Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/D9x1CTV8F_4B-wx1zITSO-EMubE.roa
File:                     D9x1CTV8F_4B-wx1zITSO-EMubE.roa (raw, json)
Hash identifier:          HbzAlStX6f56p1esX7YT4omJKAR7bHh229e0ejlC5Eg=
Subject key identifier:   0F:DC:75:09:35:7C:17:FE:01:FB:0C:75:CC:84:D2:3B:E1:0C:B9:B1
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019427B55B964DBAC9AF4FC07DD770BAC395
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/D9x1CTV8F_4B-wx1zITSO-EMubE.roa
Signing time:             Thu 02 Jan 2025 15:49:44 +0000
ROA not before:           Thu 02 Jan 2025 15:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198831
IP address blocks:        2a10:4646:2d0::/44 maxlen: 44
                          2a10:4646:3f0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:5b:96:4d:ba:c9:af:4f:c0:7d:d7:70:ba:c3:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 15:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0fdc7509357c17fe01fb0c75cc84d23be10cb9b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:47:ee:e2:1a:8a:65:d1:4f:a7:0b:d9:4b:d2:
                    ab:e4:56:4c:34:13:c6:9c:25:61:90:ab:27:53:63:
                    a6:02:63:3e:90:4b:42:47:27:1b:15:8a:fc:f3:7d:
                    52:33:86:3b:66:8f:18:8b:7f:66:75:67:67:f5:63:
                    c4:59:93:25:64:6f:ef:c0:e9:6b:75:e5:ed:7d:9a:
                    a6:fa:fb:e2:d3:58:f3:c8:aa:7c:79:38:53:ad:59:
                    92:66:52:0c:f2:c4:03:73:40:ca:03:91:0a:ad:7c:
                    52:e6:56:c2:ef:67:58:d4:8c:6c:59:0a:92:54:c5:
                    ef:56:f1:34:21:d5:3d:a3:bf:e7:f8:4b:d6:64:b8:
                    7a:4e:07:df:22:3e:0e:3d:a1:47:74:e5:31:80:5d:
                    c5:ac:aa:2d:b3:91:9d:a0:33:89:1f:5e:c2:dd:f7:
                    d5:bd:d2:8d:90:ff:2b:58:2b:b0:ca:4e:83:be:86:
                    91:44:0c:95:d8:31:44:b7:f4:0c:78:a1:60:07:60:
                    71:71:af:49:6f:01:fe:00:d4:6c:f1:9c:ea:98:6b:
                    58:5d:23:e2:b3:f3:47:d9:1d:47:1b:d0:d1:2b:d0:
                    86:af:d5:fc:37:02:7e:4a:1d:35:82:6b:6f:97:a9:
                    d3:0e:67:4c:3c:f0:68:7c:16:12:7d:85:b3:46:80:
                    13:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:DC:75:09:35:7C:17:FE:01:FB:0C:75:CC:84:D2:3B:E1:0C:B9:B1
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/D9x1CTV8F_4B-wx1zITSO-EMubE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:2d0::/44
                  2a10:4646:3f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         c0:e4:07:00:76:ed:e4:83:5d:4b:70:0b:eb:99:7f:83:c1:10:
         14:45:18:ae:1c:ac:86:53:16:74:80:94:66:0a:d3:6c:f3:bb:
         d4:82:14:fe:16:a0:91:64:82:ce:c6:5d:3a:16:e5:7f:37:31:
         a6:86:0d:27:ad:70:1b:f6:78:7c:d3:65:f7:04:0e:24:6c:47:
         a8:88:69:bc:ba:39:7a:c0:05:c9:a0:64:a5:07:71:1f:9d:f3:
         56:5a:ae:e3:42:11:69:e0:b5:02:5a:0f:1f:af:cb:d3:3c:3c:
         cb:68:8a:de:72:e0:b1:17:20:6d:f6:4d:4b:50:c3:eb:f8:fc:
         43:ea:50:86:58:e5:df:b5:f8:c3:75:6b:11:1c:f4:c5:20:6f:
         c9:34:0a:97:38:ef:65:54:35:d8:0e:f7:8a:94:28:5c:da:0f:
         d2:48:b7:de:60:f8:42:d3:c4:1b:d8:e7:69:4b:b6:d1:88:b6:
         02:4d:b5:54:4e:91:8d:a9:04:cd:e0:ea:4e:8b:93:60:b8:ae:
         a5:f9:60:5f:b9:76:ec:97:d8:8d:34:05:67:a1:78:4e:94:92:
         b3:5e:d9:3d:c4:46:0c:88:e1:14:14:fc:41:6c:38:0c:18:18:
         05:36:df:7c:27:83:14:cf:ab:96:dd:35:83:37:55:59:bb:80:
         4a:82:88:95
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQntVuWTbrJr0/AfddwusOVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjUwMTAyMTU0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmRjNzUwOTM1N2MxN2ZlMDFmYjBjNzVjYzg0ZDIzYmUxMGNiOWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Efu4hqKZdFPpwvZS9Kr5FZMNBPG
nCVhkKsnU2OmAmM+kEtCRycbFYr8831SM4Y7Zo8Yi39mdWdn9WPEWZMlZG/vwOlr
deXtfZqm+vvi01jzyKp8eThTrVmSZlIM8sQDc0DKA5EKrXxS5lbC72dY1IxsWQqS
VMXvVvE0IdU9o7/n+EvWZLh6TgffIj4OPaFHdOUxgF3FrKots5GdoDOJH17C3ffV
vdKNkP8rWCuwyk6DvoaRRAyV2DFEt/QMeKFgB2Bxca9JbwH+ANRs8ZzqmGtYXSPi
s/NH2R1HG9DRK9CGr9X8NwJ+Sh01gmtvl6nTDmdMPPBofBYSfYWzRoATxwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA/cdQk1fBf+AfsMdcyE0jvhDLmxMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvRDl4MUNUVjhGXzRCLXd4MXpJVFNPLUVNdWJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhBGRgLQ
AwcEKhBGRgPwMA0GCSqGSIb3DQEBCwUAA4IBAQDA5AcAdu3kg11LcAvrmX+DwRAU
RRiuHKyGUxZ0gJRmCtNs87vUghT+FqCRZILOxl06FuV/NzGmhg0nrXAb9nh802X3
BA4kbEeoiGm8ujl6wAXJoGSlB3EfnfNWWq7jQhFp4LUCWg8fr8vTPDzLaIrecuCx
FyBt9k1LUMPr+PxD6lCGWOXftfjDdWsRHPTFIG/JNAqXOO9lVDXYDveKlChc2g/S
SLfeYPhC08Qb2OdpS7bRiLYCTbVUTpGNqQTN4OpOi5NguK6l+WBfuXbsl9iNNAVn
oXhOlJKzXtk9xEYMiOEUFPxBbDgMGBgFNt98J4MUz6uW3TWDN1VZu4BKgoiV
-----END CERTIFICATE-----