Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/0CT1joEXXqHn7ApZderh8oz-6X8.roa
File:                     0CT1joEXXqHn7ApZderh8oz-6X8.roa (raw, json)
Hash identifier:          BvOsPrngGNiLcDK7gBcQWH9QFWAThZP/Rzb+/PLbPTU=
Subject key identifier:   D0:24:F5:8E:81:17:5E:A1:E7:EC:0A:59:75:EA:E1:F2:8C:FE:E9:7F
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019427B5644651794532B7556FAB644E4562
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/0CT1joEXXqHn7ApZderh8oz-6X8.roa
Signing time:             Thu 02 Jan 2025 15:49:46 +0000
ROA not before:           Thu 02 Jan 2025 15:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214560
IP address blocks:        2a10:4646:123::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 11:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:64:46:51:79:45:32:b7:55:6f:ab:64:4e:45:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 15:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d024f58e81175ea1e7ec0a5975eae1f28cfee97f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:79:ee:e3:e4:4c:6c:44:37:13:56:bc:11:74:
                    b6:17:ab:d4:e7:cf:45:21:93:fb:4c:62:28:6e:5a:
                    28:9e:06:01:d9:db:24:bf:40:bf:b4:70:ff:f4:e0:
                    dc:33:56:f1:49:61:52:58:e1:e9:b0:15:84:68:03:
                    4e:93:d4:4b:c5:4f:43:7d:22:28:96:40:fc:da:3b:
                    e6:90:4b:b4:70:b7:8c:a1:68:0f:b4:be:2b:75:00:
                    63:3f:4d:74:fe:dd:40:1c:64:65:68:0f:ac:db:f2:
                    05:5f:34:06:6b:7c:80:32:75:74:dd:2c:10:e0:de:
                    8c:9a:a8:ff:28:72:ae:fd:55:f5:22:4c:59:c1:5a:
                    fe:b5:ff:df:28:b9:da:f4:5d:a0:43:8c:6c:c5:61:
                    33:59:93:11:83:3b:ad:fc:4d:8e:11:26:b7:8a:62:
                    bb:ac:3a:60:aa:2d:91:46:68:40:ff:de:b9:3b:f1:
                    5b:e9:9b:1a:d0:52:bb:51:a1:10:95:2b:78:4c:28:
                    3b:2f:4c:4c:34:40:ab:b8:2b:19:7b:29:26:da:f6:
                    c4:d5:ce:4a:41:0c:89:aa:62:6e:0b:29:98:5e:27:
                    4c:5c:b9:7e:78:81:92:a3:cb:bd:bc:a8:fd:f3:be:
                    ed:c8:ef:d3:0e:0f:8e:8d:4f:e9:e4:2d:01:cc:df:
                    2d:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:24:F5:8E:81:17:5E:A1:E7:EC:0A:59:75:EA:E1:F2:8C:FE:E9:7F
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/0CT1joEXXqHn7ApZderh8oz-6X8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:123::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:9b:e3:74:91:85:9d:39:02:57:37:00:b4:c4:98:cb:9c:ae:
         8c:15:b3:03:a3:8c:32:94:18:28:6c:32:b5:cb:2b:82:42:0a:
         7a:94:4f:44:8d:89:13:93:8a:09:74:75:d4:8c:19:41:7a:f2:
         6a:62:57:13:39:f5:ca:7b:e1:69:33:b1:ff:a0:03:98:1a:84:
         39:6a:3f:8a:5c:5a:a0:5b:e1:76:e3:23:96:c1:e6:1d:92:05:
         e7:7f:ab:55:6c:ef:75:71:b8:1c:6b:1a:1c:dc:19:73:3f:2b:
         eb:01:8e:d8:54:50:aa:60:aa:e1:c5:52:f1:78:81:39:a8:4d:
         d6:2f:1f:b9:1e:e2:c3:da:13:5f:03:d2:ec:29:dd:c9:70:4e:
         36:1f:49:3f:15:67:de:a0:35:c6:87:7f:c8:76:22:f4:53:7b:
         5d:52:b8:e8:b3:8a:31:06:d1:5b:f2:f8:ee:2b:81:85:84:93:
         7b:e2:9a:6a:a6:9c:f4:c9:32:bc:94:9f:6e:b3:4f:97:31:8f:
         e7:2b:e6:c9:d2:c2:1e:ab:e6:22:ee:23:26:e6:00:c1:33:17:
         f6:8d:05:27:80:47:93:34:82:64:d9:7f:f9:0d:cc:d7:ee:df:
         a6:d2:f0:e7:70:91:ff:94:a5:b3:db:9c:e7:44:19:c0:42:2c:
         67:a3:1b:e8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntWRGUXlFMrdVb6tkTkViMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjUwMTAyMTU0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDI0ZjU4ZTgxMTc1ZWExZTdlYzBhNTk3NWVhZTFmMjhjZmVlOTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHnu4+RMbEQ3E1a8EXS2F6vU589F
IZP7TGIobloongYB2dskv0C/tHD/9ODcM1bxSWFSWOHpsBWEaANOk9RLxU9DfSIo
lkD82jvmkEu0cLeMoWgPtL4rdQBjP010/t1AHGRlaA+s2/IFXzQGa3yAMnV03SwQ
4N6Mmqj/KHKu/VX1IkxZwVr+tf/fKLna9F2gQ4xsxWEzWZMRgzut/E2OESa3imK7
rDpgqi2RRmhA/965O/Fb6Zsa0FK7UaEQlSt4TCg7L0xMNECruCsZeykm2vbE1c5K
QQyJqmJuCymYXidMXLl+eIGSo8u9vKj9877tyO/TDg+OjU/p5C0BzN8tawIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNAk9Y6BF16h5+wKWXXq4fKM/ul/MB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvMENUMWpvRVhYcUhuN0FwWmRlcmg4b3otNlg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhBGRgEj
MA0GCSqGSIb3DQEBCwUAA4IBAQAmm+N0kYWdOQJXNwC0xJjLnK6MFbMDo4wylBgo
bDK1yyuCQgp6lE9EjYkTk4oJdHXUjBlBevJqYlcTOfXKe+FpM7H/oAOYGoQ5aj+K
XFqgW+F24yOWweYdkgXnf6tVbO91cbgcaxoc3BlzPyvrAY7YVFCqYKrhxVLxeIE5
qE3WLx+5HuLD2hNfA9LsKd3JcE42H0k/FWfeoDXGh3/IdiL0U3tdUrjos4oxBtFb
8vjuK4GFhJN74ppqppz0yTK8lJ9us0+XMY/nK+bJ0sIeq+Yi7iMm5gDBMxf2jQUn
gEeTNIJk2X/5DczX7t+m0vDncJH/lKWz25znRBnAQixnoxvo
-----END CERTIFICATE-----