Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/09cafd-68bc-41a2-8bab-80b84e4f20c9/1/gX-qCcCD5B_9nIsUOZ5Qobytv98.roa
File:                     gX-qCcCD5B_9nIsUOZ5Qobytv98.roa (raw, json)
Hash identifier:          Bl4gs2SaONMXRiZYBNCExkmfvpzatrIWXT5qgV6TImA=
Subject key identifier:   81:7F:AA:09:C0:83:E4:1F:FD:9C:8B:14:39:9E:50:A1:BC:AD:BF:DF
Certificate issuer:       /CN=10773f32d3cb4e13e43f10a3dc422f1f3271bfba
Certificate serial:       018CC4922D6A1C4224351AFCE3C913107895
Authority key identifier: 10:77:3F:32:D3:CB:4E:13:E4:3F:10:A3:DC:42:2F:1F:32:71:BF:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EHc_MtPLThPkPxCj3EIvHzJxv7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/09cafd-68bc-41a2-8bab-80b84e4f20c9/1/gX-qCcCD5B_9nIsUOZ5Qobytv98.roa
Signing time:             Mon 01 Jan 2024 10:29:23 +0000
ROA not before:           Mon 01 Jan 2024 10:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0a:4a40:10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/09cafd-68bc-41a2-8bab-80b84e4f20c9/1/EHc_MtPLThPkPxCj3EIvHzJxv7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/09cafd-68bc-41a2-8bab-80b84e4f20c9/1/EHc_MtPLThPkPxCj3EIvHzJxv7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EHc_MtPLThPkPxCj3EIvHzJxv7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:2d:6a:1c:42:24:35:1a:fc:e3:c9:13:10:78:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10773f32d3cb4e13e43f10a3dc422f1f3271bfba
        Validity
            Not Before: Jan  1 10:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=817faa09c083e41ffd9c8b14399e50a1bcadbfdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:4b:2d:7b:b1:b0:96:99:5d:b3:59:8c:0f:38:
                    46:41:ef:5b:98:94:bd:6c:8d:b8:01:c4:90:2f:17:
                    ec:79:51:b5:da:8b:78:25:56:e1:59:fd:16:a5:f0:
                    d8:52:20:4f:f5:cc:7b:a0:73:14:6b:40:18:65:ea:
                    ff:80:62:4a:5c:33:ee:ea:07:07:7c:af:c1:39:20:
                    00:12:85:73:1b:a5:ea:fd:7f:65:56:42:72:ff:af:
                    c8:1e:49:2b:2a:95:af:64:ca:19:15:4c:b0:4d:27:
                    71:65:03:b3:a8:54:cb:55:c9:6d:60:07:0f:42:3b:
                    2e:c4:61:f0:10:70:aa:b9:02:ae:12:8d:31:70:29:
                    06:79:a5:3d:d8:d5:72:41:31:d9:ce:0c:06:b6:14:
                    ee:75:8a:40:d5:0e:b5:05:5d:8c:86:05:ae:3c:00:
                    a8:62:47:7b:a0:ee:1a:6c:33:2f:76:13:d1:3b:43:
                    2e:d8:d0:14:77:d5:b6:ae:11:a2:8d:04:4e:d5:e8:
                    c3:90:6b:0b:0d:29:09:62:dc:97:43:de:4a:76:a7:
                    2d:fb:03:96:db:04:c7:59:32:78:51:70:3a:99:b9:
                    b6:bc:db:6c:8e:c3:6f:02:06:ba:e6:a6:75:cc:6c:
                    94:8a:92:b5:35:cf:4e:df:ae:cd:b3:10:a8:2c:c8:
                    1a:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:7F:AA:09:C0:83:E4:1F:FD:9C:8B:14:39:9E:50:A1:BC:AD:BF:DF
            X509v3 Authority Key Identifier:
