Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/9GHdqTxj75VIdr6Bbig7lXdoTLg.roa
File:                     9GHdqTxj75VIdr6Bbig7lXdoTLg.roa (raw, json)
Hash identifier:          w2EslLHVOiy/Lm3S3Zwel1Dq8dr0WZhz6zZpzlMFZmo=
Subject key identifier:   F4:61:DD:A9:3C:63:EF:95:48:76:BE:81:6E:28:3B:95:77:68:4C:B8
Certificate issuer:       /CN=206f1c32bc0a9006081d552fede67d6842921ec3
Certificate serial:       018CC2DB58B40E40FF91B22561D8AA3C03FB
Authority key identifier: 20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/9GHdqTxj75VIdr6Bbig7lXdoTLg.roa
Signing time:             Mon 01 Jan 2024 02:30:04 +0000
ROA not before:           Mon 01 Jan 2024 02:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208768
IP address blocks:        2a10:4741:22::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:58:b4:0e:40:ff:91:b2:25:61:d8:aa:3c:03:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=206f1c32bc0a9006081d552fede67d6842921ec3
        Validity
            Not Before: Jan  1 02:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f461dda93c63ef954876be816e283b9577684cb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:d5:01:88:07:a8:ae:48:a7:d0:5d:a6:0a:5f:
                    0a:fe:56:b5:1a:35:1d:38:25:49:7c:ce:9f:5f:ba:
                    1a:21:a1:97:d5:eb:5d:2e:cc:a8:60:83:a6:9a:c8:
                    00:d9:8e:51:d4:a6:7b:31:62:21:a7:0e:9d:e2:80:
                    bd:fb:0e:35:9b:6e:f3:25:cc:f7:a0:9e:64:73:70:
                    c1:b0:3f:56:5b:89:f5:0f:36:37:1c:c6:b8:69:40:
                    10:69:41:91:bb:d0:ed:d4:0d:2b:bd:cb:f9:0a:fc:
                    7f:b4:f4:c9:96:50:47:42:9c:7e:10:2e:40:a8:54:
                    16:d3:ca:ba:52:ed:f4:4a:22:ea:73:9f:c1:aa:3b:
                    75:93:e3:2c:a5:e3:7d:0a:da:83:20:52:6f:aa:30:
                    17:86:27:64:3f:57:78:f4:f1:d3:79:a2:23:1d:69:
                    67:43:7f:c3:f4:a1:5a:02:4f:2c:3b:74:78:24:17:
                    15:cc:69:91:26:7e:4b:88:28:39:3a:26:82:dc:db:
                    15:bd:42:b7:64:f6:09:20:12:ed:72:92:e8:56:03:
                    fd:61:9c:cb:16:67:0e:6f:e7:10:5f:af:cf:f1:7c:
                    e3:01:27:a6:fa:e0:7d:cb:3e:52:59:37:3d:a6:12:
                    9a:81:db:27:21:bf:81:0f:c4:2e:64:83:da:8c:9c:
                    af:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:61:DD:A9:3C:63:EF:95:48:76:BE:81:6E:28:3B:95:77:68:4C:B8
            X509v3 Authority Key Identifier:
                keyid:20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/9GHdqTxj75VIdr6Bbig7lXdoTLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4741:22::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:06:69:98:97:e0:8f:28:55:f9:f0:a4:89:80:84:53:29:19:
         83:c8:fa:b8:98:ca:3c:46:c6:2c:36:b1:94:57:cc:7c:6e:60:
         65:fa:a7:27:1f:1b:5d:fd:8f:fa:cc:ab:e0:b0:2c:c9:de:8a:
         9e:6b:2d:7c:14:6b:63:0f:de:5f:2a:fe:9e:ec:69:1a:de:1d:
         72:73:4a:c9:f6:d5:37:ce:21:94:e4:69:ca:76:22:79:3c:66:
         c0:ca:f8:d0:79:86:33:45:4b:02:4f:fe:c0:43:94:7a:a2:77:
         13:7d:e4:bb:a6:38:22:e1:9e:c7:96:c7:fc:58:5f:d6:2a:81:
         f7:99:6a:63:d3:53:f5:80:83:85:d6:e3:e6:7a:00:a5:c3:55:
         15:e8:ab:ad:52:90:98:06:0e:9e:97:e7:b1:4f:0a:c5:ed:d7:
         22:07:3d:2f:5d:07:5a:d2:de:3a:56:89:b0:26:7f:25:78:55:
         7b:11:33:1a:0d:e4:c6:02:f0:a5:06:70:cc:eb:bf:14:c3:c5:
         ce:ea:c1:05:ad:89:e5:f2:45:87:a1:a5:b7:ce:f2:d6:ac:c2:
         84:f7:fa:94:f4:22:8b:dd:23:77:b6:a6:49:10:ca:56:a4:67:
         05:97:29:54:eb:53:a1:f4:99:37:ce:0c:4a:e2:1c:b8:29:fb:
         24:7c:ba:40
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC21i0DkD/kbIlYdiqPAP7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNmYxYzMyYmMwYTkwMDYwODFkNTUyZmVkZTY3ZDY4NDI5
MjFlYzMwHhcNMjQwMTAxMDIzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDYxZGRhOTNjNjNlZjk1NDg3NmJlODE2ZTI4M2I5NTc3Njg0Y2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9UBiAeorkin0F2mCl8K/la1GjUd
OCVJfM6fX7oaIaGX1etdLsyoYIOmmsgA2Y5R1KZ7MWIhpw6d4oC9+w41m27zJcz3
oJ5kc3DBsD9WW4n1DzY3HMa4aUAQaUGRu9Dt1A0rvcv5Cvx/tPTJllBHQpx+EC5A
qFQW08q6Uu30SiLqc5/Bqjt1k+MspeN9CtqDIFJvqjAXhidkP1d49PHTeaIjHWln
Q3/D9KFaAk8sO3R4JBcVzGmRJn5LiCg5OiaC3NsVvUK3ZPYJIBLtcpLoVgP9YZzL
FmcOb+cQX6/P8XzjASem+uB9yz5SWTc9phKagdsnIb+BD8QuZIPajJyvcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPRh3ak8Y++VSHa+gW4oO5V3aEy4MB8GA1UdIwQY
MBaAFCBvHDK8CpAGCB1VL+3mfWhCkh7DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzIt
YmJhODYwYjI2YzAyLzEvOUdIZHFUeGo3NVZJZHI2QmJpZzdsWGRvVExnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzItYmJhODYwYjI2YzAy
LzEvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhBHQQAi
MA0GCSqGSIb3DQEBCwUAA4IBAQB7BmmYl+CPKFX58KSJgIRTKRmDyPq4mMo8RsYs
NrGUV8x8bmBl+qcnHxtd/Y/6zKvgsCzJ3oqeay18FGtjD95fKv6e7Gka3h1yc0rJ
9tU3ziGU5GnKdiJ5PGbAyvjQeYYzRUsCT/7AQ5R6oncTfeS7pjgi4Z7Hlsf8WF/W
KoH3mWpj01P1gIOF1uPmegClw1UV6KutUpCYBg6el+exTwrF7dciBz0vXQda0t46
VomwJn8leFV7ETMaDeTGAvClBnDM678Uw8XO6sEFrYnl8kWHoaW3zvLWrMKE9/qU
9CKL3SN3tqZJEMpWpGcFlylU61Oh9Jk3zgxK4hy4KfskfLpA
-----END CERTIFICATE-----