Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/uaEB4-lTmaTjqs5M5wB5QXYtgSI.roa
File:                     uaEB4-lTmaTjqs5M5wB5QXYtgSI.roa (raw, json)
Hash identifier:          MIkS+VNSrNsz8TgRMmQNoTDvCDL+nRHCyaH79hCqt7U=
Subject key identifier:   B9:A1:01:E3:E9:53:99:A4:E3:AA:CE:4C:E7:00:79:41:76:2D:81:22
Certificate issuer:       /CN=947320d030930178e6f7ceef91d2ab8784d3dc16
Certificate serial:       018CC6B7E036C641DDBBFCAE229015C683C1
Authority key identifier: 94:73:20:D0:30:93:01:78:E6:F7:CE:EF:91:D2:AB:87:84:D3:DC:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lHMg0DCTAXjm987vkdKrh4TT3BY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/uaEB4-lTmaTjqs5M5wB5QXYtgSI.roa
Signing time:             Mon 01 Jan 2024 20:29:48 +0000
ROA not before:           Mon 01 Jan 2024 20:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206446
IP address blocks:        2a10:1fc0:d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/lHMg0DCTAXjm987vkdKrh4TT3BY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/lHMg0DCTAXjm987vkdKrh4TT3BY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lHMg0DCTAXjm987vkdKrh4TT3BY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:e0:36:c6:41:dd:bb:fc:ae:22:90:15:c6:83:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=947320d030930178e6f7ceef91d2ab8784d3dc16
        Validity
            Not Before: Jan  1 20:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9a101e3e95399a4e3aace4ce7007941762d8122
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:b7:6d:c0:d3:3b:65:29:f6:2c:af:0b:b5:86:
                    01:74:5f:b3:78:13:be:c0:ba:5e:09:1b:69:2a:36:
                    37:f9:cd:4b:a5:07:02:b6:84:fc:41:cf:fc:4b:35:
                    68:92:9a:8b:c4:88:8d:1b:36:6f:e8:56:d4:fd:69:
                    58:de:70:0f:06:28:5d:48:a0:d2:58:d6:a3:f6:b5:
                    74:d4:66:53:ec:12:d8:31:90:40:c1:57:35:ac:ba:
                    6d:2a:fd:69:5c:52:1e:14:87:99:86:e4:74:6b:08:
                    d0:f7:46:20:76:bf:1d:9a:69:d4:19:4d:88:72:45:
                    7a:f2:94:3a:68:e2:a6:3d:5f:d9:b0:ef:ce:b0:35:
                    72:03:b7:78:af:ec:59:9f:86:36:b2:7b:20:27:5b:
                    cb:d6:c9:4b:73:2c:de:60:af:85:1a:77:c4:9d:1a:
                    87:4d:d9:65:e8:38:b7:10:67:28:cc:41:d5:8e:85:
                    f4:a8:f8:75:46:1e:b8:b0:97:ce:13:3d:45:29:90:
                    31:1e:5f:6c:8a:54:46:e2:10:ce:ab:5c:49:f6:6c:
                    9f:06:28:1c:30:ae:46:f7:35:c2:6d:da:6b:56:b7:
                    a2:cc:0f:75:b0:5a:42:0d:ee:03:de:8e:28:76:6a:
                    91:8d:19:d2:39:7f:66:44:0f:a2:f0:27:8c:b3:4e:
                    fe:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:A1:01:E3:E9:53:99:A4:E3:AA:CE:4C:E7:00:79:41:76:2D:81:22
            X509v3 Authority Key Identifier:
