Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/294Q1xAZx-8i9AIz4EXQkmB-MxQ.roa
File:                     294Q1xAZx-8i9AIz4EXQkmB-MxQ.roa (raw, json)
Hash identifier:          Ti5U8c8kdCWAHPRpyYCMAjHbGo2ssgQ6ZuBNONr3+LU=
Subject key identifier:   DB:DE:10:D7:10:19:C7:EF:22:F4:02:33:E0:45:D0:92:60:7E:33:14
Certificate issuer:       /CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
Certificate serial:       018CC8DF0C6AEC4E3DC6C82BF8B6BBF56AC9
Authority key identifier: 42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/294Q1xAZx-8i9AIz4EXQkmB-MxQ.roa
Signing time:             Tue 02 Jan 2024 06:31:50 +0000
ROA not before:           Tue 02 Jan 2024 06:31:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215877
IP address blocks:        2a10:e300:fff0::/48 maxlen: 48
                          2a10:e300:fff1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:0c:6a:ec:4e:3d:c6:c8:2b:f8:b6:bb:f5:6a:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4292b5da4b4ffeaf720649518fbaaa10c5cb2811
        Validity
            Not Before: Jan  2 06:31:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbde10d71019c7ef22f40233e045d092607e3314
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:86:62:e7:e8:e3:13:e0:f3:02:f0:8f:5c:de:
                    e1:93:6d:1c:aa:1b:87:46:81:ad:e2:19:51:bf:21:
                    85:a3:ec:75:0f:8b:5a:ea:1c:df:4a:8b:82:2f:86:
                    a7:65:d5:bd:97:72:bd:e3:cd:63:0b:82:84:d0:0c:
                    69:5e:c7:24:13:8a:ba:38:55:66:c6:70:05:7e:ab:
                    03:95:17:77:6b:6d:8b:b5:f0:17:23:e0:45:8f:6b:
                    05:db:83:b7:89:a9:80:91:30:7a:0d:cb:4d:80:74:
                    52:dd:3d:0a:20:13:f2:0e:ec:80:79:f3:e2:08:0d:
                    0a:f9:7b:50:92:35:6c:84:4f:d9:8a:fd:6e:f2:02:
                    2a:8d:e0:2e:f9:a4:89:9f:85:20:9e:e7:77:1a:37:
                    5f:a8:7a:b1:2b:62:73:57:bd:af:0a:07:ec:c4:43:
                    ce:16:2d:d1:5a:3e:46:6a:1b:8e:f3:33:fc:3e:f8:
                    fc:d6:5d:03:b5:43:40:4b:ab:99:a5:5c:ca:0e:5f:
                    bf:c7:0f:c6:ec:e3:dd:42:4c:5e:85:f2:16:88:53:
                    da:85:1c:24:1a:5b:fe:a9:f1:c2:75:7d:3d:8f:f4:
                    46:a8:ef:b9:22:21:d4:99:0f:02:c4:19:ed:bf:53:
                    59:ba:00:aa:10:60:50:67:2a:6d:b2:a0:81:29:cf:
                    ec:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:DE:10:D7:10:19:C7:EF:22:F4:02:33:E0:45:D0:92:60:7E:33:14
            X509v3 Authority Key Identifier:
                keyid:42:92:B5:DA:4B:4F:FE:AF:72:06:49:51:8F:BA:AA:10:C5:CB:28:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpK12ktP_q9yBklRj7qqEMXLKBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/294Q1xAZx-8i9AIz4EXQkmB-MxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/4522fb-c1da-4ccc-a7c7-a043e1b67b94/1/QpK12ktP_q9yBklRj7qqEMXLKBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:e300:fff0::/47

