Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/DQohYBqMCPGb6Xl3K2QbWlWCDNA.roa
File:                     DQohYBqMCPGb6Xl3K2QbWlWCDNA.roa (raw, json)
Hash identifier:          r1rVJaPMbIElgx7lUZIiGlVKBx8urkI9ERMa6VgmTNU=
Subject key identifier:   0D:0A:21:60:1A:8C:08:F1:9B:E9:79:77:2B:64:1B:5A:55:82:0C:D0
Certificate issuer:       /CN=4986c73994d02d91fc97d916e9809a6d981e6b17
Certificate serial:       018ECD814D89B5830B046288AF4559406D46
Authority key identifier: 49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/DQohYBqMCPGb6Xl3K2QbWlWCDNA.roa
Signing time:             Thu 11 Apr 2024 14:13:06 +0000
ROA not before:           Thu 11 Apr 2024 14:13:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212144
IP address blocks:        2a10:b540::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cd:81:4d:89:b5:83:0b:04:62:88:af:45:59:40:6d:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4986c73994d02d91fc97d916e9809a6d981e6b17
        Validity
            Not Before: Apr 11 14:13:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d0a21601a8c08f19be979772b641b5a55820cd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c4:b7:be:d5:58:ae:5d:e6:3e:3b:16:44:fe:
                    14:9e:d5:2e:9f:4f:dc:c1:42:69:fc:7f:72:96:23:
                    c6:c8:d5:6c:0d:d4:b1:71:3d:f3:c7:07:95:3e:a0:
                    70:d4:ab:10:fa:5f:b9:8b:1a:a4:0b:1e:89:55:c6:
                    5f:b2:a2:72:e2:cf:d1:78:07:45:1f:3f:39:cd:90:
                    04:5a:83:aa:8e:41:ca:49:46:f8:10:9b:30:90:98:
                    e4:3d:8d:b1:3b:b8:a9:3c:14:b4:b6:ef:f1:07:aa:
                    79:4d:a6:ca:6e:c4:74:1d:b5:50:35:0a:c6:d0:6d:
                    e0:10:7b:b0:37:21:3d:a2:d0:3a:20:f5:08:c1:c4:
                    e9:fb:5a:00:5e:85:42:1f:2a:7f:b3:9b:d0:63:3f:
                    95:24:b6:d6:35:7b:20:fa:07:47:39:6a:03:fb:78:
                    eb:fe:a5:8c:65:33:c9:72:7f:dc:00:f7:3a:3b:08:
                    1e:50:90:ec:8f:d6:27:7e:72:f0:83:17:ec:7c:25:
                    43:de:0d:6e:dd:15:8b:c7:59:c4:28:03:0b:bf:61:
                    59:0f:8b:2e:78:68:30:90:0e:19:e4:57:e4:d2:dd:
                    d9:81:b6:85:33:e8:9b:1f:9b:5d:b0:74:23:c3:dc:
                    5a:0f:13:d2:fc:26:a1:05:9b:8b:d7:c3:83:f9:cf:
                    a9:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:0A:21:60:1A:8C:08:F1:9B:E9:79:77:2B:64:1B:5A:55:82:0C:D0
            X509v3 Authority Key Identifier:
                keyid:49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/DQohYBqMCPGb6Xl3K2QbWlWCDNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:b540::/29

    Signature Algorithm: sha256WithRSAEncryption
         03:fd:24:d5:c4:3b:d9:b0:e7:73:a1:3a:1f:44:e4:e7:32:9f:
         15:67:81:3e:f0:56:41:fe:ca:58:6b:5d:63:6c:08:1d:d2:72:
         f8:ea:23:66:3f:8e:5c:f8:65:39:a9:36:97:cb:6b:21:b9:78:
         8b:fe:60:16:3c:f8:93:93:44:be:3e:d6:ee:46:b0:8d:fa:6c:
         aa:74:c4:aa:3d:4a:8c:3c:c8:5a:c4:4f:e7:7b:a4:e5:08:0d:
         5f:d2:7a:7f:8c:f5:43:81:7c:42:f9:08:13:75:23:c0:bf:b2:
         fa:35:a9:1a:c2:34:23:2d:30:ba:b2:65:ad:16:80:9e:76:0a:
         29:5c:53:9a:37:ed:9c:ca:66:dd:29:a6:d0:f6:a4:8e:46:f1:
         c1:6d:eb:22:18:2d:fb:61:37:9a:f8:4c:fe:b3:9d:ac:7a:ad:
         45:a6:24:81:56:2b:dc:bb:46:7b:dc:65:bb:cc:b0:d3:16:fb:
         aa:b1:41:57:2f:77:f9:67:4e:13:41:e6:88:45:d6:17:18:63:
         62:c9:5d:6a:f6:c7:f4:60:16:68:26:6f:2e:c8:93:47:07:08:
         36:0c:ea:b1:17:ff:fa:e3:e0:6f:61:ff:c5:08:c0:75:eb:20:
         f2:9e:16:1f:bc:da:3b:68:63:56:c1:3f:ab:e3:65:e6:9e:92:
         4b:5e:f3:2b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY7NgU2JtYMLBGKIr0VZQG1GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ODZjNzM5OTRkMDJkOTFmYzk3ZDkxNmU5ODA5YTZkOTgx
ZTZiMTcwHhcNMjQwNDExMTQxMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDBhMjE2MDFhOGMwOGYxOWJlOTc5NzcyYjY0MWI1YTU1ODIwY2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMS3vtVYrl3mPjsWRP4UntUun0/c
wUJp/H9yliPGyNVsDdSxcT3zxweVPqBw1KsQ+l+5ixqkCx6JVcZfsqJy4s/ReAdF
Hz85zZAEWoOqjkHKSUb4EJswkJjkPY2xO7ipPBS0tu/xB6p5TabKbsR0HbVQNQrG
0G3gEHuwNyE9otA6IPUIwcTp+1oAXoVCHyp/s5vQYz+VJLbWNXsg+gdHOWoD+3jr
/qWMZTPJcn/cAPc6OwgeUJDsj9YnfnLwgxfsfCVD3g1u3RWLx1nEKAMLv2FZD4su
eGgwkA4Z5Ffk0t3ZgbaFM+ibH5tdsHQjw9xaDxPS/CahBZuL18OD+c+p9QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFA0KIWAajAjxm+l5dytkG1pVggzQMB8GA1UdIwQY
MBaAFEmGxzmU0C2R/JfZFumAmm2YHmsXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzIt
OWU4OTVkMGVmOGQyLzEvRFFvaFlCcU1DUEdiNlhsM0syUWJXbFdDRE5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzItOWU4OTVkMGVmOGQy
LzEvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhC1QDAN
BgkqhkiG9w0BAQsFAAOCAQEAA/0k1cQ72bDnc6E6H0Tk5zKfFWeBPvBWQf7KWGtd
Y2wIHdJy+OojZj+OXPhlOak2l8trIbl4i/5gFjz4k5NEvj7W7kawjfpsqnTEqj1K
jDzIWsRP53uk5QgNX9J6f4z1Q4F8QvkIE3UjwL+y+jWpGsI0Iy0wurJlrRaAnnYK
KVxTmjftnMpm3Smm0PakjkbxwW3rIhgt+2E3mvhM/rOdrHqtRaYkgVYr3LtGe9xl
u8yw0xb7qrFBVy93+WdOE0HmiEXWFxhjYsldavbH9GAWaCZvLsiTRwcINgzqsRf/
+uPgb2H/xQjAdesg8p4WH7zaO2hjVsE/q+Nl5p6SS17zKw==
-----END CERTIFICATE-----