Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/I1gXlx046mNGwZ1Ahc41ozPoiSc.roa
File:                     I1gXlx046mNGwZ1Ahc41ozPoiSc.roa (raw, json)
Hash identifier:          Tz5OeewMV1usaK3mD/N1zYSxy42INKdmwhHFFgrv9M0=
Subject key identifier:   23:58:17:97:1D:38:EA:63:46:C1:9D:40:85:CE:35:A3:33:E8:89:27
Certificate issuer:       /CN=827603a93bca31b018f511f6d4b0b7546e963362
Certificate serial:       019427B63997505FC38BEB8F36C750ACA2BD
Authority key identifier: 82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/I1gXlx046mNGwZ1Ahc41ozPoiSc.roa
Signing time:             Thu 02 Jan 2025 15:50:41 +0000
ROA not before:           Thu 02 Jan 2025 15:50:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205745
IP address blocks:        2a10:240::/30 maxlen: 30
                          2a10:244::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:39:97:50:5f:c3:8b:eb:8f:36:c7:50:ac:a2:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=827603a93bca31b018f511f6d4b0b7546e963362
        Validity
            Not Before: Jan  2 15:50:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=235817971d38ea6346c19d4085ce35a333e88927
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:12:fa:05:67:38:bd:36:35:6a:ac:f2:68:34:
                    77:57:80:4b:f6:33:d1:18:1d:b5:dc:80:ab:b1:cc:
                    90:9b:9d:7e:96:1c:82:b4:24:2b:2a:71:00:93:41:
                    77:24:3f:62:85:29:9a:db:89:e8:e2:82:0e:90:a3:
                    f8:8b:8d:ca:49:ec:b7:65:e7:9f:ad:a6:bc:26:61:
                    94:7d:b7:85:bb:de:78:7c:4b:44:ce:18:af:98:b7:
                    09:1b:8a:2b:d6:1c:91:17:f1:e9:5a:f3:77:c8:f8:
                    59:fb:29:39:9f:6a:39:56:65:18:70:80:6e:5c:90:
                    14:33:b9:19:6f:2d:01:54:e7:23:40:0d:e2:f3:5c:
                    35:d9:6c:72:26:2a:2d:20:72:0c:14:17:20:56:5b:
                    d6:32:fa:42:7a:db:b3:c1:5a:1c:b7:0c:fc:d8:ee:
                    3d:ac:b5:69:7a:71:49:b5:64:36:51:6b:6b:b2:e1:
                    13:8d:c3:93:0a:43:62:0e:d4:48:38:3a:fc:0a:6a:
                    64:ef:fa:1d:b2:f4:7c:fd:e9:97:96:5e:36:db:f1:
                    55:ca:84:16:9b:c0:a5:51:ae:46:a9:b3:39:57:60:
                    f8:ab:d4:d6:4d:27:0a:cf:e8:0b:cb:cb:86:6a:97:
                    ef:54:5a:9f:c3:e6:48:83:49:da:c0:d2:bf:67:ca:
                    9e:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:58:17:97:1D:38:EA:63:46:C1:9D:40:85:CE:35:A3:33:E8:89:27
            X509v3 Authority Key Identifier:
                keyid:82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/I1gXlx046mNGwZ1Ahc41ozPoiSc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:240::/29

    Signature Algorithm: sha256WithRSAEncryption
         42:3d:10:7e:d5:b9:3e:d6:7b:e8:0c:98:b7:e0:fe:93:ae:d2:
         ee:92:71:78:b5:68:68:55:d9:fa:19:75:3a:2b:fd:00:1a:9e:
         20:0c:88:3d:69:66:d7:1c:8d:cb:7c:58:1c:a6:6e:0d:a4:3b:
         46:3d:cb:a2:5f:3f:cc:ee:a4:dc:c5:cd:a5:4b:56:a5:e2:2f:
         8c:17:63:d2:44:1c:83:3f:92:1a:ca:d7:4e:66:08:3c:12:88:
         2f:10:c6:24:06:26:f3:38:3e:3b:ab:b2:bc:6a:79:94:6d:42:
         84:09:14:a3:ac:75:69:e1:ac:7b:f8:28:d5:be:5a:5f:4e:41:
         bc:0a:2b:10:d5:44:8b:5f:73:5f:86:f0:04:80:ca:10:ad:a6:
         73:ef:54:d9:1a:3b:92:93:c6:91:4f:37:49:a2:10:64:80:5a:
         4b:16:ad:24:71:43:87:55:3c:2d:cd:d6:81:fc:98:aa:44:c1:
         ba:a2:6f:0c:c3:43:a4:92:f5:f0:dc:b5:d3:37:ff:6e:b3:e3:
         16:ee:e5:e6:68:b1:a0:27:48:ab:19:43:87:00:77:d3:17:45:
         9e:6a:d6:f8:44:a9:0a:e9:a5:46:3b:c0:d1:05:07:70:26:14:
         34:60:09:f9:39:3e:90:04:1d:4f:9d:43:ef:8f:5e:7b:12:e9:
         60:00:a1:81
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQntjmXUF/Di+uPNsdQrKK9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNzYwM2E5M2JjYTMxYjAxOGY1MTFmNmQ0YjBiNzU0NmU5
NjMzNjIwHhcNMjUwMTAyMTU1MDQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzU4MTc5NzFkMzhlYTYzNDZjMTlkNDA4NWNlMzVhMzMzZTg4OTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRL6BWc4vTY1aqzyaDR3V4BL9jPR
GB213ICrscyQm51+lhyCtCQrKnEAk0F3JD9ihSma24no4oIOkKP4i43KSey3Zeef
raa8JmGUfbeFu954fEtEzhivmLcJG4or1hyRF/HpWvN3yPhZ+yk5n2o5VmUYcIBu
XJAUM7kZby0BVOcjQA3i81w12WxyJiotIHIMFBcgVlvWMvpCetuzwVoctwz82O49
rLVpenFJtWQ2UWtrsuETjcOTCkNiDtRIODr8Cmpk7/odsvR8/emXll422/FVyoQW
m8ClUa5GqbM5V2D4q9TWTScKz+gLy8uGapfvVFqfw+ZIg0nawNK/Z8qe7QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCNYF5cdOOpjRsGdQIXONaMz6IknMB8GA1UdIwQY
MBaAFIJ2A6k7yjGwGPUR9tSwt1RuljNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYt
YjE2Y2I0ZGZhZGQzLzEvSTFnWGx4MDQ2bU5Hd1oxQWhjNDFvelBvaVNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYtYjE2Y2I0ZGZhZGQz
LzEvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhACQDAN
BgkqhkiG9w0BAQsFAAOCAQEAQj0QftW5PtZ76AyYt+D+k67S7pJxeLVoaFXZ+hl1
Oiv9ABqeIAyIPWlm1xyNy3xYHKZuDaQ7Rj3Lol8/zO6k3MXNpUtWpeIvjBdj0kQc
gz+SGsrXTmYIPBKILxDGJAYm8zg+O6uyvGp5lG1ChAkUo6x1aeGse/go1b5aX05B
vAorENVEi19zX4bwBIDKEK2mc+9U2Ro7kpPGkU83SaIQZIBaSxatJHFDh1U8Lc3W
gfyYqkTBuqJvDMNDpJL18Ny10zf/brPjFu7l5mixoCdIqxlDhwB30xdFnmrW+ESp
CumlRjvA0QUHcCYUNGAJ+Tk+kAQdT51D749eexLpYAChgQ==
-----END CERTIFICATE-----