Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/ekXAJs9ln0KogD5rZelScpzpKw0.roa
File:                     ekXAJs9ln0KogD5rZelScpzpKw0.roa (raw, json)
Hash identifier:          z7wdq5m/icdZPGNgM/tFXqTButN0DAyz2YqjxEBbDrc=
Subject key identifier:   7A:45:C0:26:CF:65:9F:42:A8:80:3E:6B:65:E9:52:72:9C:E9:2B:0D
Certificate issuer:       /CN=947320d030930178e6f7ceef91d2ab8784d3dc16
Certificate serial:       018CC6B7DFE1428D3512EDB2A99EF8F6CABE
Authority key identifier: 94:73:20:D0:30:93:01:78:E6:F7:CE:EF:91:D2:AB:87:84:D3:DC:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lHMg0DCTAXjm987vkdKrh4TT3BY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/ekXAJs9ln0KogD5rZelScpzpKw0.roa
Signing time:             Mon 01 Jan 2024 20:29:48 +0000
ROA not before:           Mon 01 Jan 2024 20:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133398
IP address blocks:        2a10:1fc0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/lHMg0DCTAXjm987vkdKrh4TT3BY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/lHMg0DCTAXjm987vkdKrh4TT3BY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lHMg0DCTAXjm987vkdKrh4TT3BY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:df:e1:42:8d:35:12:ed:b2:a9:9e:f8:f6:ca:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=947320d030930178e6f7ceef91d2ab8784d3dc16
        Validity
            Not Before: Jan  1 20:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a45c026cf659f42a8803e6b65e952729ce92b0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:d5:e0:8e:51:b8:64:33:0c:ff:98:ac:38:1a:
                    50:0f:18:f6:62:04:eb:a0:9e:80:12:59:62:04:82:
                    07:63:d2:8b:ad:ca:c2:76:bf:0d:9b:80:37:f1:d0:
                    01:fc:f0:e3:80:ea:40:e4:e7:57:c8:52:cc:5e:7d:
                    19:23:02:6d:20:a3:c7:81:a4:53:09:4b:0b:13:5a:
                    69:51:3e:ba:71:ec:d6:21:1b:61:4a:5c:5a:a3:4e:
                    0d:53:38:84:e5:6d:85:a7:01:25:6f:2b:a2:6c:b2:
                    6b:29:8c:55:02:60:89:de:24:68:2a:4a:c0:c6:86:
                    a1:30:72:be:4e:77:57:d5:ea:47:37:2e:0a:0b:91:
                    a6:3b:ec:59:5c:fd:57:9c:1a:49:46:fe:95:90:57:
                    44:88:22:5a:53:00:9e:3e:56:e0:6a:dc:03:c8:e0:
                    82:40:28:55:9e:a1:2d:25:b3:05:d0:c0:54:4e:b5:
                    8e:98:db:cf:bb:fd:ff:4b:2e:d4:5b:6f:05:73:fb:
                    63:18:f9:23:4a:16:46:f5:43:80:9b:99:61:3d:2e:
                    57:51:95:06:fb:8a:8e:f0:37:61:a9:c9:08:47:d5:
                    4b:1d:7d:51:9a:cf:dd:64:2a:36:3d:80:32:09:21:
                    37:df:ae:eb:ea:e6:4d:0f:92:5e:e2:d7:ba:03:1e:
                    30:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:45:C0:26:CF:65:9F:42:A8:80:3E:6B:65:E9:52:72:9C:E9:2B:0D
            X509v3 Authority Key Identifier:
