Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/aOQKyFiKJ0TSz0BAtgFhQMfqzE0.roa
File:                     aOQKyFiKJ0TSz0BAtgFhQMfqzE0.roa (raw, json)
Hash identifier:          v/aGXNBxLJCibQvgVcVkN7DxkAUlN9cI50+V/ryNWEU=
Subject key identifier:   68:E4:0A:C8:58:8A:27:44:D2:CF:40:40:B6:01:61:40:C7:EA:CC:4D
Certificate issuer:       /CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
Certificate serial:       018CC4933B648716C8C4E1CA2A4D258CC61E
Authority key identifier: AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/aOQKyFiKJ0TSz0BAtgFhQMfqzE0.roa
Signing time:             Mon 01 Jan 2024 10:30:32 +0000
ROA not before:           Mon 01 Jan 2024 10:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58044
IP address blocks:        2a10:d182::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 07:03:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:3b:64:87:16:c8:c4:e1:ca:2a:4d:25:8c:c6:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
        Validity
            Not Before: Jan  1 10:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68e40ac8588a2744d2cf4040b6016140c7eacc4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:90:14:4c:ac:5c:ad:4d:ad:b9:00:52:db:3d:
                    9c:93:d6:0d:ba:b6:de:29:36:b8:7c:3a:13:ea:e8:
                    76:00:4e:3a:95:46:62:4b:3d:27:72:59:c8:d2:93:
                    eb:a2:58:28:b2:c2:d0:87:e1:74:01:79:23:ba:e6:
                    48:7f:01:45:ef:c3:b6:bb:9d:53:3d:28:37:70:c4:
                    1c:3d:32:1c:f3:ad:18:dd:3c:0c:b1:fc:e9:98:58:
                    d4:03:e1:8f:69:f0:24:7a:4c:2d:ee:a9:4c:d4:57:
                    6d:ec:f9:dc:9b:ce:c9:d6:23:d5:1f:62:98:c6:6d:
                    5d:6a:0e:eb:60:93:fe:2c:f5:96:56:58:07:e0:c7:
                    83:88:c1:fc:24:cb:31:f1:dd:d6:66:38:10:41:38:
                    a9:ec:4d:98:01:ef:f7:27:19:c2:55:42:70:2b:8f:
                    d8:cc:64:b3:c5:6f:ad:9f:e7:cd:aa:4e:51:32:c7:
                    5a:17:b6:80:db:b8:22:60:98:1c:8a:ac:64:51:cd:
                    3a:cb:49:6e:e1:30:26:82:e2:36:ac:87:a0:a0:9f:
                    35:fb:51:04:4a:4a:3c:b7:02:fc:d4:ec:3b:cc:ea:
                    e6:0f:ba:ed:3c:3b:dd:5b:51:40:ed:a6:73:11:ef:
                    c1:29:43:91:70:a1:10:b3:84:1b:ff:9f:e4:b8:5b:
                    d5:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:E4:0A:C8:58:8A:27:44:D2:CF:40:40:B6:01:61:40:C7:EA:CC:4D
            X509v3 Authority Key Identifier:
                keyid:AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/aOQKyFiKJ0TSz0BAtgFhQMfqzE0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:d182::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:0c:6f:fd:4f:52:b2:e3:55:75:2e:2b:d2:90:f7:d3:75:28:
         fe:3e:48:0a:d6:ae:f5:cd:a5:5f:2b:2a:5a:7f:64:c3:e5:f8:
         b2:31:60:6a:fe:67:bb:5a:34:18:bb:89:fe:1d:9f:58:70:b5:
         4a:62:42:0c:d9:01:60:17:6c:a5:47:c1:23:8b:95:a0:47:53:
         0f:16:a3:dd:87:e9:57:22:85:1a:fe:30:c4:a7:c2:da:0c:bf:
         90:85:43:66:7c:4b:0f:db:de:70:90:71:24:0f:32:4b:af:c2:
         a2:25:25:29:8f:15:3f:42:61:8e:cd:16:69:01:ef:d4:16:a9:
         47:30:90:2c:ef:49:56:73:9d:ae:53:84:36:c5:ef:3b:ec:1f:
         52:ee:11:5a:37:9f:72:be:54:00:75:5f:33:f5:82:5e:db:6b:
         6c:c3:b1:ad:ce:d8:70:41:b7:91:09:6d:5c:88:e9:72:b1:96:
         fb:25:57:07:ed:6d:7d:fe:cc:2b:bc:8a:2f:37:f4:9f:69:ac:
         1a:77:05:21:b0:0d:a3:c5:96:f4:0f:2a:28:97:d7:77:7f:ad:
         49:45:2e:15:1b:2e:03:9c:15:0d:0e:8a:4e:9f:7a:2a:3d:b4:
         5f:26:20:50:66:51:cc:4a:fa:b3:2b:b1:0f:13:27:8f:39:fe:
         ab:ec:85:4d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEkztkhxbIxOHKKk0ljMYeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNWU5M2Y5MDIzNTRjZTQ4MDRiNGNiMDQ5Y2Y2OGIyMGY3
NmFlYjIwHhcNMjQwMTAxMTAzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGU0MGFjODU4OGEyNzQ0ZDJjZjQwNDBiNjAxNjE0MGM3ZWFjYzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJAUTKxcrU2tuQBS2z2ck9YNurbe
KTa4fDoT6uh2AE46lUZiSz0nclnI0pProlgossLQh+F0AXkjuuZIfwFF78O2u51T
PSg3cMQcPTIc860Y3TwMsfzpmFjUA+GPafAkekwt7qlM1Fdt7Pncm87J1iPVH2KY
xm1dag7rYJP+LPWWVlgH4MeDiMH8JMsx8d3WZjgQQTip7E2YAe/3JxnCVUJwK4/Y
zGSzxW+tn+fNqk5RMsdaF7aA27giYJgciqxkUc06y0lu4TAmguI2rIegoJ81+1EE
Sko8twL81Ow7zOrmD7rtPDvdW1FA7aZzEe/BKUORcKEQs4Qb/5/kuFvVpwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGjkCshYiidE0s9AQLYBYUDH6sxNMB8GA1UdIwQY
MBaAFK9ek/kCNUzkgEtMsEnPaLIPdq6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWIt
N2UwNWFkMDE5MGNlLzEvYU9RS3lGaUtKMFRTejBCQXRnRmhRTWZxekUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWItN2UwNWFkMDE5MGNl
LzEvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhDRgjAN
BgkqhkiG9w0BAQsFAAOCAQEAQAxv/U9SsuNVdS4r0pD303Uo/j5ICtau9c2lXysq
Wn9kw+X4sjFgav5nu1o0GLuJ/h2fWHC1SmJCDNkBYBdspUfBI4uVoEdTDxaj3Yfp
VyKFGv4wxKfC2gy/kIVDZnxLD9vecJBxJA8yS6/CoiUlKY8VP0Jhjs0WaQHv1Bap
RzCQLO9JVnOdrlOENsXvO+wfUu4RWjefcr5UAHVfM/WCXttrbMOxrc7YcEG3kQlt
XIjpcrGW+yVXB+1tff7MK7yKLzf0n2msGncFIbANo8WW9A8qKJfXd3+tSUUuFRsu
A5wVDQ6KTp96Kj20XyYgUGZRzEr6syuxDxMnjzn+q+yFTQ==
-----END CERTIFICATE-----