Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/qzhd3xMAWAz6QI_etrK9t_rd8PE.roa
File:                     qzhd3xMAWAz6QI_etrK9t_rd8PE.roa (raw, json)
Hash identifier:          PFmVVoNMPyANa5wJtqbzOgEX/asvIg3bsXXlRPzYbwI=
Subject key identifier:   AB:38:5D:DF:13:00:58:0C:FA:40:8F:DE:B6:B2:BD:B7:FA:DD:F0:F1
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018CC4936670A08B165891DF4ACF4323EEBF
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/qzhd3xMAWAz6QI_etrK9t_rd8PE.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47400
IP address blocks:        2a10:4640:7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:66:70:a0:8b:16:58:91:df:4a:cf:43:23:ee:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab385ddf1300580cfa408fdeb6b2bdb7faddf0f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:de:e3:67:54:aa:6a:06:2c:4e:54:bc:7c:1c:
                    ef:03:65:49:a3:43:64:c0:65:ee:0b:36:d3:b7:6e:
                    1d:cf:37:1a:47:44:99:2f:05:27:c0:3c:55:17:58:
                    1d:70:2f:1a:e3:54:dd:ed:7e:d5:8a:85:01:86:fe:
                    c7:64:49:84:3b:b0:63:3e:57:31:2e:0c:68:99:0f:
                    fe:56:ce:af:8c:45:9d:15:5e:f1:27:68:19:61:95:
                    96:e0:ac:dc:80:20:72:af:9f:06:36:ad:a4:53:df:
                    64:3a:cb:14:13:e3:af:7e:4a:0b:05:d3:d8:07:33:
                    fe:46:9a:da:c8:cb:ca:6e:60:a7:0b:90:0c:d3:e4:
                    77:f1:b0:bb:57:e0:97:49:27:6e:f6:ce:48:89:6e:
                    1d:d9:75:c7:cc:06:4f:97:46:27:2a:72:79:20:1a:
                    9c:7d:7a:cf:a0:21:ce:6f:4d:52:84:cd:d6:7f:36:
                    5f:17:65:ba:01:ef:05:51:79:1f:53:25:58:65:86:
                    19:b5:c4:40:e1:b7:0b:44:d2:ec:b3:ae:7b:7c:18:
                    4e:7c:65:b6:a2:ef:80:ec:98:eb:d1:d8:6f:5b:26:
                    3b:f3:89:7e:aa:15:31:d1:c7:d0:2e:b8:ea:31:cf:
                    65:48:76:b7:eb:5a:c1:e3:0c:2c:cd:0d:e9:d2:28:
                    cc:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:38:5D:DF:13:00:58:0C:FA:40:8F:DE:B6:B2:BD:B7:FA:DD:F0:F1
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/qzhd3xMAWAz6QI_etrK9t_rd8PE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4640:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:75:bc:84:e6:35:4f:dc:aa:42:59:da:28:21:87:ca:d9:9a:
         86:ad:f1:2f:fd:63:29:33:a5:91:d3:af:ac:0a:6e:c5:29:54:
         cf:13:de:ca:1d:cf:d1:4a:20:dc:e3:3b:6a:fe:9a:e4:e2:69:
         38:4b:1c:71:e1:c1:4b:d5:55:3e:24:c5:78:98:09:d7:99:b2:
         74:42:39:58:ab:80:00:45:d0:18:d3:20:18:e1:b0:c2:57:8b:
         8d:71:cc:5c:bd:44:56:62:57:76:1c:37:2b:6a:0c:bc:9a:03:
         d8:9e:4c:ed:8b:c2:3c:05:bd:45:ed:5d:f8:b9:b6:f7:74:e3:
         0e:a4:63:68:17:17:af:62:94:b1:5a:bd:6b:22:64:cc:c4:1e:
         5a:cc:fb:63:ac:33:78:81:f4:3b:94:34:b4:f7:5b:72:f9:58:
         82:95:4e:2b:a3:b8:91:60:71:0a:da:71:24:67:b6:e1:d5:46:
         7b:b2:b4:34:4f:4e:4b:c7:ae:36:cd:ee:4d:62:10:d6:30:be:
         c7:4d:37:a8:84:df:fe:50:bc:74:30:3b:44:98:0b:00:74:10:
         a1:c0:f4:aa:53:76:19:9f:7d:82:c4:fd:c3:58:fd:72:ea:45:
         78:79:7f:98:1b:82:39:5f:3a:14:46:83:c3:bd:4d:8e:08:4b:
         e8:91:59:16
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk2ZwoIsWWJHfSs9DI+6/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjM4NWRkZjEzMDA1ODBjZmE0MDhmZGViNmIyYmRiN2ZhZGRmMGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyN7jZ1SqagYsTlS8fBzvA2VJo0Nk
wGXuCzbTt24dzzcaR0SZLwUnwDxVF1gdcC8a41Td7X7VioUBhv7HZEmEO7BjPlcx
LgxomQ/+Vs6vjEWdFV7xJ2gZYZWW4KzcgCByr58GNq2kU99kOssUE+OvfkoLBdPY
BzP+RprayMvKbmCnC5AM0+R38bC7V+CXSSdu9s5IiW4d2XXHzAZPl0YnKnJ5IBqc
fXrPoCHOb01ShM3WfzZfF2W6Ae8FUXkfUyVYZYYZtcRA4bcLRNLss657fBhOfGW2
ou+A7Jjr0dhvWyY784l+qhUx0cfQLrjqMc9lSHa361rB4wwszQ3p0ijMGwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKs4Xd8TAFgM+kCP3rayvbf63fDxMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvcXpoZDN4TUFXQXo2UUlfZXRySzl0X3JkOFBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhBGQAAH
MA0GCSqGSIb3DQEBCwUAA4IBAQAVdbyE5jVP3KpCWdooIYfK2ZqGrfEv/WMpM6WR
06+sCm7FKVTPE97KHc/RSiDc4ztq/prk4mk4Sxxx4cFL1VU+JMV4mAnXmbJ0QjlY
q4AARdAY0yAY4bDCV4uNccxcvURWYld2HDcragy8mgPYnkzti8I8Bb1F7V34ubb3
dOMOpGNoFxevYpSxWr1rImTMxB5azPtjrDN4gfQ7lDS091ty+ViClU4ro7iRYHEK
2nEkZ7bh1UZ7srQ0T05Lx642ze5NYhDWML7HTTeohN/+ULx0MDtEmAsAdBChwPSq
U3YZn32CxP3DWP1y6kV4eX+YG4I5XzoURoPDvU2OCEvokVkW
-----END CERTIFICATE-----