Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/edWgAsYhXnjVK_ZAgZJv2EVg21M.roa
File:                     edWgAsYhXnjVK_ZAgZJv2EVg21M.roa (raw, json)
Hash identifier:          yxVJ8y9zAMf82B6AUyRqMZYBE45lp/lxuUdAjgn0f2s=
Subject key identifier:   79:D5:A0:02:C6:21:5E:78:D5:2B:F6:40:81:92:6F:D8:45:60:DB:53
Certificate issuer:       /CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
Certificate serial:       018CC5DCD9EA5584A54CA8923B02A1CC67F6
Authority key identifier: D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/edWgAsYhXnjVK_ZAgZJv2EVg21M.roa
Signing time:             Mon 01 Jan 2024 16:30:34 +0000
ROA not before:           Mon 01 Jan 2024 16:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197961
IP address blocks:        2a10:f780:fffe::/48 maxlen: 48
                          2a10:f782::/48 maxlen: 56

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:d9:ea:55:84:a5:4c:a8:92:3b:02:a1:cc:67:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
        Validity
            Not Before: Jan  1 16:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79d5a002c6215e78d52bf64081926fd84560db53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:01:b0:bf:d6:b0:f7:ac:22:14:84:24:06:25:
                    0e:f4:8e:c1:df:75:be:b3:33:a1:f4:9c:9f:7a:a6:
                    49:6b:a1:a3:a6:9e:97:09:73:c3:27:69:63:36:bb:
                    5b:c9:8d:79:d4:bd:ed:61:12:fc:1b:1c:c2:40:6a:
                    10:c5:2d:a1:7b:92:f9:7c:f6:db:eb:1e:7b:09:17:
                    aa:2a:59:f3:9d:ac:43:f9:2c:55:fd:c2:58:5f:a8:
                    b2:75:7c:a9:cb:d7:03:d3:e0:c9:24:48:e2:ba:dd:
                    c8:93:c3:58:74:95:1b:fa:37:2b:d2:32:eb:40:40:
                    fa:46:7d:89:47:8e:24:b4:1c:b5:e2:d9:79:92:6b:
                    43:1a:7e:fb:70:62:6c:b4:6a:ab:b7:e7:a3:44:e9:
                    4b:e2:dc:f2:45:6f:bd:1e:59:04:e7:c5:96:db:70:
                    54:4d:29:ed:38:16:e2:76:cc:29:4e:43:e9:d9:ba:
                    be:90:c9:c5:d0:93:d0:a0:2c:aa:09:d2:0e:e2:6a:
                    6f:17:99:b6:b9:d1:21:3d:0d:18:bf:82:85:ab:b0:
                    de:8f:85:02:76:c3:03:f5:6e:70:1e:4d:bd:2b:ce:
                    92:93:a7:1f:78:45:07:e7:17:4b:22:7e:ea:0b:3b:
                    ad:e8:58:c7:2a:7e:06:36:a3:e7:0d:69:d4:ff:07:
                    e5:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:D5:A0:02:C6:21:5E:78:D5:2B:F6:40:81:92:6F:D8:45:60:DB:53
            X509v3 Authority Key Identifier:
                keyid:D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/edWgAsYhXnjVK_ZAgZJv2EVg21M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:f780:fffe::/48
                  2a10:f782::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:1b:df:e0:c4:1b:40:14:c3:64:c6:41:18:fb:33:fd:73:24:
         35:01:69:85:05:c1:bb:11:c3:a6:a3:96:76:06:f2:7f:bb:69:
         d7:92:31:bd:06:27:93:2e:c7:b4:22:6a:a0:d5:5b:cb:2c:81:
         b1:93:8a:ff:35:c3:08:23:ff:75:d2:0f:88:39:6a:a3:1a:e0:
         f1:db:ed:de:65:df:c5:0d:fb:85:e1:40:d3:95:ee:cf:c5:0f:
         08:0c:f0:da:56:87:cf:d4:ed:43:64:d8:bd:ef:cc:6a:59:2e:
         b5:08:57:4a:df:0f:dd:0f:22:6c:a9:77:e4:39:2d:3b:2b:8f:
         7e:3b:4e:a3:c4:27:82:47:06:f8:03:51:21:40:54:38:89:20:
         a2:c9:06:eb:a8:8d:5f:70:60:97:7c:b9:f2:7d:03:70:3f:a7:
         60:a9:3f:2d:1f:1b:91:68:70:fc:c6:78:8b:f0:14:61:ba:fd:
         83:88:ed:be:e4:05:47:f8:89:35:14:bb:65:14:b4:83:61:5c:
         7e:d4:14:69:f4:de:37:0f:42:41:51:d4:b0:4d:51:59:3f:55:
         a2:04:45:b7:cd:f6:af:d2:ea:69:11:eb:91:11:29:c5:83:62:
         7c:7a:7f:7f:04:e1:75:c5:e4:77:07:8a:90:e0:e7:e7:e6:9d:
         77:39:71:84
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzF3NnqVYSlTKiSOwKhzGf2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZDU2ZjA3YmUxODRjYmE1MmY2ZmRjMDQ5ZTgxMTRkMjYx
NmMzMmEwHhcNMjQwMTAxMTYzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWQ1YTAwMmM2MjE1ZTc4ZDUyYmY2NDA4MTkyNmZkODQ1NjBkYjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQGwv9aw96wiFIQkBiUO9I7B33W+
szOh9JyfeqZJa6Gjpp6XCXPDJ2ljNrtbyY151L3tYRL8GxzCQGoQxS2he5L5fPbb
6x57CReqKlnznaxD+SxV/cJYX6iydXypy9cD0+DJJEjiut3Ik8NYdJUb+jcr0jLr
QED6Rn2JR44ktBy14tl5kmtDGn77cGJstGqrt+ejROlL4tzyRW+9HlkE58WW23BU
TSntOBbidswpTkPp2bq+kMnF0JPQoCyqCdIO4mpvF5m2udEhPQ0Yv4KFq7Dej4UC
dsMD9W5wHk29K86Sk6cfeEUH5xdLIn7qCzut6FjHKn4GNqPnDWnU/wfl2QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHnVoALGIV541Sv2QIGSb9hFYNtTMB8GA1UdIwQY
MBaAFNPVbwe+GEy6Uvb9wEnoEU0mFsMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYt
MWIwNmQxYzcwNGMxLzEvZWRXZ0FzWWhYbmpWS19aQWdaSnYyRVZnMjFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYtMWIwNmQxYzcwNGMx
LzEvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhD3gP/+
AwcAKhD3ggAAMA0GCSqGSIb3DQEBCwUAA4IBAQAKG9/gxBtAFMNkxkEY+zP9cyQ1
AWmFBcG7EcOmo5Z2BvJ/u2nXkjG9BieTLse0Imqg1VvLLIGxk4r/NcMII/910g+I
OWqjGuDx2+3eZd/FDfuF4UDTle7PxQ8IDPDaVofP1O1DZNi978xqWS61CFdK3w/d
DyJsqXfkOS07K49+O06jxCeCRwb4A1EhQFQ4iSCiyQbrqI1fcGCXfLnyfQNwP6dg
qT8tHxuRaHD8xniL8BRhuv2DiO2+5AVH+Ik1FLtlFLSDYVx+1BRp9N43D0JBUdSw
TVFZP1WiBEW3zfav0uppEeuRESnFg2J8en9/BOF1xeR3B4qQ4Ofn5p13OXGE
-----END CERTIFICATE-----