                keyid:94:73:20:D0:30:93:01:78:E6:F7:CE:EF:91:D2:AB:87:84:D3:DC:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lHMg0DCTAXjm987vkdKrh4TT3BY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/uaEB4-lTmaTjqs5M5wB5QXYtgSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/lHMg0DCTAXjm987vkdKrh4TT3BY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:1fc0:d::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:fe:21:ec:8c:18:c5:4c:11:0c:57:87:77:66:df:b9:3b:e8:
         7f:22:11:df:50:8f:8e:d9:d6:33:d2:08:71:3c:57:ea:d4:20:
         06:8b:73:80:6e:f4:33:51:ae:c9:b6:0c:f2:92:43:df:4a:33:
         11:33:9f:13:bd:3f:29:87:0f:34:ec:b7:7e:ff:80:d8:e0:9e:
         2b:d9:ad:f2:3a:14:60:c0:5d:c8:90:7e:45:4a:6e:30:98:59:
         33:c8:5e:f6:ea:22:fa:5f:aa:94:cc:2d:31:d8:5a:fa:93:c3:
         b2:37:8b:ea:a7:28:67:c2:13:b7:71:7e:04:cc:e9:25:c5:49:
         bd:84:99:8d:24:b8:f1:66:19:10:9e:53:cf:aa:f6:23:70:75:
         7b:08:a7:26:71:c6:0f:e6:f6:61:ff:b5:65:f0:14:a9:6d:ed:
         a4:ae:1a:8f:73:3f:49:c8:6f:16:45:d5:34:5d:d9:81:2f:49:
         f0:31:33:6d:7c:ed:2a:eb:f6:a9:36:a0:94:b4:cb:de:90:01:
         65:19:a2:05:7b:62:4e:ac:d8:e4:3d:c4:0c:29:c4:af:63:9f:
         98:6b:99:3e:9a:eb:2b:ce:9a:6b:a0:aa:fa:e9:f5:f6:4a:86:
         95:a2:d9:fb:4a:2a:5a:56:98:08:cc:99:92:f8:be:d4:67:7c:
         0b:04:ad:48
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzGt+A2xkHdu/yuIpAVxoPBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0NzMyMGQwMzA5MzAxNzhlNmY3Y2VlZjkxZDJhYjg3ODRk
M2RjMTYwHhcNMjQwMTAxMjAyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWExMDFlM2U5NTM5OWE0ZTNhYWNlNGNlNzAwNzk0MTc2MmQ4MTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkbdtwNM7ZSn2LK8LtYYBdF+zeBO+
wLpeCRtpKjY3+c1LpQcCtoT8Qc/8SzVokpqLxIiNGzZv6FbU/WlY3nAPBihdSKDS
WNaj9rV01GZT7BLYMZBAwVc1rLptKv1pXFIeFIeZhuR0awjQ90Ygdr8dmmnUGU2I
ckV68pQ6aOKmPV/ZsO/OsDVyA7d4r+xZn4Y2snsgJ1vL1slLcyzeYK+FGnfEnRqH
Tdll6Di3EGcozEHVjoX0qPh1Rh64sJfOEz1FKZAxHl9silRG4hDOq1xJ9myfBigc
MK5G9zXCbdprVreizA91sFpCDe4D3o4odmqRjRnSOX9mRA+i8CeMs07+2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLmhAePpU5mk46rOTOcAeUF2LYEiMB8GA1UdIwQY
MBaAFJRzINAwkwF45vfO75HSq4eE09wWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEhNZzBEQ1RBWGptOTg3dmtkS3JoNFRUM0JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC84MmU4NzYtYzk5Ny00NjA1LTg3YWEt
OGFjNGEyMTkzOGI0LzEvdWFFQjQtbFRtYVRqcXM1TTV3QjVRWFl0Z1NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC84MmU4NzYtYzk5Ny00NjA1LTg3YWEtOGFjNGEyMTkzOGI0
LzEvbEhNZzBEQ1RBWGptOTg3dmtkS3JoNFRUM0JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAfwAAN
MA0GCSqGSIb3DQEBCwUAA4IBAQCR/iHsjBjFTBEMV4d3Zt+5O+h/IhHfUI+O2dYz
0ghxPFfq1CAGi3OAbvQzUa7JtgzykkPfSjMRM58TvT8phw807Ld+/4DY4J4r2a3y
OhRgwF3IkH5FSm4wmFkzyF726iL6X6qUzC0x2Fr6k8OyN4vqpyhnwhO3cX4EzOkl
xUm9hJmNJLjxZhkQnlPPqvYjcHV7CKcmccYP5vZh/7Vl8BSpbe2krhqPcz9JyG8W
RdU0XdmBL0nwMTNtfO0q6/apNqCUtMvekAFlGaIFe2JOrNjkPcQMKcSvY5+Ya5k+
musrzpproKr66fX2SoaVotn7SipaVpgIzJmS+L7UZ3wLBK1I
-----END CERTIFICATE-----