Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/iPh9Gm_B1LyR_ur5c3Zhr9_IfdI.roa
File:                     iPh9Gm_B1LyR_ur5c3Zhr9_IfdI.roa (raw, json)
Hash identifier:          ExRrWfkzBjkxRTzSvBUxw1LgTagb2b951c+fyjMxilQ=
Subject key identifier:   88:F8:7D:1A:6F:C1:D4:BC:91:FE:EA:F9:73:76:61:AF:DF:C8:7D:D2
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018D08FB91555B0BCB0418FC6423A3748254
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/iPh9Gm_B1LyR_ur5c3Zhr9_IfdI.roa
Signing time:             Sun 14 Jan 2024 17:18:40 +0000
ROA not before:           Sun 14 Jan 2024 17:18:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198831
IP address blocks:        2a10:4646:3f0::/44 maxlen: 44
                          2a10:4646:2d0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 06:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:08:fb:91:55:5b:0b:cb:04:18:fc:64:23:a3:74:82:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan 14 17:18:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88f87d1a6fc1d4bc91feeaf9737661afdfc87dd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:7f:72:38:f6:01:51:8b:9a:ce:ca:a7:fd:dc:
                    71:25:ef:d8:cf:71:a0:7c:27:b0:36:01:48:7d:38:
                    9c:5c:f2:0a:a4:4e:65:30:1e:7b:67:ed:e4:d5:0a:
                    34:90:77:51:5d:e2:ff:14:eb:3c:85:34:76:d8:86:
                    b1:73:c6:25:1e:b5:9e:b8:e3:68:cb:0b:e4:c0:f1:
                    7e:a3:3c:d9:76:e2:75:00:fb:3c:11:ec:1a:27:8e:
                    48:4f:c8:b2:8e:7d:c2:44:6e:7f:e7:89:59:3c:0b:
                    13:3e:ee:39:66:cc:17:b9:e2:eb:0a:82:23:56:c9:
                    2c:26:9d:bb:9f:55:43:1d:05:3d:8a:14:14:57:82:
                    77:8e:58:93:2d:fe:54:8c:50:a0:92:6c:d7:18:ec:
                    94:1e:c0:6e:9d:4d:98:db:2f:b8:bb:2a:12:99:74:
                    87:b6:bd:53:21:05:be:00:50:cc:17:e5:a3:87:38:
                    10:03:39:78:3e:76:46:00:6d:33:47:da:fc:ef:e9:
                    b4:9f:bf:93:a6:ad:f3:ee:11:c5:1e:91:47:6b:90:
                    33:bf:97:ef:8f:69:42:17:8c:f6:d8:e1:de:d0:70:
                    63:38:78:2d:b7:98:6e:97:fd:35:e9:24:ee:45:23:
                    3d:26:64:83:de:ab:f6:9e:21:3e:a4:1a:97:54:d9:
                    90:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:F8:7D:1A:6F:C1:D4:BC:91:FE:EA:F9:73:76:61:AF:DF:C8:7D:D2
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/iPh9Gm_B1LyR_ur5c3Zhr9_IfdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:2d0::/44
                  2a10:4646:3f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         bf:d8:3a:28:18:40:fc:40:e6:cd:b0:3a:88:77:56:b1:cb:58:
         7d:14:05:5e:1a:41:08:cc:8d:48:d6:8a:0f:69:e9:c7:25:3e:
         dc:32:58:8e:57:42:d6:46:dc:76:0f:50:33:41:9c:2e:8e:1d:
         77:b8:f9:63:fc:e5:0a:72:69:21:79:db:6a:6d:ec:30:d7:14:
         cf:af:88:e3:9b:36:4e:35:fb:f8:8f:93:44:00:ab:3b:64:af:
         7e:79:0b:1e:bd:16:4b:23:33:8e:ac:16:24:38:95:5d:77:cb:
         e8:c9:56:ef:a1:44:da:fc:4d:59:af:11:7d:d4:6b:cb:77:db:
         4d:bd:5e:d9:76:d3:08:8b:6a:f7:79:56:d9:6b:a0:fc:16:c0:
         43:74:34:59:9b:08:19:1a:26:17:38:16:ed:69:a6:a2:a0:31:
         84:ac:f1:08:7d:d0:51:19:ae:6f:21:2f:40:f2:ed:39:c5:ab:
         70:5e:6e:db:31:8f:86:8e:6b:e3:a2:84:6a:12:d4:22:a7:3d:
         3d:f3:b9:a2:2f:5f:23:cc:3b:0d:98:fa:65:0d:b3:57:1b:b5:
         10:07:de:1d:69:45:64:b9:87:e6:be:65:74:35:87:84:60:11:
         74:75:b2:b1:02:11:47:72:58:15:74:fd:f2:36:88:6f:b8:6c:
         cb:de:50:70
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY0I+5FVWwvLBBj8ZCOjdIJUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTE0MTcxODQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGY4N2QxYTZmYzFkNGJjOTFmZWVhZjk3Mzc2NjFhZmRmYzg3ZGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnX9yOPYBUYuazsqn/dxxJe/Yz3Gg
fCewNgFIfTicXPIKpE5lMB57Z+3k1Qo0kHdRXeL/FOs8hTR22Iaxc8YlHrWeuONo
ywvkwPF+ozzZduJ1APs8EewaJ45IT8iyjn3CRG5/54lZPAsTPu45ZswXueLrCoIj
VsksJp27n1VDHQU9ihQUV4J3jliTLf5UjFCgkmzXGOyUHsBunU2Y2y+4uyoSmXSH
tr1TIQW+AFDMF+WjhzgQAzl4PnZGAG0zR9r87+m0n7+Tpq3z7hHFHpFHa5Azv5fv
j2lCF4z22OHe0HBjOHgtt5hul/016STuRSM9JmSD3qv2niE+pBqXVNmQaQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIj4fRpvwdS8kf7q+XN2Ya/fyH3SMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvaVBoOUdtX0IxTHlSX3VyNWMzWmhyOV9JZmRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhBGRgLQ
AwcEKhBGRgPwMA0GCSqGSIb3DQEBCwUAA4IBAQC/2DooGED8QObNsDqId1axy1h9
FAVeGkEIzI1I1ooPaenHJT7cMliOV0LWRtx2D1AzQZwujh13uPlj/OUKcmkhedtq
beww1xTPr4jjmzZONfv4j5NEAKs7ZK9+eQsevRZLIzOOrBYkOJVdd8voyVbvoUTa
/E1ZrxF91GvLd9tNvV7ZdtMIi2r3eVbZa6D8FsBDdDRZmwgZGiYXOBbtaaaioDGE
rPEIfdBRGa5vIS9A8u05xatwXm7bMY+GjmvjooRqEtQipz0987miL18jzDsNmPpl
DbNXG7UQB94daUVkuYfmvmV0NYeEYBF0dbKxAhFHclgVdP3yNohvuGzL3lBw
-----END CERTIFICATE-----