Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/4hsvXB1iTRQzBfKiak8pW2I8BF4.roa
File:                     4hsvXB1iTRQzBfKiak8pW2I8BF4.roa (raw, json)
Hash identifier:          XAp414dDwa28MtvplUV/sn7g1yns68g20QzpT6TX080=
Subject key identifier:   E2:1B:2F:5C:1D:62:4D:14:33:05:F2:A2:6A:4F:29:5B:62:3C:04:5E
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019427B5659707EA5FDB928BBC1A1DCD989A
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/4hsvXB1iTRQzBfKiak8pW2I8BF4.roa
Signing time:             Thu 02 Jan 2025 15:49:46 +0000
ROA not before:           Thu 02 Jan 2025 15:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215663
IP address blocks:        2a10:4646:400::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 11:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:65:97:07:ea:5f:db:92:8b:bc:1a:1d:cd:98:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 15:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e21b2f5c1d624d143305f2a26a4f295b623c045e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ac:5b:ed:06:03:99:c0:97:a5:97:b5:ec:39:
                    e1:16:02:5f:17:b6:19:d4:4c:20:1b:6f:ec:a0:c9:
                    3d:f7:28:f9:ca:65:e1:8f:4b:48:5b:49:43:55:4d:
                    c2:c2:5b:9d:e3:82:9a:4f:d4:87:df:5d:0c:d4:4b:
                    ef:b0:00:df:2e:78:51:e7:94:b1:ec:78:84:47:8d:
                    d3:22:bb:89:53:32:d7:b1:3c:35:5c:3a:e7:85:6b:
                    a3:a3:65:25:af:64:d2:1e:5d:cd:63:7e:5e:b4:6d:
                    66:8d:96:6e:90:fa:8d:41:7b:d7:ce:d9:96:5b:75:
                    26:a5:ff:3f:5f:d4:44:27:13:62:78:72:c2:d0:7c:
                    70:cb:2d:5f:ff:c5:e4:83:86:88:c9:d5:95:9d:c4:
                    b7:da:86:a0:99:eb:7d:44:0a:8e:d2:35:f4:bd:dd:
                    95:fc:f5:ea:47:c6:de:6c:e5:aa:7d:f8:76:27:73:
                    c7:2f:7d:4e:ff:60:ac:04:98:77:dd:3b:69:c0:55:
                    4b:59:78:95:22:69:2d:ac:4b:a7:21:d2:b7:b6:81:
                    2c:9d:3d:27:e0:a1:61:6d:57:ff:37:ea:47:53:ba:
                    5b:24:94:60:2a:e7:bc:20:f5:f2:bf:19:ce:d1:7d:
                    5a:df:3d:a4:38:da:c6:69:8b:17:19:17:45:b3:ae:
                    ba:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:1B:2F:5C:1D:62:4D:14:33:05:F2:A2:6A:4F:29:5B:62:3C:04:5E
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/4hsvXB1iTRQzBfKiak8pW2I8BF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:400::/44

    Signature Algorithm: sha256WithRSAEncryption
         4a:9d:cf:20:73:87:0f:ee:dc:58:16:02:e0:ad:4b:c7:d3:7e:
         5a:cd:7c:78:e7:f9:65:5f:31:be:50:3e:98:c2:c9:fc:38:ff:
         04:3f:c4:80:a6:22:e4:7b:17:fe:d7:92:f5:bc:71:3a:3f:fb:
         1e:d6:37:36:0a:ea:ae:c9:76:ab:8f:55:84:29:3d:cd:aa:74:
         ad:8c:07:d4:ed:e9:5f:6d:cb:dc:bb:e0:76:ba:ba:fc:1d:6e:
         b2:fb:dd:ec:1f:8a:45:2d:da:57:9a:25:c7:92:23:fe:a3:f5:
         6d:3f:bc:a8:b8:c7:ff:94:c7:b9:00:14:e6:23:8d:55:dd:35:
         54:d1:2c:9d:35:cd:a2:5b:09:c0:61:2e:95:2c:7f:e3:a1:39:
         ef:f7:93:88:c3:f0:29:60:8f:68:1d:cb:85:14:f2:e2:f8:3c:
         d5:b8:fa:54:d3:bb:5c:b5:8e:1b:e7:3f:e9:27:6d:b7:0a:e1:
         be:99:a2:a3:39:67:ec:36:3e:0e:a6:74:47:2d:d1:9d:a4:2b:
         d7:c3:4c:ea:cb:1e:2c:80:0e:4c:15:14:18:66:43:30:5e:b2:
         48:31:02:fd:cf:cc:32:74:31:c4:42:46:8c:18:75:0a:0a:d3:
         57:e4:ab:b4:a5:5b:14:b4:06:25:d5:d6:6b:85:b8:2e:71:9f:
         a2:f7:e0:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntWWXB+pf25KLvBodzZiaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjUwMTAyMTU0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjFiMmY1YzFkNjI0ZDE0MzMwNWYyYTI2YTRmMjk1YjYyM2MwNDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqxb7QYDmcCXpZe17DnhFgJfF7YZ
1EwgG2/soMk99yj5ymXhj0tIW0lDVU3Cwlud44KaT9SH310M1EvvsADfLnhR55Sx
7HiER43TIruJUzLXsTw1XDrnhWujo2Ulr2TSHl3NY35etG1mjZZukPqNQXvXztmW
W3Umpf8/X9REJxNieHLC0Hxwyy1f/8Xkg4aIydWVncS32oagmet9RAqO0jX0vd2V
/PXqR8bebOWqffh2J3PHL31O/2CsBJh33TtpwFVLWXiVImktrEunIdK3toEsnT0n
4KFhbVf/N+pHU7pbJJRgKue8IPXyvxnO0X1a3z2kONrGaYsXGRdFs666fQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOIbL1wdYk0UMwXyompPKVtiPAReMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvNGhzdlhCMWlUUlF6QmZLaWFrOHBXMkk4QkY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgQA
MA0GCSqGSIb3DQEBCwUAA4IBAQBKnc8gc4cP7txYFgLgrUvH035azXx45/llXzG+
UD6Ywsn8OP8EP8SApiLkexf+15L1vHE6P/se1jc2CuquyXarj1WEKT3NqnStjAfU
7elfbcvcu+B2urr8HW6y+93sH4pFLdpXmiXHkiP+o/VtP7youMf/lMe5ABTmI41V
3TVU0SydNc2iWwnAYS6VLH/joTnv95OIw/ApYI9oHcuFFPLi+DzVuPpU07tctY4b
5z/pJ223CuG+maKjOWfsNj4OpnRHLdGdpCvXw0zqyx4sgA5MFRQYZkMwXrJIMQL9
z8wydDHEQkaMGHUKCtNX5Ku0pVsUtAYl1dZrhbgucZ+i9+CW
-----END CERTIFICATE-----