Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/FG5pNQ5_c3TjGvqm7drNqjAtp_0.roa
File:                     FG5pNQ5_c3TjGvqm7drNqjAtp_0.roa (raw, json)
Hash identifier:          pcv1sQ3cPr8Z5RqoT1cS23yqOKHpxM+1wRoitpX9AAY=
Subject key identifier:   14:6E:69:35:0E:7F:73:74:E3:1A:FA:A6:ED:DA:CD:AA:30:2D:A7:FD
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019427B55D106CBB3C1EF8C771412465A0A5
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/FG5pNQ5_c3TjGvqm7drNqjAtp_0.roa
Signing time:             Thu 02 Jan 2025 15:49:44 +0000
ROA not before:           Thu 02 Jan 2025 15:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201480
IP address blocks:        2a10:4646:250::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:5d:10:6c:bb:3c:1e:f8:c7:71:41:24:65:a0:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 15:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=146e69350e7f7374e31afaa6eddacdaa302da7fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:08:b1:08:8b:01:1e:28:5f:b5:84:76:b0:78:
                    07:b1:f8:6e:c6:02:0a:a0:b9:d0:56:79:c7:93:a6:
                    39:38:5c:f4:99:8a:c8:70:9f:5b:ef:e0:b7:65:73:
                    6a:c6:58:b1:ea:d5:73:82:7f:c7:cc:61:e2:33:d4:
                    93:b8:3a:96:78:a7:3b:b5:c9:14:9e:1c:c8:d2:ea:
                    ae:50:ea:33:bf:ed:9d:52:0f:c8:17:99:ef:49:91:
                    54:90:01:8d:4f:a3:99:4e:9d:bb:9c:03:a8:26:fd:
                    f7:48:29:a1:5c:51:85:60:a4:e0:75:fb:08:9e:3d:
                    4d:fc:e5:9a:f7:de:65:93:2a:c9:f2:e7:e7:73:6c:
                    4b:9d:cb:85:bc:5b:7a:d4:0f:2c:db:a5:3b:7a:65:
                    ce:a4:e6:b2:94:b1:49:b6:20:68:2c:d1:e3:aa:89:
                    0f:6d:13:d0:49:8a:78:6c:1b:34:01:b5:22:69:4d:
                    54:49:4d:c2:8a:e2:d7:ab:a5:f4:f3:5a:45:3b:50:
                    c0:e4:cd:29:7e:fc:66:4d:a4:1c:e9:8f:9e:a2:bb:
                    03:86:dd:5a:73:32:78:91:2f:18:0d:5a:d2:a5:8a:
                    0d:d5:bb:62:50:06:62:0b:82:bf:f0:be:92:bb:40:
                    f1:77:3c:13:79:3c:3f:f1:bb:a8:19:15:ea:6e:ab:
                    23:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:6E:69:35:0E:7F:73:74:E3:1A:FA:A6:ED:DA:CD:AA:30:2D:A7:FD
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/FG5pNQ5_c3TjGvqm7drNqjAtp_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:250::/44

    Signature Algorithm: sha256WithRSAEncryption
         17:da:ce:1c:d3:88:d6:10:46:f7:ab:88:54:d7:ec:67:8f:51:
         90:b1:46:20:51:7b:be:aa:de:b3:8c:e8:78:8c:26:ff:4e:9e:
         c5:9b:1a:a7:7b:c5:e4:b9:5a:24:11:31:24:e8:82:86:a4:91:
         ec:b5:2d:dc:37:1c:33:80:27:e2:68:95:65:3d:6e:68:1e:ef:
         0b:ad:9f:ed:3e:49:f6:8f:9b:e2:d9:03:3b:38:c5:ff:3b:eb:
         00:de:1f:f5:7d:47:19:f8:2f:a1:10:ff:bc:6e:8a:fb:f0:33:
         1e:9e:01:49:36:6c:1b:bc:d8:65:2b:c2:ee:fc:22:03:78:0a:
         82:c5:38:f5:f7:b6:0f:98:20:48:16:22:f0:5c:a0:1a:5a:c9:
         57:08:0c:e6:0c:c4:c9:54:67:29:fb:b7:c2:13:5d:fa:4a:87:
         c5:51:8e:56:59:8c:7f:3b:d2:26:dd:db:a5:0f:27:a2:2d:66:
         9d:e7:8c:ce:ae:77:1a:1f:29:65:2b:d2:28:3e:ef:dc:cc:b6:
         cf:37:3d:09:c3:e8:f4:c7:90:0e:91:fe:0e:ed:f2:17:cf:34:
         db:02:b0:fa:8a:b1:a9:6b:99:e1:bd:a1:a6:08:c5:23:8e:98:
         6b:89:99:57:ed:c7:9a:dc:6b:8d:cf:68:01:e3:47:60:fd:d9:
         f6:9e:cb:60
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntV0QbLs8HvjHcUEkZaClMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjUwMTAyMTU0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDZlNjkzNTBlN2Y3Mzc0ZTMxYWZhYTZlZGRhY2RhYTMwMmRhN2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgixCIsBHihftYR2sHgHsfhuxgIK
oLnQVnnHk6Y5OFz0mYrIcJ9b7+C3ZXNqxlix6tVzgn/HzGHiM9STuDqWeKc7tckU
nhzI0uquUOozv+2dUg/IF5nvSZFUkAGNT6OZTp27nAOoJv33SCmhXFGFYKTgdfsI
nj1N/OWa995lkyrJ8ufnc2xLncuFvFt61A8s26U7emXOpOaylLFJtiBoLNHjqokP
bRPQSYp4bBs0AbUiaU1USU3CiuLXq6X081pFO1DA5M0pfvxmTaQc6Y+eorsDht1a
czJ4kS8YDVrSpYoN1btiUAZiC4K/8L6Su0DxdzwTeTw/8buoGRXqbqsj1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBRuaTUOf3N04xr6pu3azaowLaf9MB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvRkc1cE5RNV9jM1RqR3ZxbTdkck5xakF0cF8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgJQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAX2s4c04jWEEb3q4hU1+xnj1GQsUYgUXu+qt6z
jOh4jCb/Tp7Fmxqne8XkuVokETEk6IKGpJHstS3cNxwzgCfiaJVlPW5oHu8LrZ/t
Pkn2j5vi2QM7OMX/O+sA3h/1fUcZ+C+hEP+8bor78DMengFJNmwbvNhlK8Lu/CID
eAqCxTj197YPmCBIFiLwXKAaWslXCAzmDMTJVGcp+7fCE136SofFUY5WWYx/O9Im
3dulDyeiLWad54zOrncaHyllK9IoPu/czLbPNz0Jw+j0x5AOkf4O7fIXzzTbArD6
irGpa5nhvaGmCMUjjphriZlX7cea3GuNz2gB40dg/dn2nstg
-----END CERTIFICATE-----