                keyid:10:77:3F:32:D3:CB:4E:13:E4:3F:10:A3:DC:42:2F:1F:32:71:BF:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHc_MtPLThPkPxCj3EIvHzJxv7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/09cafd-68bc-41a2-8bab-80b84e4f20c9/1/gX-qCcCD5B_9nIsUOZ5Qobytv98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/09cafd-68bc-41a2-8bab-80b84e4f20c9/1/EHc_MtPLThPkPxCj3EIvHzJxv7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4a40:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:99:b5:c6:46:de:cc:d6:2d:01:da:08:64:7c:4a:8f:44:81:
         22:b2:5a:c1:20:c1:bb:2f:02:ba:65:e2:63:18:fd:dd:e8:f3:
         b6:ba:d1:8b:d6:ac:f7:ae:8b:79:1e:52:18:3b:9d:4e:a3:6c:
         ed:cf:70:0f:5d:58:3f:5b:62:ae:0a:67:fb:d2:9b:fe:ec:a1:
         40:8c:d5:87:ad:ae:47:ea:09:7a:d3:8f:e2:d5:7c:0d:7d:14:
         b8:12:4b:8c:b8:2f:c4:a6:6a:da:4f:a4:5c:61:5c:e9:03:cf:
         da:1e:e6:c4:13:73:c8:8b:e4:aa:f9:31:41:eb:e8:97:86:76:
         0e:e5:1c:af:ff:0e:ac:bf:7c:aa:ba:06:05:5e:29:22:37:8c:
         18:46:f1:b6:7a:37:9e:9e:84:54:bf:41:46:5c:61:73:2c:8a:
         ff:94:9a:ae:e6:77:11:6a:86:78:ab:9b:1c:54:94:e6:9a:ff:
         0d:57:e1:08:4c:a9:72:38:ca:26:d0:b2:55:61:b2:76:12:df:
         f5:83:64:76:a7:e3:c2:1a:fb:6f:06:e6:92:6a:8f:70:5a:58:
         77:8a:f0:f0:87:8b:52:02:e8:04:c7:c4:24:2c:4e:52:8b:ae:
         19:a2:55:0c:f0:77:6f:81:a6:ee:a5:3a:e2:61:91:ed:35:0b:
         fa:af:1b:ac
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEki1qHEIkNRr848kTEHiVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzczZjMyZDNjYjRlMTNlNDNmMTBhM2RjNDIyZjFmMzI3
MWJmYmEwHhcNMjQwMTAxMTAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTdmYWEwOWMwODNlNDFmZmQ5YzhiMTQzOTllNTBhMWJjYWRiZmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUste7Gwlplds1mMDzhGQe9bmJS9
bI24AcSQLxfseVG12ot4JVbhWf0WpfDYUiBP9cx7oHMUa0AYZer/gGJKXDPu6gcH
fK/BOSAAEoVzG6Xq/X9lVkJy/6/IHkkrKpWvZMoZFUywTSdxZQOzqFTLVcltYAcP
QjsuxGHwEHCquQKuEo0xcCkGeaU92NVyQTHZzgwGthTudYpA1Q61BV2MhgWuPACo
Ykd7oO4abDMvdhPRO0Mu2NAUd9W2rhGijQRO1ejDkGsLDSkJYtyXQ95Kdqct+wOW
2wTHWTJ4UXA6mbm2vNtsjsNvAga65qZ1zGyUipK1Nc9O367NsxCoLMgaMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIF/qgnAg+Qf/ZyLFDmeUKG8rb/fMB8GA1UdIwQY
MBaAFBB3PzLTy04T5D8Qo9xCLx8ycb+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhjX010UExUaFBrUHhDajNFSXZIekp4djdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC8wOWNhZmQtNjhiYy00MWEyLThiYWIt
ODBiODRlNGYyMGM5LzEvZ1gtcUNjQ0Q1Ql85bklzVU9aNVFvYnl0djk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC8wOWNhZmQtNjhiYy00MWEyLThiYWItODBiODRlNGYyMGM5
LzEvRUhjX010UExUaFBrUHhDajNFSXZIekp4djdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgpKQAAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAkmbXGRt7M1i0B2ghkfEqPRIEislrBIMG7LwK6
ZeJjGP3d6PO2utGL1qz3rot5HlIYO51Oo2ztz3APXVg/W2KuCmf70pv+7KFAjNWH
ra5H6gl604/i1XwNfRS4EkuMuC/EpmraT6RcYVzpA8/aHubEE3PIi+Sq+TFB6+iX
hnYO5Ryv/w6sv3yqugYFXikiN4wYRvG2ejeenoRUv0FGXGFzLIr/lJqu5ncRaoZ4
q5scVJTmmv8NV+EITKlyOMom0LJVYbJ2Et/1g2R2p+PCGvtvBuaSao9wWlh3ivDw
h4tSAugEx8QkLE5Si64ZolUM8HdvgabupTriYZHtNQv6rxus
-----END CERTIFICATE-----