Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/ZpHfQln9-nhNvGP09f9sAhxXcNs.roa
File:                     ZpHfQln9-nhNvGP09f9sAhxXcNs.roa (raw, json)
Hash identifier:          AzusUcHixnd3BVAIjTrQ7OWrK60kB1J2zqE+2Sa45eM=
Subject key identifier:   66:91:DF:42:59:FD:FA:78:4D:BC:63:F4:F5:FF:6C:02:1C:57:70:DB
Certificate issuer:       /CN=b307c87e7b6e294f2700790eef19e82939d85cd6
Certificate serial:       01934E63E6B8D3A247071D04D20E45939A3C
Authority key identifier: B3:07:C8:7E:7B:6E:29:4F:27:00:79:0E:EF:19:E8:29:39:D8:5C:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/swfIfntuKU8nAHkO7xnoKTnYXNY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/ZpHfQln9-nhNvGP09f9sAhxXcNs.roa
Signing time:             Thu 21 Nov 2024 11:03:10 +0000
ROA not before:           Thu 21 Nov 2024 11:03:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20940
IP address blocks:        2a10:fa44:100::/64 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/swfIfntuKU8nAHkO7xnoKTnYXNY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/swfIfntuKU8nAHkO7xnoKTnYXNY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/swfIfntuKU8nAHkO7xnoKTnYXNY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4e:63:e6:b8:d3:a2:47:07:1d:04:d2:0e:45:93:9a:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b307c87e7b6e294f2700790eef19e82939d85cd6
        Validity
            Not Before: Nov 21 11:03:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6691df4259fdfa784dbc63f4f5ff6c021c5770db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:7b:23:f4:d7:2c:20:09:93:92:c2:be:1e:0f:
                    0e:29:75:36:0f:10:01:cb:74:8c:b4:a0:d0:40:97:
                    33:9c:69:e3:ef:41:18:34:bd:81:d6:8a:6f:49:8d:
                    ff:86:e1:cf:42:73:69:79:b2:27:12:ff:2e:da:23:
                    9c:c3:b2:87:9b:c5:a7:bc:6c:e0:25:ef:66:c6:aa:
                    55:2b:b3:2a:ce:fc:bc:f1:06:6e:c6:29:a8:86:ad:
                    28:f7:b0:96:03:f3:c4:34:85:19:5d:3e:f2:e2:ca:
                    7f:dd:2c:13:81:cf:9f:76:66:90:29:e0:de:37:5e:
                    27:c0:6b:6b:57:2b:51:b3:c2:fa:ef:93:45:d3:84:
                    f1:aa:f5:70:d5:f1:ff:ba:83:e7:da:bf:db:f2:d4:
                    ca:ba:52:47:16:29:c2:41:21:ba:58:dd:2e:af:25:
                    cc:ca:85:7c:61:45:e9:a8:05:5d:39:df:b4:17:de:
                    bf:b3:da:4e:0d:d5:5f:4d:2f:ac:0b:f0:44:dd:b6:
                    3c:61:8c:f7:17:53:23:e4:76:0a:3c:57:76:0b:9e:
                    b1:b0:31:d9:61:8f:1d:ed:88:c5:9a:25:a4:6f:7d:
                    29:e0:20:d5:f0:b1:ef:75:d2:8d:f6:e2:cd:84:52:
                    fa:ad:ee:1b:b9:59:d4:c1:61:8e:b6:c2:7e:d0:fa:
                    ff:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:91:DF:42:59:FD:FA:78:4D:BC:63:F4:F5:FF:6C:02:1C:57:70:DB
            X509v3 Authority Key Identifier:
