Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/iEvSuIhDIfxO1-tyJ6Ccnc-lg7Y.roa
File:                     iEvSuIhDIfxO1-tyJ6Ccnc-lg7Y.roa (raw, json)
Hash identifier:          M8uhmn6F+NLtKPrWx5dW5FFL0trHdn4xgQb+lh8ZqJU=
Subject key identifier:   88:4B:D2:B8:88:43:21:FC:4E:D7:EB:72:27:A0:9C:9D:CF:A5:83:B6
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018CC4936B6083D22E533A53E0EAE59D6687
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/iEvSuIhDIfxO1-tyJ6Ccnc-lg7Y.roa
Signing time:             Mon 01 Jan 2024 10:30:44 +0000
ROA not before:           Mon 01 Jan 2024 10:30:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205021
IP address blocks:        2a10:4646:1e0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:6b:60:83:d2:2e:53:3a:53:e0:ea:e5:9d:66:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  1 10:30:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=884bd2b8884321fc4ed7eb7227a09c9dcfa583b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a8:4e:90:d3:49:6d:82:a0:1b:f3:2a:41:dd:
                    da:3a:31:96:9e:21:84:f6:8f:22:70:53:94:82:ed:
                    aa:ee:5d:1b:d7:e4:71:1d:c5:38:a3:3c:62:f7:f0:
                    bd:ae:a9:12:f3:8b:61:fd:9e:17:72:c6:63:e7:78:
                    05:f6:67:fb:1f:63:d4:d5:bc:08:ba:2a:ba:9b:29:
                    2b:a4:6d:a3:d6:db:0c:3b:78:bc:f5:f8:a0:49:f8:
                    34:1d:3f:40:4f:55:38:92:5f:b3:1f:c6:80:87:cf:
                    94:40:04:c6:7d:8f:72:20:77:e7:5e:03:d3:c9:df:
                    38:bb:3e:3d:89:33:c0:ce:e8:7a:23:22:5c:61:d3:
                    aa:29:ff:42:5c:55:6d:31:75:c0:f5:b6:e4:e9:14:
                    a9:13:12:a8:54:81:07:be:c4:21:7d:32:84:f7:c1:
                    d4:1b:68:e1:20:70:35:8e:4b:bd:64:fc:ad:84:e1:
                    95:43:17:ca:19:ba:ee:a2:01:32:39:12:f8:7b:ca:
                    bc:ab:a4:7f:41:c9:80:d0:b5:12:9b:58:eb:ec:d0:
                    b0:2a:6d:28:bb:57:50:6c:4e:31:0c:5e:2a:c8:30:
                    c1:8d:07:80:92:46:be:62:6d:40:16:6a:e2:c0:73:
                    d0:d9:3a:ed:76:a4:5f:9b:42:92:d9:c0:05:39:07:
                    11:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:4B:D2:B8:88:43:21:FC:4E:D7:EB:72:27:A0:9C:9D:CF:A5:83:B6
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/iEvSuIhDIfxO1-tyJ6Ccnc-lg7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:1e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         d4:1a:d7:e4:c4:92:cb:8d:f1:b3:21:2f:b3:33:57:f5:d2:7d:
         96:a4:73:70:71:bb:5f:2c:c6:a1:64:71:92:11:3e:1b:13:9e:
         a7:ad:ad:29:53:9f:36:44:d2:6d:a7:5c:fc:a0:4c:50:e9:ee:
         36:97:c9:08:2e:8c:22:16:bf:0a:4f:3b:d1:23:f3:e6:68:db:
         80:e8:bd:36:1b:10:bf:6f:a9:ba:18:49:fb:4f:b9:8d:d7:ee:
         8b:a9:50:13:98:f9:c7:58:40:33:97:ff:eb:d0:db:5b:74:69:
         1f:4c:25:65:4f:97:f5:75:7a:38:44:4e:5b:8e:35:f6:77:84:
         13:7b:b1:72:5c:51:f6:fc:42:a1:e0:de:a9:58:b2:f3:69:38:
         d6:a6:b2:80:db:bc:78:4e:b9:fd:f3:a8:28:0c:ff:79:3a:ca:
         3b:8c:1b:aa:1d:c7:86:1e:97:3d:c9:c2:42:3e:e8:69:14:66:
         12:65:b3:f5:33:ca:66:3a:2b:78:68:4a:c6:d7:de:6d:9b:bd:
         ca:bb:89:82:39:42:ce:c8:4c:ae:33:d4:1b:66:16:b6:31:52:
         6c:de:63:8f:cf:c8:91:ed:9c:98:20:21:50:38:42:0a:d2:3e:
         4d:e8:fa:d8:33:2e:38:96:ee:75:85:67:32:bf:af:b7:f3:67:
         d8:03:7e:a3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk2tgg9IuUzpT4OrlnWaHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTAxMTAzMDQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODRiZDJiODg4NDMyMWZjNGVkN2ViNzIyN2EwOWM5ZGNmYTU4M2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsahOkNNJbYKgG/MqQd3aOjGWniGE
9o8icFOUgu2q7l0b1+RxHcU4ozxi9/C9rqkS84th/Z4XcsZj53gF9mf7H2PU1bwI
uiq6mykrpG2j1tsMO3i89figSfg0HT9AT1U4kl+zH8aAh8+UQATGfY9yIHfnXgPT
yd84uz49iTPAzuh6IyJcYdOqKf9CXFVtMXXA9bbk6RSpExKoVIEHvsQhfTKE98HU
G2jhIHA1jku9ZPythOGVQxfKGbruogEyORL4e8q8q6R/QcmA0LUSm1jr7NCwKm0o
u1dQbE4xDF4qyDDBjQeAkka+Ym1AFmriwHPQ2TrtdqRfm0KS2cAFOQcRFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIhL0riIQyH8TtfrciegnJ3PpYO2MB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvaUV2U3VJaERJZnhPMS10eUo2Q2NuYy1sZzdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgHg
MA0GCSqGSIb3DQEBCwUAA4IBAQDUGtfkxJLLjfGzIS+zM1f10n2WpHNwcbtfLMah
ZHGSET4bE56nra0pU582RNJtp1z8oExQ6e42l8kILowiFr8KTzvRI/PmaNuA6L02
GxC/b6m6GEn7T7mN1+6LqVATmPnHWEAzl//r0NtbdGkfTCVlT5f1dXo4RE5bjjX2
d4QTe7FyXFH2/EKh4N6pWLLzaTjWprKA27x4Trn986goDP95Oso7jBuqHceGHpc9
ycJCPuhpFGYSZbP1M8pmOit4aErG195tm73Ku4mCOULOyEyuM9QbZha2MVJs3mOP
z8iR7ZyYICFQOEIK0j5N6PrYMy44lu51hWcyv6+382fYA36j
-----END CERTIFICATE-----