    Signature Algorithm: sha256WithRSAEncryption
         c2:c1:4b:92:7b:25:a5:54:e3:45:bb:7b:2a:f0:61:04:22:fd:
         5f:75:68:19:ed:75:0f:7d:5b:8b:d5:20:ac:00:45:2e:91:ad:
         5e:9e:a9:22:82:29:5f:4f:75:32:e4:a8:a3:92:a5:d8:8b:56:
         ba:cc:f3:f3:13:c7:70:ea:17:ce:6d:1c:f6:28:b7:e1:99:4b:
         d8:48:24:b4:41:a3:b4:c6:81:c7:76:1e:0d:2b:c8:93:60:e8:
         0d:0a:4f:01:06:f8:31:89:85:46:e5:33:73:04:a9:51:23:32:
         b0:60:50:bc:2d:a8:80:14:ce:28:9a:1d:96:79:ff:26:4d:bc:
         d8:1d:b3:b2:3c:f2:77:1b:19:4a:a4:69:ed:1e:8d:1f:51:3a:
         ef:a3:e7:91:77:f8:a4:ee:71:34:9e:27:a0:cd:4a:9b:14:84:
         c6:39:be:d1:dd:8f:76:95:8c:8d:45:1d:ce:ed:f2:21:90:87:
         55:50:05:95:70:ea:0a:76:91:67:77:b0:e6:0d:2c:98:b5:90:
         95:d8:de:85:4a:18:ce:1f:33:b6:43:bd:2a:67:3a:1d:5b:ae:
         fd:ec:7b:9d:b2:f7:03:16:9d:0e:49:90:2c:14:e2:d4:6d:fc:
         c6:16:61:cf:16:b7:d1:b6:18:92:b2:a9:32:f8:aa:5f:27:0c:
         93:19:75:8e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzI3wxq7E49xsgr+La79WrJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTJiNWRhNGI0ZmZlYWY3MjA2NDk1MThmYmFhYTEwYzVj
YjI4MTEwHhcNMjQwMTAyMDYzMTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmRlMTBkNzEwMTljN2VmMjJmNDAyMzNlMDQ1ZDA5MjYwN2UzMzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYZi5+jjE+DzAvCPXN7hk20cqhuH
RoGt4hlRvyGFo+x1D4ta6hzfSouCL4anZdW9l3K9481jC4KE0AxpXsckE4q6OFVm
xnAFfqsDlRd3a22LtfAXI+BFj2sF24O3iamAkTB6DctNgHRS3T0KIBPyDuyAefPi
CA0K+XtQkjVshE/Ziv1u8gIqjeAu+aSJn4Ugnud3GjdfqHqxK2JzV72vCgfsxEPO
Fi3RWj5GahuO8zP8Pvj81l0DtUNAS6uZpVzKDl+/xw/G7OPdQkxehfIWiFPahRwk
Glv+qfHCdX09j/RGqO+5IiHUmQ8CxBntv1NZugCqEGBQZyptsqCBKc/sOQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNveENcQGcfvIvQCM+BF0JJgfjMUMB8GA1UdIwQY
MBaAFEKStdpLT/6vcgZJUY+6qhDFyygRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3Yzct
YTA0M2UxYjY3Yjk0LzEvMjk0UTF4QVp4LThpOUFJejRFWFFrbUItTXhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80NTIyZmItYzFkYS00Y2NjLWE3YzctYTA0M2UxYjY3Yjk0
LzEvUXBLMTJrdFBfcTl5QmtsUmo3cXFFTVhMS0JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhDjAP/w
MA0GCSqGSIb3DQEBCwUAA4IBAQDCwUuSeyWlVONFu3sq8GEEIv1fdWgZ7XUPfVuL
1SCsAEUuka1enqkigilfT3Uy5KijkqXYi1a6zPPzE8dw6hfObRz2KLfhmUvYSCS0
QaO0xoHHdh4NK8iTYOgNCk8BBvgxiYVG5TNzBKlRIzKwYFC8LaiAFM4omh2Wef8m
TbzYHbOyPPJ3GxlKpGntHo0fUTrvo+eRd/ik7nE0niegzUqbFITGOb7R3Y92lYyN
RR3O7fIhkIdVUAWVcOoKdpFnd7DmDSyYtZCV2N6FShjOHzO2Q70qZzodW6797Hud
svcDFp0OSZAsFOLUbfzGFmHPFrfRthiSsqky+KpfJwyTGXWO
-----END CERTIFICATE-----