                keyid:B3:07:C8:7E:7B:6E:29:4F:27:00:79:0E:EF:19:E8:29:39:D8:5C:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/swfIfntuKU8nAHkO7xnoKTnYXNY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/ZpHfQln9-nhNvGP09f9sAhxXcNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/da642a-a6ab-4705-9587-64945a4f8e12/1/swfIfntuKU8nAHkO7xnoKTnYXNY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:fa44:100::/64

    Signature Algorithm: sha256WithRSAEncryption
         87:4d:19:c6:c0:15:75:41:3b:ec:04:82:90:23:44:a9:88:6e:
         a6:0f:79:43:56:13:75:9d:e6:20:0b:5a:6e:32:c1:cd:af:56:
         52:cf:9c:86:80:b0:55:23:09:9e:1f:d6:85:8b:43:b9:6c:99:
         a9:2a:23:84:ee:53:08:47:ad:4c:84:4c:2f:e4:5e:25:2a:04:
         93:71:fe:07:cd:a8:02:16:7b:dc:75:5a:d8:ae:11:67:09:e3:
         11:ed:2c:4a:95:e2:99:14:1d:56:74:13:7c:11:7d:99:96:d2:
         f6:27:f1:99:be:78:23:92:71:89:c1:ce:a9:32:24:31:5c:9e:
         e2:ff:19:c8:2a:9e:f1:44:87:a5:fc:ea:ce:33:c2:92:e6:e2:
         64:9e:9a:92:b4:c6:df:05:d4:3e:fb:af:70:db:81:6c:51:c0:
         35:ce:29:4c:39:d4:a1:f9:f3:e8:cb:40:c4:e2:59:0e:90:7a:
         35:04:77:85:08:5d:b8:05:9b:9b:21:75:de:3e:8a:03:17:2b:
         6e:16:7b:66:f2:b9:d6:e9:29:6f:e5:59:4a:7e:31:c5:fb:e0:
         19:42:e6:68:42:f2:6a:5f:47:86:ed:30:3f:c4:15:1b:7e:8a:
         83:4f:5e:31:4b:28:bd:42:8a:b1:cf:f8:0d:55:1d:4b:58:6f:
         a6:14:f1:b5
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZNOY+a406JHBx0E0g5Fk5o8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMDdjODdlN2I2ZTI5NGYyNzAwNzkwZWVmMTllODI5Mzlk
ODVjZDYwHhcNMjQxMTIxMTEwMzEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjkxZGY0MjU5ZmRmYTc4NGRiYzYzZjRmNWZmNmMwMjFjNTc3MGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3sj9NcsIAmTksK+Hg8OKXU2DxAB
y3SMtKDQQJcznGnj70EYNL2B1opvSY3/huHPQnNpebInEv8u2iOcw7KHm8WnvGzg
Je9mxqpVK7Mqzvy88QZuximohq0o97CWA/PENIUZXT7y4sp/3SwTgc+fdmaQKeDe
N14nwGtrVytRs8L675NF04TxqvVw1fH/uoPn2r/b8tTKulJHFinCQSG6WN0uryXM
yoV8YUXpqAVdOd+0F96/s9pODdVfTS+sC/BE3bY8YYz3F1Mj5HYKPFd2C56xsDHZ
YY8d7YjFmiWkb30p4CDV8LHvddKN9uLNhFL6re4buVnUwWGOtsJ+0Pr/nwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFGaR30JZ/fp4Tbxj9PX/bAIcV3DbMB8GA1UdIwQY
MBaAFLMHyH57bilPJwB5Du8Z6Ck52FzWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3dmSWZudHVLVThuQUhrTzd4bm9LVG5ZWE5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9kYTY0MmEtYTZhYi00NzA1LTk1ODct
NjQ5NDVhNGY4ZTEyLzEvWnBIZlFsbjktbmhOdkdQMDlmOXNBaHhYY05zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9kYTY0MmEtYTZhYi00NzA1LTk1ODctNjQ5NDVhNGY4ZTEy
LzEvc3dmSWZudHVLVThuQUhrTzd4bm9LVG5ZWE5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAAjALAwkAKhD6RAEA
AAAwDQYJKoZIhvcNAQELBQADggEBAIdNGcbAFXVBO+wEgpAjRKmIbqYPeUNWE3Wd
5iALWm4ywc2vVlLPnIaAsFUjCZ4f1oWLQ7lsmakqI4TuUwhHrUyETC/kXiUqBJNx
/gfNqAIWe9x1WtiuEWcJ4xHtLEqV4pkUHVZ0E3wRfZmW0vYn8Zm+eCOScYnBzqky
JDFcnuL/GcgqnvFEh6X86s4zwpLm4mSempK0xt8F1D77r3DbgWxRwDXOKUw51KH5
8+jLQMTiWQ6QejUEd4UIXbgFm5shdd4+igMXK24We2byudbpKW/lWUp+McX74BlC
5mhC8mpfR4btMD/EFRt+ioNPXjFLKL1CirHP+A1VHUtYb6YU8bU=
-----END CERTIFICATE-----