Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/vLZlHOG4tSA3dvJ31WmylQNj3LY.roa
File:                     vLZlHOG4tSA3dvJ31WmylQNj3LY.roa (raw, json)
Hash identifier:          Wr74ITK6NprB/DJTmtkPpmmk+vDJnLIrgSyPrGqgpgo=
Subject key identifier:   BC:B6:65:1C:E1:B8:B5:20:37:76:F2:77:D5:69:B2:95:03:63:DC:B6
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018CC493664266D653266BDB7B68844501FB
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/vLZlHOG4tSA3dvJ31WmylQNj3LY.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47157
IP address blocks:        2a10:4646:13::/48 maxlen: 48
                          2a10:4646:12::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 04:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:66:42:66:d6:53:26:6b:db:7b:68:84:45:01:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bcb6651ce1b8b5203776f277d569b2950363dcb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9e:6e:5f:80:97:07:79:dc:88:3e:45:55:21:
                    a8:cb:ae:10:e1:a6:ef:f1:99:72:b6:a3:75:18:cd:
                    fc:87:d7:4c:cb:a4:93:b8:ea:2f:23:9d:fd:60:57:
                    f1:1b:b2:a4:55:5f:c3:cb:88:0f:2b:ac:c8:ed:b2:
                    dc:e6:8e:c1:90:4a:94:09:e9:b3:58:d6:a9:a9:75:
                    cf:21:0b:e3:20:5e:88:79:ad:5b:22:23:ec:ee:ce:
                    41:1c:4b:3e:d8:7c:82:93:f7:c0:c3:57:e8:5f:25:
                    01:c3:75:b7:e0:ac:bc:42:8f:14:5d:aa:ed:10:ba:
                    06:4a:5f:8c:2f:87:44:21:4b:f6:26:06:74:3d:ef:
                    ad:a5:13:86:86:5a:a4:68:53:b8:e3:8b:df:e5:fa:
                    9c:c6:48:f9:b5:4a:b6:7b:a0:db:0e:f6:36:15:a0:
                    84:74:bc:d8:63:6b:bd:9e:90:7c:0d:7e:a5:d3:72:
                    b8:d0:48:4a:bb:ae:53:89:4c:58:41:40:fe:73:17:
                    ca:77:c7:ed:32:fc:30:8f:0e:b5:3e:0a:22:d7:bc:
                    cc:66:02:9f:5b:4e:6c:fb:37:b6:2c:f3:f1:1e:3f:
                    e9:98:79:32:80:bd:36:63:12:f6:ff:c4:a5:d2:d9:
                    e2:47:b1:a2:d5:5a:4e:83:7f:08:79:ed:20:e2:56:
                    80:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:B6:65:1C:E1:B8:B5:20:37:76:F2:77:D5:69:B2:95:03:63:DC:B6
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/vLZlHOG4tSA3dvJ31WmylQNj3LY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:12::/47

    Signature Algorithm: sha256WithRSAEncryption
         5c:54:ad:09:6c:3e:d9:e4:96:f7:2f:24:60:0a:39:f6:c5:ae:
         39:ac:b9:9a:3d:5a:ed:90:f6:0f:e3:a3:1f:15:72:8b:a0:27:
         1a:06:29:80:16:aa:18:b0:08:6e:ba:31:34:f4:f9:bf:cc:00:
         da:16:27:b2:fb:67:e5:81:40:68:3f:bb:ab:a6:81:9d:40:e5:
         a9:18:e2:58:84:41:e4:9a:95:24:44:b6:46:e5:10:52:7f:1d:
         ae:97:b6:95:64:68:a9:db:9a:f5:83:b9:28:a3:e9:f9:cc:6f:
         d0:5d:98:e5:56:35:e8:64:54:d6:6a:16:68:c1:29:c1:10:39:
         d6:94:e3:3b:6a:a2:9d:76:b6:83:73:70:a2:ec:4f:19:f5:70:
         27:54:16:99:64:04:83:0a:5c:6a:31:f0:28:4b:28:67:ab:e3:
         59:aa:9e:c3:fb:fe:d1:29:1f:aa:08:46:b2:8d:9f:e6:28:99:
         14:5b:0d:70:65:60:be:3c:b0:64:4b:8e:a6:ea:94:2f:51:eb:
         ef:fe:65:e5:89:a6:6e:20:77:a7:c2:ab:a0:93:5d:7c:5a:ca:
         46:68:b9:1f:43:bf:b1:e1:c7:7f:e6:76:4b:9d:7e:0e:96:f8:
         e6:67:3e:09:91:ea:7c:39:2e:0e:e2:72:59:6d:33:c7:df:c0:
         3e:79:65:e1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk2ZCZtZTJmvbe2iERQH7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2I2NjUxY2UxYjhiNTIwMzc3NmYyNzdkNTY5YjI5NTAzNjNkY2I2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJ5uX4CXB3nciD5FVSGoy64Q4abv
8ZlytqN1GM38h9dMy6STuOovI539YFfxG7KkVV/Dy4gPK6zI7bLc5o7BkEqUCemz
WNapqXXPIQvjIF6Iea1bIiPs7s5BHEs+2HyCk/fAw1foXyUBw3W34Ky8Qo8UXart
ELoGSl+ML4dEIUv2JgZ0Pe+tpROGhlqkaFO444vf5fqcxkj5tUq2e6DbDvY2FaCE
dLzYY2u9npB8DX6l03K40EhKu65TiUxYQUD+cxfKd8ftMvwwjw61Pgoi17zMZgKf
W05s+ze2LPPxHj/pmHkygL02YxL2/8Sl0tniR7Gi1VpOg38Iee0g4laAmwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLy2ZRzhuLUgN3byd9VpspUDY9y2MB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvdkxabEhPRzR0U0EzZHZKMzFXbXlsUU5qM0xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhBGRgAS
MA0GCSqGSIb3DQEBCwUAA4IBAQBcVK0JbD7Z5Jb3LyRgCjn2xa45rLmaPVrtkPYP
46MfFXKLoCcaBimAFqoYsAhuujE09Pm/zADaFiey+2flgUBoP7urpoGdQOWpGOJY
hEHkmpUkRLZG5RBSfx2ul7aVZGip25r1g7koo+n5zG/QXZjlVjXoZFTWahZowSnB
EDnWlOM7aqKddraDc3Ci7E8Z9XAnVBaZZASDClxqMfAoSyhnq+NZqp7D+/7RKR+q
CEayjZ/mKJkUWw1wZWC+PLBkS46m6pQvUevv/mXliaZuIHenwqugk118WspGaLkf
Q7+x4cd/5nZLnX4OlvjmZz4Jkep8OS4O4nJZbTPH38A+eWXh
-----END CERTIFICATE-----