                keyid:94:73:20:D0:30:93:01:78:E6:F7:CE:EF:91:D2:AB:87:84:D3:DC:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lHMg0DCTAXjm987vkdKrh4TT3BY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/ekXAJs9ln0KogD5rZelScpzpKw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/lHMg0DCTAXjm987vkdKrh4TT3BY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:1fc0::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:5e:8d:4f:a8:7b:05:fc:89:50:c8:f1:6b:cb:e5:fb:33:50:
         a2:fe:5d:ba:f2:0b:04:21:eb:76:cd:24:85:28:a5:bc:4c:df:
         3a:e0:df:a0:8b:4f:f1:9b:3f:6a:cc:d0:6d:68:1c:44:3d:01:
         f0:c3:78:ef:9f:c5:d8:b5:6d:f2:a8:31:82:c1:3a:ae:07:ba:
         b8:45:7f:bc:0c:8a:7e:93:32:22:9b:d4:2f:fa:93:c7:51:08:
         5c:ef:d1:80:5e:32:87:30:2b:37:08:c9:a5:40:9b:3b:fa:94:
         5d:39:d6:08:cb:a1:87:ee:ca:90:0a:d5:91:99:c4:1c:fc:62:
         62:2c:35:f0:f6:26:1d:dd:0f:64:51:e6:b3:70:ad:3c:38:a2:
         46:04:a8:3f:10:2b:b1:4f:63:34:6d:3e:03:c7:96:75:be:65:
         29:98:97:99:4b:b8:ad:1e:5f:a9:70:f5:22:d1:9e:aa:9f:48:
         de:c7:94:1c:29:41:ee:79:c1:76:5c:4d:a4:22:7e:0e:93:43:
         35:32:1d:f7:52:bf:fe:2a:39:b9:e0:09:40:ea:99:dd:45:72:
         35:23:e0:18:f1:ca:58:31:60:1e:99:8c:dd:e6:8e:a8:a4:8a:
         c8:d7:a6:12:0b:7d:be:96:e6:56:79:86:31:b8:f0:8a:dd:4f:
         38:7e:b6:d4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGt9/hQo01Eu2yqZ749sq+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0NzMyMGQwMzA5MzAxNzhlNmY3Y2VlZjkxZDJhYjg3ODRk
M2RjMTYwHhcNMjQwMTAxMjAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTQ1YzAyNmNmNjU5ZjQyYTg4MDNlNmI2NWU5NTI3MjljZTkyYjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtXgjlG4ZDMM/5isOBpQDxj2YgTr
oJ6AElliBIIHY9KLrcrCdr8Nm4A38dAB/PDjgOpA5OdXyFLMXn0ZIwJtIKPHgaRT
CUsLE1ppUT66cezWIRthSlxao04NUziE5W2FpwElbyuibLJrKYxVAmCJ3iRoKkrA
xoahMHK+TndX1epHNy4KC5GmO+xZXP1XnBpJRv6VkFdEiCJaUwCePlbgatwDyOCC
QChVnqEtJbMF0MBUTrWOmNvPu/3/Sy7UW28Fc/tjGPkjShZG9UOAm5lhPS5XUZUG
+4qO8DdhqckIR9VLHX1Rms/dZCo2PYAyCSE3367r6uZND5Je4te6Ax4wGQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHpFwCbPZZ9CqIA+a2XpUnKc6SsNMB8GA1UdIwQY
MBaAFJRzINAwkwF45vfO75HSq4eE09wWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEhNZzBEQ1RBWGptOTg3dmtkS3JoNFRUM0JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC84MmU4NzYtYzk5Ny00NjA1LTg3YWEt
OGFjNGEyMTkzOGI0LzEvZWtYQUpzOWxuMEtvZ0Q1clplbFNjcHpwS3cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC84MmU4NzYtYzk5Ny00NjA1LTg3YWEtOGFjNGEyMTkzOGI0
LzEvbEhNZzBEQ1RBWGptOTg3dmtkS3JoNFRUM0JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAfwAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA1Xo1PqHsF/IlQyPFry+X7M1Ci/l268gsEIet2
zSSFKKW8TN864N+gi0/xmz9qzNBtaBxEPQHww3jvn8XYtW3yqDGCwTquB7q4RX+8
DIp+kzIim9Qv+pPHUQhc79GAXjKHMCs3CMmlQJs7+pRdOdYIy6GH7sqQCtWRmcQc
/GJiLDXw9iYd3Q9kUeazcK08OKJGBKg/ECuxT2M0bT4Dx5Z1vmUpmJeZS7itHl+p
cPUi0Z6qn0jex5QcKUHuecF2XE2kIn4Ok0M1Mh33Ur/+Kjm54AlA6pndRXI1I+AY
8cpYMWAemYzd5o6opIrI16YSC32+luZWeYYxuPCK3U84frbU
-----END CERTIFICATE-----