Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/a02cc6-1308-47e4-a087-39605f9081b7/1/h4jQ6TPkzKlO8REL655A5Nq83R8.roa
File:                     h4jQ6TPkzKlO8REL655A5Nq83R8.roa (raw, json)
Hash identifier:          30+czh7xuyzDTlqiuFPeLkVV8IT1aQC8iDbbtQvATco=
Subject key identifier:   87:88:D0:E9:33:E4:CC:A9:4E:F1:11:0B:EB:9E:40:E4:DA:BC:DD:1F
Certificate issuer:       /CN=79730b9ea010d832f940efb589c51889132f4c94
Certificate serial:       018CC9BCC9214C97A68EA8FA2D437DAB5DE4
Authority key identifier: 79:73:0B:9E:A0:10:D8:32:F9:40:EF:B5:89:C5:18:89:13:2F:4C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXMLnqAQ2DL5QO-1icUYiRMvTJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/a02cc6-1308-47e4-a087-39605f9081b7/1/h4jQ6TPkzKlO8REL655A5Nq83R8.roa
Signing time:             Tue 02 Jan 2024 10:34:01 +0000
ROA not before:           Tue 02 Jan 2024 10:34:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        2a10:7080::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/a02cc6-1308-47e4-a087-39605f9081b7/1/eXMLnqAQ2DL5QO-1icUYiRMvTJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/a02cc6-1308-47e4-a087-39605f9081b7/1/eXMLnqAQ2DL5QO-1icUYiRMvTJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXMLnqAQ2DL5QO-1icUYiRMvTJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c9:21:4c:97:a6:8e:a8:fa:2d:43:7d:ab:5d:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79730b9ea010d832f940efb589c51889132f4c94
        Validity
            Not Before: Jan  2 10:34:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8788d0e933e4cca94ef1110beb9e40e4dabcdd1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:8f:33:63:26:1d:1c:63:96:f0:54:e7:37:80:
                    4e:c0:1c:fd:f6:16:f6:e5:fe:97:f8:22:2a:a6:5c:
                    31:5f:85:db:b0:c3:91:bd:82:19:28:f6:24:8f:9e:
                    15:af:67:e1:06:0e:1b:ad:bf:f9:f5:51:98:13:9a:
                    9e:51:cc:22:fd:db:10:1d:aa:55:b3:f8:21:fc:4b:
                    4b:b5:d2:7e:be:07:19:f6:6e:c6:28:6b:cd:d1:97:
                    d6:b1:ad:3d:fb:00:95:44:d8:74:54:64:82:b1:8b:
                    ed:3f:d1:13:c1:d5:7f:db:6c:ca:95:38:a0:de:97:
                    c1:95:08:92:e8:f2:30:bb:42:91:4d:2a:72:4e:ff:
                    06:77:9d:9e:ca:ff:6f:c6:4d:99:37:c6:4a:55:5a:
                    52:ed:86:6b:ce:85:3c:6e:06:c0:33:6d:6b:69:67:
                    28:2d:cc:ed:c4:e6:46:a8:96:ec:f3:03:27:88:50:
                    0d:53:e6:08:52:59:26:61:96:67:d8:a3:de:68:b9:
                    29:d7:ce:22:60:57:99:28:75:47:a5:2e:f8:bc:fa:
                    3c:ed:08:79:9e:03:c5:8c:bf:8b:96:1d:f8:2f:26:
                    c6:08:97:d4:45:73:1b:bc:f1:5b:ee:eb:60:12:73:
                    b5:ff:2b:79:62:73:b5:79:64:c6:c2:a3:98:62:c8:
                    c2:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:88:D0:E9:33:E4:CC:A9:4E:F1:11:0B:EB:9E:40:E4:DA:BC:DD:1F
            X509v3 Authority Key Identifier:
                keyid:79:73:0B:9E:A0:10:D8:32:F9:40:EF:B5:89:C5:18:89:13:2F:4C:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXMLnqAQ2DL5QO-1icUYiRMvTJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/a02cc6-1308-47e4-a087-39605f9081b7/1/h4jQ6TPkzKlO8REL655A5Nq83R8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/a02cc6-1308-47e4-a087-39605f9081b7/1/eXMLnqAQ2DL5QO-1icUYiRMvTJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:7080::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:74:72:66:00:eb:1f:59:b3:66:4d:fd:8a:70:ae:1a:e6:3d:
         09:b3:aa:b3:9d:b4:55:7f:ea:c1:c7:2f:b5:51:d0:9f:f7:98:
         49:5d:dd:a0:a2:21:e0:39:e1:3f:e1:b7:62:b0:54:97:58:cc:
         a1:6c:99:ce:a9:04:87:b8:2e:8f:69:5f:e2:93:37:33:e4:a9:
         cd:d0:bb:67:8e:12:89:fd:e3:73:fb:52:bb:c6:26:be:69:c7:
         1c:a3:fb:51:80:79:2f:93:2e:7d:f0:1a:35:c9:56:27:84:2a:
         bf:6a:ca:15:fe:11:d3:82:68:88:e5:9d:58:c8:68:ea:c0:ef:
         58:2c:29:2a:9d:00:3f:8e:2d:07:c8:3f:4b:c9:34:3f:e2:63:
         70:9a:bd:87:d7:3d:5f:1d:ae:16:ce:14:76:37:d6:e8:71:b1:
         bf:9e:c8:dd:79:44:e2:7b:f7:02:94:b8:70:4f:c5:68:a8:36:
         af:b9:6f:50:47:18:87:97:80:64:82:49:d7:1e:c9:c3:a8:d4:
         8e:10:26:61:d6:10:3d:eb:74:3a:a3:3a:cd:46:7a:2f:55:e9:
         9c:e0:91:97:ee:0d:76:14:80:6a:52:f2:1e:b5:0f:e8:37:c0:
         b3:31:8c:37:63:da:86:b4:5c:bf:a2:9d:90:e6:92:73:56:5e:
         45:68:42:4e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJvMkhTJemjqj6LUN9q13kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NzMwYjllYTAxMGQ4MzJmOTQwZWZiNTg5YzUxODg5MTMy
ZjRjOTQwHhcNMjQwMTAyMTAzNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Nzg4ZDBlOTMzZTRjY2E5NGVmMTExMGJlYjllNDBlNGRhYmNkZDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr48zYyYdHGOW8FTnN4BOwBz99hb2
5f6X+CIqplwxX4XbsMORvYIZKPYkj54Vr2fhBg4brb/59VGYE5qeUcwi/dsQHapV
s/gh/EtLtdJ+vgcZ9m7GKGvN0ZfWsa09+wCVRNh0VGSCsYvtP9ETwdV/22zKlTig
3pfBlQiS6PIwu0KRTSpyTv8Gd52eyv9vxk2ZN8ZKVVpS7YZrzoU8bgbAM21raWco
LcztxOZGqJbs8wMniFANU+YIUlkmYZZn2KPeaLkp184iYFeZKHVHpS74vPo87Qh5
ngPFjL+Llh34LybGCJfURXMbvPFb7utgEnO1/yt5YnO1eWTGwqOYYsjC/QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIeI0Okz5MypTvERC+ueQOTavN0fMB8GA1UdIwQY
MBaAFHlzC56gENgy+UDvtYnFGIkTL0yUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhNTG5xQVEyREw1UU8tMWljVVlpUk12VEpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9hMDJjYzYtMTMwOC00N2U0LWEwODct
Mzk2MDVmOTA4MWI3LzEvaDRqUTZUUGt6S2xPOFJFTDY1NUE1TnE4M1I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9hMDJjYzYtMTMwOC00N2U0LWEwODctMzk2MDVmOTA4MWI3
LzEvZVhNTG5xQVEyREw1UU8tMWljVVlpUk12VEpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhBwgDAN
BgkqhkiG9w0BAQsFAAOCAQEAOHRyZgDrH1mzZk39inCuGuY9CbOqs520VX/qwccv
tVHQn/eYSV3doKIh4DnhP+G3YrBUl1jMoWyZzqkEh7guj2lf4pM3M+SpzdC7Z44S
if3jc/tSu8YmvmnHHKP7UYB5L5MuffAaNclWJ4Qqv2rKFf4R04JoiOWdWMho6sDv
WCwpKp0AP44tB8g/S8k0P+JjcJq9h9c9Xx2uFs4UdjfW6HGxv57I3XlE4nv3ApS4
cE/FaKg2r7lvUEcYh5eAZIJJ1x7Jw6jUjhAmYdYQPet0OqM6zUZ6L1XpnOCRl+4N
dhSAalLyHrUP6DfAszGMN2PahrRcv6KdkOaSc1ZeRWhCTg==
-----END CERTIFICATE-----