Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/zffEeck8qADVfgjuStY1pTLE5gY.roa
File:                     zffEeck8qADVfgjuStY1pTLE5gY.roa (raw, json)
Hash identifier:          AoYyKZufj1ufAA4aF4nCXMk9bCGQ0dxcLMdTdkj0Ql4=
Subject key identifier:   CD:F7:C4:79:C9:3C:A8:00:D5:7E:08:EE:4A:D6:35:A5:32:C4:E6:06
Certificate issuer:       /CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
Certificate serial:       01918E4EEDCD29B39A2B5856397F23E7410B
Authority key identifier: 0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/zffEeck8qADVfgjuStY1pTLE5gY.roa
Signing time:             Mon 26 Aug 2024 10:50:22 +0000
ROA not before:           Mon 26 Aug 2024 10:50:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216157
IP address blocks:        2a10:a280::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8e:4e:ed:cd:29:b3:9a:2b:58:56:39:7f:23:e7:41:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d3558546a2c54bbd812a19228aa98e078d3aa68
        Validity
            Not Before: Aug 26 10:50:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cdf7c479c93ca800d57e08ee4ad635a532c4e606
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:6c:fe:91:b6:b8:8a:3e:42:54:03:0a:33:02:
                    f7:af:11:12:74:f0:72:3f:99:10:c4:f9:0a:ec:21:
                    c5:4d:c1:85:57:62:98:d7:09:c9:4a:4c:f5:c8:5e:
                    f0:84:fd:3b:e7:50:f6:04:99:58:c9:fa:fc:17:74:
                    6b:ca:3b:63:f4:8c:e3:a9:a9:9c:56:92:46:0f:da:
                    0d:a5:f9:86:f3:44:c3:03:8f:23:ba:b5:7d:4b:e5:
                    34:00:ac:c7:76:ff:95:2a:51:ef:60:49:43:87:3b:
                    c2:b3:dd:27:7f:75:19:30:e7:88:31:b3:80:64:3e:
                    21:67:b9:1b:dc:57:1c:45:3e:31:fa:92:94:9f:95:
                    31:10:5d:f2:31:5f:5f:68:c1:24:1f:a1:01:c9:50:
                    1c:ac:5c:e9:74:ee:6d:98:3f:ac:90:52:a2:59:8a:
                    e8:26:c4:33:bb:09:5a:c6:25:13:93:13:78:b5:6c:
                    4c:47:e8:2e:6b:2b:b1:a0:72:41:c4:db:a1:0d:60:
                    65:e0:86:9d:47:4c:5e:25:84:ca:4c:51:b6:97:5c:
                    d0:01:76:0c:f3:a2:d5:2c:6f:48:34:4b:dd:d8:27:
                    45:9c:8f:93:17:d5:d7:27:f6:fe:04:4b:fe:0c:65:
                    a1:a6:5e:ee:e0:19:88:31:3b:25:53:0a:0e:ab:23:
                    06:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:F7:C4:79:C9:3C:A8:00:D5:7E:08:EE:4A:D6:35:A5:32:C4:E6:06
            X509v3 Authority Key Identifier:
                keyid:0D:35:58:54:6A:2C:54:BB:D8:12:A1:92:28:AA:98:E0:78:D3:AA:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DTVYVGosVLvYEqGSKKqY4HjTqmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/zffEeck8qADVfgjuStY1pTLE5gY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/474f27-b286-46f0-ae45-132ffc8bde46/1/DTVYVGosVLvYEqGSKKqY4HjTqmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:a280::/29

