Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/gm4tKAhXjneey7S0f4JZDHBQxoQ.roa
File:                     gm4tKAhXjneey7S0f4JZDHBQxoQ.roa (raw, json)
Hash identifier:          Ad3Dm+i+7NeJyTuFmvpaF4c2E01O5Jx7QQ62ewCSDiY=
Subject key identifier:   82:6E:2D:28:08:57:8E:77:9E:CB:B4:B4:7F:82:59:0C:70:50:C6:84
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       0194221F50D2852D2042AA6A67B89400DFF1
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/gm4tKAhXjneey7S0f4JZDHBQxoQ.roa
Signing time:             Wed 01 Jan 2025 13:47:45 +0000
ROA not before:           Wed 01 Jan 2025 13:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210743
IP address blocks:        2a10:6380::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:50:d2:85:2d:20:42:aa:6a:67:b8:94:00:df:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Jan  1 13:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=826e2d2808578e779ecbb4b47f82590c7050c684
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:4e:b0:b9:86:60:d1:8f:2d:0d:fe:db:a6:04:
                    2f:34:c4:d3:9d:60:fd:44:1f:96:47:1e:f2:c1:2f:
                    59:25:d3:40:0e:54:21:e3:a8:f2:9d:31:d6:85:09:
                    76:c7:21:c0:29:62:29:1c:bb:f8:54:b6:87:4c:40:
                    44:31:e1:bc:55:f8:fc:2a:fd:55:d4:6c:c7:cc:b4:
                    52:77:58:a5:5f:86:25:99:b0:f3:32:f5:eb:46:41:
                    84:fd:6b:4c:99:43:c1:7c:ea:27:17:3d:55:53:89:
                    64:19:14:42:73:14:80:65:45:75:11:11:70:a6:25:
                    39:65:9d:07:26:f6:e6:0c:0e:99:7c:61:6a:2e:d6:
                    1d:f9:d0:11:4c:23:2e:56:a2:1b:78:2e:54:8e:80:
                    2d:56:de:9d:eb:6d:e2:be:da:3f:30:66:a2:00:35:
                    a5:a5:dc:b7:d3:03:a5:95:de:54:b6:ab:29:47:ab:
                    c6:55:bb:16:47:4e:4b:f8:25:6d:41:38:1f:3b:1a:
                    72:96:cd:4c:4d:17:69:de:bc:17:b1:9b:a5:31:2a:
                    a7:4e:ac:64:ad:5b:5b:1c:ab:5a:ec:4e:b5:2f:a6:
                    f8:d6:63:53:bd:0b:ea:70:77:be:5f:55:08:dc:d8:
                    a4:70:53:53:df:16:85:a0:68:44:f4:94:79:59:c6:
                    a5:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:6E:2D:28:08:57:8E:77:9E:CB:B4:B4:7F:82:59:0C:70:50:C6:84
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/gm4tKAhXjneey7S0f4JZDHBQxoQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:6380::/29

    Signature Algorithm: sha256WithRSAEncryption
         a0:98:80:7f:5c:6d:62:b7:a3:b4:f6:08:8a:28:d3:61:d7:0e:
         fa:68:24:30:d1:50:6d:bd:e6:c3:90:4b:22:70:48:da:e3:be:
         31:2e:02:0f:4e:2b:e1:74:af:d6:f8:c9:d5:6a:e2:00:96:1c:
         d4:44:7f:e1:da:eb:f8:71:39:2c:58:fb:4d:d4:56:4d:78:de:
         28:7f:82:35:67:96:48:76:ae:15:7f:1d:da:f2:58:02:0a:5f:
         f0:68:7f:88:4f:a6:e3:96:9e:39:7b:6d:8d:47:bb:9e:97:53:
         92:63:05:1f:c7:d3:35:9a:9d:30:1e:65:2d:a4:a1:e1:b9:07:
         7b:b2:03:a3:c1:ab:df:c4:79:00:66:97:af:f7:d7:31:7d:88:
         4f:41:f6:f0:29:24:d0:2e:88:2a:1f:53:95:3a:23:08:8a:56:
         1b:6a:e3:b2:18:3d:58:27:bd:5a:a6:6e:0b:69:00:93:5e:6e:
         bf:c2:cc:e2:1e:be:dc:2c:f1:cf:da:03:3e:ae:c5:bc:03:2f:
         4e:9b:b7:e3:d3:25:95:66:ac:52:c5:fc:33:d7:6b:40:e3:d1:
         6f:82:56:0f:84:fc:3f:ce:cd:24:52:cf:52:74:35:fe:b4:e5:
         96:8d:b4:39:87:e4:86:2d:39:cc:05:4e:a5:2f:08:e0:3b:90:
         3e:d4:5f:18
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQiH1DShS0gQqpqZ7iUAN/xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjUwMTAxMTM0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjZlMmQyODA4NTc4ZTc3OWVjYmI0YjQ3ZjgyNTkwYzcwNTBjNjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi06wuYZg0Y8tDf7bpgQvNMTTnWD9
RB+WRx7ywS9ZJdNADlQh46jynTHWhQl2xyHAKWIpHLv4VLaHTEBEMeG8Vfj8Kv1V
1GzHzLRSd1ilX4YlmbDzMvXrRkGE/WtMmUPBfOonFz1VU4lkGRRCcxSAZUV1ERFw
piU5ZZ0HJvbmDA6ZfGFqLtYd+dARTCMuVqIbeC5UjoAtVt6d623ivto/MGaiADWl
pdy30wOlld5UtqspR6vGVbsWR05L+CVtQTgfOxpyls1MTRdp3rwXsZulMSqnTqxk
rVtbHKta7E61L6b41mNTvQvqcHe+X1UI3NikcFNT3xaFoGhE9JR5WcalgwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIJuLSgIV453nsu0tH+CWQxwUMaEMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvZ200dEtBaFhqbmVleTdTMGY0SlpESEJReG9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhBjgDAN
BgkqhkiG9w0BAQsFAAOCAQEAoJiAf1xtYrejtPYIiijTYdcO+mgkMNFQbb3mw5BL
InBI2uO+MS4CD04r4XSv1vjJ1WriAJYc1ER/4drr+HE5LFj7TdRWTXjeKH+CNWeW
SHauFX8d2vJYAgpf8Gh/iE+m45aeOXttjUe7npdTkmMFH8fTNZqdMB5lLaSh4bkH
e7IDo8Gr38R5AGaXr/fXMX2IT0H28Ckk0C6IKh9TlTojCIpWG2rjshg9WCe9WqZu
C2kAk15uv8LM4h6+3Czxz9oDPq7FvAMvTpu349MllWasUsX8M9drQOPRb4JWD4T8
P87NJFLPUnQ1/rTllo20OYfkhi05zAVOpS8I4DuQPtRfGA==
-----END CERTIFICATE-----