Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/hHTgdPedZHUDy9wunq9iYzct0lg.roa
File:                     hHTgdPedZHUDy9wunq9iYzct0lg.roa (raw, json)
Hash identifier:          5YVZZE+j5x1GyoQN/5CkVkHZzRH84HOGc7wWf0wiF8c=
Subject key identifier:   84:74:E0:74:F7:9D:64:75:03:CB:DC:2E:9E:AF:62:63:37:2D:D2:58
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018CC4936E2338E21BA11DE52CA4E33B9AA4
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/hHTgdPedZHUDy9wunq9iYzct0lg.roa
Signing time:             Mon 01 Jan 2024 10:30:45 +0000
ROA not before:           Mon 01 Jan 2024 10:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210864
IP address blocks:        2a10:4646:a0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6e:23:38:e2:1b:a1:1d:e5:2c:a4:e3:3b:9a:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  1 10:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8474e074f79d647503cbdc2e9eaf6263372dd258
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:95:ac:40:21:31:00:bb:0f:6d:99:bb:ff:de:
                    48:c6:bd:29:d6:67:28:b4:c5:cc:ad:e5:06:4b:83:
                    86:49:17:1e:24:39:d5:77:32:6f:f7:c3:fe:69:2b:
                    8c:58:19:24:67:fe:b7:4b:eb:df:1a:41:2d:12:2c:
                    bc:16:ae:5b:d5:0c:63:94:4c:ec:0d:03:05:fa:fd:
                    bb:83:18:d2:82:1b:de:52:bf:d4:1e:64:a1:a0:c2:
                    64:2e:54:42:1d:86:6b:0d:36:77:f7:33:b1:b6:3d:
                    d5:39:50:63:a5:7b:73:5e:9d:c6:ae:26:6a:e8:39:
                    bb:29:71:b6:59:cc:d9:ab:94:2b:e7:ee:39:42:73:
                    e9:a0:db:39:7f:d7:36:4b:4c:97:1a:5b:ee:14:49:
                    18:87:ae:0f:1a:3d:92:62:08:bb:41:88:65:a3:dc:
                    7c:68:48:37:5f:9c:f1:11:27:dd:50:3f:9f:4b:51:
                    f3:06:36:04:47:25:f7:14:f5:73:c6:cb:7a:db:75:
                    16:02:cd:d2:48:15:0c:45:1b:22:c7:3f:04:99:0c:
                    6a:1d:35:9d:0a:ce:42:c9:86:a5:8c:86:c7:7b:6d:
                    26:8d:fa:21:d1:6c:ab:46:33:c8:8c:fc:25:81:e7:
                    72:18:96:89:8a:0a:48:ed:18:4a:83:a4:0b:90:7e:
                    ec:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:74:E0:74:F7:9D:64:75:03:CB:DC:2E:9E:AF:62:63:37:2D:D2:58
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/hHTgdPedZHUDy9wunq9iYzct0lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         70:6f:22:0a:a0:4c:f8:35:f9:41:06:23:a4:58:4e:ac:8c:46:
         cc:ee:02:f1:b4:bf:9f:58:0c:03:bb:6e:61:5e:55:69:b1:39:
         11:a0:30:2f:5d:fd:ef:e2:7e:11:a0:c0:59:47:44:b6:36:a9:
         53:50:25:e7:09:1d:40:40:3d:b6:ff:91:29:f3:b6:bb:72:c4:
         be:57:f7:cc:ea:f6:9f:fe:d0:b3:76:70:62:91:60:39:21:c1:
         03:76:d3:8b:d7:fe:80:58:26:83:c4:d1:f2:99:ca:68:a3:bf:
         1f:d0:44:92:88:9a:8d:9b:cf:f0:2f:29:e8:44:b6:15:2a:55:
         84:66:37:80:b3:72:6a:79:d0:9b:01:6b:29:78:0f:43:da:0e:
         dd:0f:f8:02:1a:08:8d:47:57:11:77:12:79:f9:ff:eb:f4:b0:
         09:4a:71:e7:43:93:4d:e0:6c:b7:18:b7:f0:e5:35:3b:34:5c:
         05:bf:f6:3e:71:c2:71:c4:3a:0d:90:de:e3:b4:a6:2b:0c:37:
         4e:74:c7:cc:85:11:fe:c2:54:fb:59:b2:98:7c:f2:e6:2b:3b:
         c4:a5:b3:c7:d8:68:f3:30:8f:82:3e:84:3b:57:c5:90:5c:b0:
         33:ad:55:da:7a:3a:08:d3:51:e9:38:a1:ac:33:b8:40:ba:4f:
         15:4a:57:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk24jOOIboR3lLKTjO5qkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTAxMTAzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDc0ZTA3NGY3OWQ2NDc1MDNjYmRjMmU5ZWFmNjI2MzM3MmRkMjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJWsQCExALsPbZm7/95Ixr0p1mco
tMXMreUGS4OGSRceJDnVdzJv98P+aSuMWBkkZ/63S+vfGkEtEiy8Fq5b1QxjlEzs
DQMF+v27gxjSghveUr/UHmShoMJkLlRCHYZrDTZ39zOxtj3VOVBjpXtzXp3GriZq
6Dm7KXG2WczZq5Qr5+45QnPpoNs5f9c2S0yXGlvuFEkYh64PGj2SYgi7QYhlo9x8
aEg3X5zxESfdUD+fS1HzBjYERyX3FPVzxst623UWAs3SSBUMRRsixz8EmQxqHTWd
Cs5CyYaljIbHe20mjfoh0WyrRjPIjPwlgedyGJaJigpI7RhKg6QLkH7s2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIR04HT3nWR1A8vcLp6vYmM3LdJYMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvaEhUZ2RQZWRaSFVEeTl3dW5xOWlZemN0MGxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgCg
MA0GCSqGSIb3DQEBCwUAA4IBAQBwbyIKoEz4NflBBiOkWE6sjEbM7gLxtL+fWAwD
u25hXlVpsTkRoDAvXf3v4n4RoMBZR0S2NqlTUCXnCR1AQD22/5Ep87a7csS+V/fM
6vaf/tCzdnBikWA5IcEDdtOL1/6AWCaDxNHymcpoo78f0ESSiJqNm8/wLynoRLYV
KlWEZjeAs3JqedCbAWspeA9D2g7dD/gCGgiNR1cRdxJ5+f/r9LAJSnHnQ5NN4Gy3
GLfw5TU7NFwFv/Y+ccJxxDoNkN7jtKYrDDdOdMfMhRH+wlT7WbKYfPLmKzvEpbPH
2GjzMI+CPoQ7V8WQXLAzrVXaejoI01HpOKGsM7hAuk8VSleW
-----END CERTIFICATE-----