    Signature Algorithm: sha256WithRSAEncryption
         4d:f1:79:c1:e1:7c:3f:27:35:32:6b:39:2c:77:73:09:44:0e:
         a2:57:55:10:56:92:7c:50:33:55:f8:93:ba:d4:31:5a:62:88:
         84:5f:90:4d:1b:70:32:55:bc:10:1e:2a:34:c1:ce:d2:00:b4:
         f2:e5:bf:05:d5:b4:60:19:50:c5:f7:84:8d:1e:dc:57:01:4c:
         47:59:5c:be:1e:78:83:3f:fa:ca:c2:b1:3d:3c:8b:38:be:4d:
         fb:8b:ad:8e:dc:64:b1:94:cb:8d:9b:77:0f:80:98:c4:a8:b4:
         bc:b8:3a:3f:9b:34:07:f6:21:c1:8c:42:e9:70:03:e2:4f:67:
         ec:de:d5:22:d1:3a:89:8a:62:63:d6:fe:ed:49:1e:9c:66:40:
         71:5c:f4:5b:c6:1f:cc:2d:90:7b:df:79:ed:07:ff:d6:2f:4d:
         b5:71:4c:6e:ff:21:df:ab:bf:14:ca:4d:2c:d7:96:ad:ff:d8:
         09:0a:5f:0b:cf:1d:9d:f0:9c:99:ac:80:b4:1d:08:6c:38:4d:
         26:4d:98:b3:05:64:55:55:a7:4a:00:25:a4:e4:e6:3f:f4:81:
         55:ed:69:40:1d:48:6b:2b:1e:79:25:f2:34:5c:00:75:dd:69:
         d6:b6:5e:4e:8e:73:36:05:be:94:87:0f:c9:db:9c:1a:de:c2:
         26:d1:66:fd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZGOTu3NKbOaK1hWOX8j50ELMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMzU1ODU0NmEyYzU0YmJkODEyYTE5MjI4YWE5OGUwNzhk
M2FhNjgwHhcNMjQwODI2MTA1MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGY3YzQ3OWM5M2NhODAwZDU3ZTA4ZWU0YWQ2MzVhNTMyYzRlNjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2z+kba4ij5CVAMKMwL3rxESdPBy
P5kQxPkK7CHFTcGFV2KY1wnJSkz1yF7whP0751D2BJlYyfr8F3Rryjtj9Izjqamc
VpJGD9oNpfmG80TDA48jurV9S+U0AKzHdv+VKlHvYElDhzvCs90nf3UZMOeIMbOA
ZD4hZ7kb3FccRT4x+pKUn5UxEF3yMV9faMEkH6EByVAcrFzpdO5tmD+skFKiWYro
JsQzuwlaxiUTkxN4tWxMR+guayuxoHJBxNuhDWBl4IadR0xeJYTKTFG2l1zQAXYM
86LVLG9INEvd2CdFnI+TF9XXJ/b+BEv+DGWhpl7u4BmIMTslUwoOqyMGqQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM33xHnJPKgA1X4I7krWNaUyxOYGMB8GA1UdIwQY
MBaAFA01WFRqLFS72BKhkiiqmOB406poMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUt
MTMyZmZjOGJkZTQ2LzEvemZmRWVjazhxQURWZmdqdVN0WTFwVExFNWdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi80NzRmMjctYjI4Ni00NmYwLWFlNDUtMTMyZmZjOGJkZTQ2
LzEvRFRWWVZHb3NWTHZZRXFHU0tLcVk0SGpUcW1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhCigDAN
BgkqhkiG9w0BAQsFAAOCAQEATfF5weF8Pyc1Mms5LHdzCUQOoldVEFaSfFAzVfiT
utQxWmKIhF+QTRtwMlW8EB4qNMHO0gC08uW/BdW0YBlQxfeEjR7cVwFMR1lcvh54
gz/6ysKxPTyLOL5N+4utjtxksZTLjZt3D4CYxKi0vLg6P5s0B/YhwYxC6XAD4k9n
7N7VItE6iYpiY9b+7UkenGZAcVz0W8YfzC2Qe9957Qf/1i9NtXFMbv8h36u/FMpN
LNeWrf/YCQpfC88dnfCcmayAtB0IbDhNJk2YswVkVVWnSgAlpOTmP/SBVe1pQB1I
ayseeSXyNFwAdd1p1rZeTo5zNgW+lIcPyducGt7CJtFm/Q==
-----END CERTIFICATE-----