c:aa:96:c7:69:5e:fb:56:a0:bb:90:94:
                    79:be:fd:6b:21:d2:5a:36:b3:df:01:33:25:44:87:
                    d6:44:23:12:53:82:c6:b1:e0:22:48:e6:e2:0c:0f:
                    8b:d0:a4:21:ee:e5:71:d9:5c:7c:5a:6d:75:c8:24:
                    d2:0d:97:9f:6e:4f:b1:fa:46:78:12:8b:4a:01:a1:
                    0b:d2:39:90:55:4b:71:af:7d:4f:d5:1b:6d:c8:6f:
                    e6:bf:be:f7:1f:0f:05:72:e9:4b:ec:af:84:5a:46:
                    da:cf:e4:b6:d7:ae:ac:f7:fc:82:a2:c3:31:36:f9:
                    e3:1b:08:13:a0:5d:8f:0b:26:4a:7a:3a:e3:98:9d:
                    e6:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:D5:C1:AA:6D:20:E7:35:7B:64:80:32:A2:68:65:18:7B:88:D2:CD
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/atXBqm0g5zV7ZIAyomhlGHuI0s0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:121::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:25:77:1c:32:4c:7c:0b:2a:f3:8c:70:5c:de:09:93:df:31:
         f7:af:a5:dd:4a:ae:86:7a:52:c3:88:61:1c:a4:9b:46:7c:d4:
         45:1a:1b:54:b3:ab:63:93:c5:f8:6e:26:da:91:e9:35:d0:63:
         a1:f3:cd:1a:fa:8e:48:0d:b6:a7:5c:32:77:cc:ec:0d:bc:b0:
         2a:f8:b0:a5:74:3d:08:e0:b9:13:46:8f:b9:58:8c:ac:60:5d:
         89:57:25:62:ff:02:85:7b:69:eb:97:a9:aa:e0:71:e7:1b:98:
         82:d6:76:30:ee:20:53:52:38:44:64:a6:3e:d4:cf:52:3f:ae:
         82:f7:c7:13:b4:89:df:78:dc:16:0d:82:18:a4:a5:4d:d3:db:
         52:9c:d8:30:45:84:1d:da:fd:fe:3b:d5:ae:71:d0:2a:c6:22:
         9b:c3:c5:8d:3e:9d:c6:6c:53:f8:a2:7f:93:d1:99:bf:da:2e:
         e1:18:d0:19:fb:4c:ab:0d:fb:f4:b1:1f:05:fc:d6:71:7c:7b:
         a5:cc:d2:c8:20:a9:f5:48:8a:bd:4b:54:46:a2:34:6f:44:23:
         77:00:f1:bb:de:ad:e7:95:e9:17:0a:ed:2d:9d:3d:a6:c4:9e:
         87:05:2d:75:99:09:fa:bf:2a:63:0b:c4:e7:cd:8b:33:62:4f:
         e4:bf:9c:db
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk2qivumKrwn7K7KEgt9UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWQ1YzFhYTZkMjBlNzM1N2I2NDgwMzJhMjY4NjUxODdiODhkMmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmFklUolx9hL26A6lZw06BpY1xFqj
X6jWT7+vNcL1ZWJu220t7IK3C0qY07XOb+ppj1c0IeW3q5/J5gcNz6H/C73TdyAS
vKPS8jalnHLHG1Bo1ZOnhtUB16wB+UCul0cbVbmoK+ifsTuobl0fQW6kX7viYT3q
y3U3ed2MqpbHaV77VqC7kJR5vv1rIdJaNrPfATMlRIfWRCMSU4LGseAiSObiDA+L
0KQh7uVx2Vx8Wm11yCTSDZefbk+x+kZ4EotKAaEL0jmQVUtxr31P1RttyG/mv773
Hw8FculL7K+EWkbaz+S2166s9/yCosMxNvnjGwgToF2PCyZKejrjmJ3miwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGrVwaptIOc1e2SAMqJoZRh7iNLNMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvYXRYQnFtMGc1elY3WklBeW9taGxHSHVJMHMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhBGRgEh
MA0GCSqGSIb3DQEBCwUAA4IBAQAFJXccMkx8CyrzjHBc3gmT3zH3r6XdSq6GelLD
iGEcpJtGfNRFGhtUs6tjk8X4bibakek10GOh880a+o5IDbanXDJ3zOwNvLAq+LCl
dD0I4LkTRo+5WIysYF2JVyVi/wKFe2nrl6mq4HHnG5iC1nYw7iBTUjhEZKY+1M9S
P66C98cTtInfeNwWDYIYpKVN09tSnNgwRYQd2v3+O9WucdAqxiKbw8WNPp3GbFP4
on+T0Zm/2i7hGNAZ+0yrDfv0sR8F/NZxfHulzNLIIKn1SIq9S1RGojRvRCN3APG7
3q3nlekXCu0tnT2mxJ6HBS11mQn6vypjC8TnzYszYk/kv5zb
-----END CERTIFICATE-----