Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/bB1W4T1j8ng5UX3xZZGrl7VStto.roa
File:                     bB1W4T1j8ng5UX3xZZGrl7VStto.roa (raw, json)
Hash identifier:          F4CPPJRv8Vp4LIOFwUYawrUY3B/kta/9oUzK3aa0Wcc=
Subject key identifier:   6C:1D:56:E1:3D:63:F2:78:39:51:7D:F1:65:91:AB:97:B5:52:B6:DA
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018CC4936CA277DD6EF66D3F94F07EA4921B
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/bB1W4T1j8ng5UX3xZZGrl7VStto.roa
Signing time:             Mon 01 Jan 2024 10:30:45 +0000
ROA not before:           Mon 01 Jan 2024 10:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208796
IP address blocks:        2a10:4646:270::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6c:a2:77:dd:6e:f6:6d:3f:94:f0:7e:a4:92:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  1 10:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6c1d56e13d63f27839517df16591ab97b552b6da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e4:22:e6:d5:d0:4e:ee:5d:c3:4b:03:80:6e:
                    61:c9:36:59:5a:ab:73:6a:ca:a4:02:2e:ff:89:d6:
                    8b:e6:14:06:db:74:9d:79:11:c3:c7:83:f8:d8:04:
                    c4:58:98:53:e2:ac:4d:1a:cd:cb:12:e9:e4:7f:16:
                    62:8e:b2:24:59:65:63:b2:ec:51:68:cb:69:e7:e3:
                    9c:6b:6e:03:51:f2:0d:d5:e6:0c:21:b4:26:37:8f:
                    20:37:4a:6a:ab:50:de:c0:2f:b9:9e:6c:e2:1d:97:
                    17:77:1e:c1:c4:02:e6:37:59:46:c2:bf:e5:bf:ba:
                    2f:39:ab:91:de:35:73:c6:50:5e:02:0d:bd:4c:f3:
                    23:98:97:ed:f1:d4:6e:3c:31:a7:4e:75:bc:aa:81:
                    7f:57:a4:29:c8:05:db:21:68:a8:0d:58:b7:96:44:
                    23:b6:79:38:ec:e3:b2:f6:43:76:01:3d:15:51:b6:
                    e9:94:48:56:c3:aa:33:c2:7b:97:8e:73:6f:f0:64:
                    94:fe:d0:89:4d:82:13:fd:0d:59:2c:03:41:89:df:
                    9d:49:bd:0e:01:50:c0:cf:c9:bc:41:9f:47:e5:81:
                    29:55:4c:ee:93:45:e0:8e:73:fb:01:44:42:fe:12:
                    0d:65:5f:c4:90:fb:76:b0:59:82:df:cb:38:84:76:
                    d4:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:1D:56:E1:3D:63:F2:78:39:51:7D:F1:65:91:AB:97:B5:52:B6:DA
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/bB1W4T1j8ng5UX3xZZGrl7VStto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:270::/44

    Signature Algorithm: sha256WithRSAEncryption
         69:a2:1a:b8:44:80:17:9a:6a:2b:dc:b3:27:3e:d3:70:08:30:
         2d:b6:34:be:48:04:d6:b1:9b:55:e4:0b:37:87:3a:2f:3d:2b:
         b8:93:e0:f5:e3:3d:1c:c9:b9:15:5d:00:d1:50:c3:04:de:af:
         78:b4:ea:a5:28:09:a7:90:c3:3f:8b:d0:42:97:3f:89:0b:d9:
         75:b6:04:30:6c:23:4f:7b:84:cf:db:21:c8:81:b4:2f:ca:39:
         89:b9:0a:82:f1:54:9f:13:27:e4:6a:e3:8f:81:bf:e5:45:d8:
         1a:23:7c:ef:c9:cd:8c:d0:93:76:e2:14:2d:0e:38:b8:d8:20:
         a3:18:66:b0:d9:1b:ce:84:c6:9e:f9:3f:2d:95:7d:78:4e:c0:
         e5:9d:94:38:b8:71:e8:64:8b:13:6b:63:c5:dd:e3:bd:3a:20:
         7f:de:bf:c3:6a:de:81:e2:ea:32:26:f9:e7:dd:27:3a:ba:f5:
         32:8c:f7:e8:5b:0b:93:08:0e:40:77:14:d9:12:82:4a:9e:2c:
         4e:d0:89:12:49:c6:f9:83:d0:77:99:f6:d7:81:03:6b:39:42:
         19:00:e3:53:3e:f4:aa:14:89:89:70:05:d5:0e:be:02:c1:5f:
         42:c2:65:26:02:39:2f:f2:22:82:a4:14:71:cc:97:40:60:83:
         af:e9:7f:6a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk2yid91u9m0/lPB+pJIbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTAxMTAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzFkNTZlMTNkNjNmMjc4Mzk1MTdkZjE2NTkxYWI5N2I1NTJiNmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOQi5tXQTu5dw0sDgG5hyTZZWqtz
asqkAi7/idaL5hQG23SdeRHDx4P42ATEWJhT4qxNGs3LEunkfxZijrIkWWVjsuxR
aMtp5+Oca24DUfIN1eYMIbQmN48gN0pqq1DewC+5nmziHZcXdx7BxALmN1lGwr/l
v7ovOauR3jVzxlBeAg29TPMjmJft8dRuPDGnTnW8qoF/V6QpyAXbIWioDVi3lkQj
tnk47OOy9kN2AT0VUbbplEhWw6ozwnuXjnNv8GSU/tCJTYIT/Q1ZLANBid+dSb0O
AVDAz8m8QZ9H5YEpVUzuk0XgjnP7AURC/hINZV/EkPt2sFmC38s4hHbUcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGwdVuE9Y/J4OVF98WWRq5e1UrbaMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvYkIxVzRUMWo4bmc1VVgzeFpaR3JsN1ZTdHRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgJw
MA0GCSqGSIb3DQEBCwUAA4IBAQBpohq4RIAXmmor3LMnPtNwCDAttjS+SATWsZtV
5As3hzovPSu4k+D14z0cybkVXQDRUMME3q94tOqlKAmnkMM/i9BClz+JC9l1tgQw
bCNPe4TP2yHIgbQvyjmJuQqC8VSfEyfkauOPgb/lRdgaI3zvyc2M0JN24hQtDji4
2CCjGGaw2RvOhMae+T8tlX14TsDlnZQ4uHHoZIsTa2PF3eO9OiB/3r/Dat6B4uoy
Jvnn3Sc6uvUyjPfoWwuTCA5AdxTZEoJKnixO0IkSScb5g9B3mfbXgQNrOUIZAONT
PvSqFImJcAXVDr4CwV9CwmUmAjkv8iKCpBRxzJdAYIOv6X9q
-----END CERTIFICATE-----