Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/45wSdKS9u-kLwBER9DAdp0dOdgk.roa
File:                     45wSdKS9u-kLwBER9DAdp0dOdgk.roa (raw, json)
Hash identifier:          fvR/mlJedJy8x4zrL0etfG0pS/sgz873Mc4ixjc+vyg=
Subject key identifier:   E3:9C:12:74:A4:BD:BB:E9:0B:C0:11:11:F4:30:1D:A7:47:4E:76:09
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019427B55D8D8552A6089AD51E25D24E3977
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/45wSdKS9u-kLwBER9DAdp0dOdgk.roa
Signing time:             Thu 02 Jan 2025 15:49:44 +0000
ROA not before:           Thu 02 Jan 2025 15:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206569
IP address blocks:        2a10:4646:1a0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 11:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:5d:8d:85:52:a6:08:9a:d5:1e:25:d2:4e:39:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 15:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e39c1274a4bdbbe90bc01111f4301da7474e7609
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:aa:6b:4e:82:6b:8f:24:79:8a:14:4d:af:0f:
                    ac:0e:75:b3:c8:ae:ee:04:a6:fe:d1:0a:c7:a6:29:
                    36:f8:7e:3b:bb:d0:b5:1b:79:cd:96:8a:5d:f2:87:
                    28:d2:8d:8d:48:81:77:04:5d:d0:0c:8b:00:8f:8b:
                    7c:d4:00:c0:e1:30:fd:23:fb:71:6a:09:2d:a0:dc:
                    95:91:e6:53:f9:e9:93:42:00:9b:c3:b5:49:4d:ce:
                    8e:3b:14:00:63:b6:5b:05:75:03:ba:d2:a6:1b:4a:
                    24:de:b9:d2:8e:8c:b9:40:ee:c2:68:fa:04:43:b0:
                    22:45:fa:71:66:17:56:f7:73:23:b5:7b:d4:62:c0:
                    ae:5d:d4:5e:a5:b5:c0:ef:7d:4a:bd:2d:20:65:9d:
                    13:89:04:7a:5f:4c:89:37:4a:75:a1:ff:b1:19:d0:
                    a2:35:9d:27:dc:4a:92:2f:c3:3a:e3:b6:da:53:90:
                    e3:4c:7a:80:9e:c1:9c:c9:5d:6f:e8:13:d2:f3:aa:
                    5c:1a:7a:53:4a:d0:92:89:9c:f9:dd:99:43:51:7a:
                    ed:9a:71:c8:a5:4c:25:c1:69:71:0a:67:4f:c0:32:
                    56:4d:4d:40:cb:48:f1:a1:c6:32:1d:e5:82:1a:e3:
                    c3:8f:d2:78:d2:93:40:7a:8e:03:15:5f:f4:15:1c:
                    41:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:9C:12:74:A4:BD:BB:E9:0B:C0:11:11:F4:30:1D:A7:47:4E:76:09
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/45wSdKS9u-kLwBER9DAdp0dOdgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:1a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         06:52:f8:a0:5e:b7:39:5d:1f:86:3d:30:a9:55:a5:83:39:63:
         a0:54:bf:eb:25:c5:89:b2:f4:2f:c2:ff:d3:0f:37:e2:b3:dc:
         44:6d:a6:11:cb:39:47:30:bf:97:62:74:65:a3:da:9a:31:ae:
         d6:ae:88:24:87:6a:b8:ed:37:dd:86:3f:89:a8:44:50:ca:a4:
         41:9e:4e:07:d5:1b:07:ed:7a:d4:4d:65:d2:53:e4:4f:1e:b6:
         53:ae:99:1e:4e:8d:28:41:87:c8:64:62:51:58:68:93:26:b3:
         6f:b6:e6:74:09:e9:28:cd:72:c7:83:2d:2b:ff:5a:09:be:a7:
         a8:a9:ac:5a:9b:a8:a7:12:2b:d7:cb:51:f4:d5:f0:ce:6b:2a:
         98:5a:df:23:10:9c:73:c8:a8:3d:af:dc:2c:1f:f8:ff:d6:8e:
         42:8b:a8:8d:79:4a:3d:dc:06:ef:4e:41:58:9a:f4:22:59:5d:
         07:12:00:87:88:95:26:07:0c:4b:29:a1:7a:8e:5e:d1:a3:04:
         37:4d:57:89:13:f8:21:82:d4:4a:85:36:87:41:23:31:5a:5f:
         d6:cf:ee:43:e0:da:26:67:21:0a:c2:e2:3d:94:8e:8c:9c:3b:
         35:f2:cc:df:f2:a6:0b:e9:ec:19:8e:fa:84:e5:db:9e:02:15:
         62:3a:d7:b1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntV2NhVKmCJrVHiXSTjl3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjUwMTAyMTU0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzljMTI3NGE0YmRiYmU5MGJjMDExMTFmNDMwMWRhNzQ3NGU3NjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKprToJrjyR5ihRNrw+sDnWzyK7u
BKb+0QrHpik2+H47u9C1G3nNlopd8oco0o2NSIF3BF3QDIsAj4t81ADA4TD9I/tx
agktoNyVkeZT+emTQgCbw7VJTc6OOxQAY7ZbBXUDutKmG0ok3rnSjoy5QO7CaPoE
Q7AiRfpxZhdW93MjtXvUYsCuXdRepbXA731KvS0gZZ0TiQR6X0yJN0p1of+xGdCi
NZ0n3EqSL8M647baU5DjTHqAnsGcyV1v6BPS86pcGnpTStCSiZz53ZlDUXrtmnHI
pUwlwWlxCmdPwDJWTU1Ay0jxocYyHeWCGuPDj9J40pNAeo4DFV/0FRxBuwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOOcEnSkvbvpC8AREfQwHadHTnYJMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvNDV3U2RLUzl1LWtMd0JFUjlEQWRwMGRPZGdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgGg
MA0GCSqGSIb3DQEBCwUAA4IBAQAGUvigXrc5XR+GPTCpVaWDOWOgVL/rJcWJsvQv
wv/TDzfis9xEbaYRyzlHML+XYnRlo9qaMa7Wrogkh2q47Tfdhj+JqERQyqRBnk4H
1RsH7XrUTWXSU+RPHrZTrpkeTo0oQYfIZGJRWGiTJrNvtuZ0CekozXLHgy0r/1oJ
vqeoqaxam6inEivXy1H01fDOayqYWt8jEJxzyKg9r9wsH/j/1o5Ci6iNeUo93Abv
TkFYmvQiWV0HEgCHiJUmBwxLKaF6jl7RowQ3TVeJE/ghgtRKhTaHQSMxWl/Wz+5D
4NomZyEKwuI9lI6MnDs18szf8qYL6ewZjvqE5dueAhViOtex
-----END CERTIFICATE-----