Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/H72gujMCMAZpLRg2cNnbawNMi2A.roa
File:                     H72gujMCMAZpLRg2cNnbawNMi2A.roa (raw, json)
Hash identifier:          mc2ktHWkVm4x7yx+zpHQ1y0JVlLOdpVbGYpYAwP02X4=
Subject key identifier:   1F:BD:A0:BA:33:02:30:06:69:2D:18:36:70:D9:DB:6B:03:4C:8B:60
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019427B562659D7354C7A44D1C8B830E59C6
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/H72gujMCMAZpLRg2cNnbawNMi2A.roa
Signing time:             Thu 02 Jan 2025 15:49:46 +0000
ROA not before:           Thu 02 Jan 2025 15:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212065
IP address blocks:        2a10:4646:c::/48 maxlen: 48
                          2a10:4646:14::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 07:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:62:65:9d:73:54:c7:a4:4d:1c:8b:83:0e:59:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 15:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1fbda0ba33023006692d183670d9db6b034c8b60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:53:79:bc:4b:81:4b:f6:1a:69:9c:2a:93:27:
                    e6:68:1e:cd:69:2e:eb:3d:b2:40:48:ac:c2:14:89:
                    12:8e:10:b9:7b:6b:1e:61:e2:a1:0d:35:cb:55:a8:
                    21:e0:28:b6:34:84:ea:78:77:bf:4d:45:25:3a:91:
                    13:82:48:7a:f6:68:34:f4:0f:3b:96:cf:94:aa:09:
                    d9:4d:5c:c1:47:22:cf:d5:40:bc:7c:bb:79:f5:b6:
                    18:8d:02:5c:b7:d2:46:10:0e:12:49:60:a5:f9:4f:
                    f4:6d:7c:2c:21:b8:b9:30:9e:cd:2b:c0:e9:f3:01:
                    dd:39:43:0d:13:11:45:84:f1:65:ad:47:eb:04:82:
                    3b:28:fa:a0:58:67:36:d9:71:9f:a6:5c:10:9e:af:
                    3c:fe:5c:0e:60:37:ac:91:99:20:27:11:cc:bd:95:
                    f4:05:21:be:d4:ee:79:54:2b:8b:b7:9f:d9:7c:3a:
                    ac:6c:34:7d:69:8c:00:52:0e:f1:61:63:33:ec:51:
                    8a:b8:a8:86:05:33:ce:d3:72:c0:91:d8:fc:94:93:
                    81:f6:73:c7:7a:f3:de:2e:c3:62:3f:16:31:85:8a:
                    a2:33:ef:ef:a0:4c:fe:01:20:ee:fd:1c:3a:d6:62:
                    62:7e:c5:9b:df:af:dc:b9:8d:08:1f:42:37:06:26:
                    3c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:BD:A0:BA:33:02:30:06:69:2D:18:36:70:D9:DB:6B:03:4C:8B:60
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/H72gujMCMAZpLRg2cNnbawNMi2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:c::/48
                  2a10:4646:14::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:46:e1:2e:86:18:3c:e5:d4:2b:b5:dc:db:72:c6:96:33:64:
         7d:e6:f3:ef:1e:c7:2e:35:e4:bb:77:53:33:03:43:46:13:e5:
         f2:8b:c3:57:48:86:48:fb:da:5c:b1:7c:d7:34:9d:93:ee:cb:
         a1:85:54:fd:3c:71:6c:88:55:a4:79:b7:95:29:9a:43:b3:84:
         9f:0b:01:3e:ec:c1:ae:f6:f4:db:2a:c4:ea:e4:e8:56:82:fd:
         08:32:14:02:fb:32:b1:c6:24:b4:94:bc:c9:c9:91:ba:05:c7:
         c7:b3:7b:6f:d8:84:07:fe:d0:51:ce:c3:fb:db:5c:f6:91:51:
         03:da:09:2a:3b:7a:65:cd:14:90:6f:8f:4a:d1:8b:46:cc:1e:
         31:f1:a5:42:8a:8a:7b:de:15:d5:37:b5:fc:9a:7b:05:6d:86:
         a1:10:25:e5:1f:8b:ed:30:05:75:7e:99:bc:54:79:1c:a5:11:
         eb:1d:06:ee:67:19:af:6f:2b:21:f8:71:ce:d4:8a:ee:4d:dc:
         0d:f7:79:70:05:2b:3b:31:63:4e:05:43:7d:2a:9d:0c:34:0e:
         30:1c:81:1e:d1:44:63:dd:0a:dd:30:8b:22:e9:7c:6f:ea:14:
         13:67:6a:3c:ee:e5:a8:dd:6b:9f:18:71:d9:f7:e8:25:f3:ed:
         49:18:75:ae
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQntWJlnXNUx6RNHIuDDlnGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjUwMTAyMTU0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmJkYTBiYTMzMDIzMDA2NjkyZDE4MzY3MGQ5ZGI2YjAzNGM4YjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVN5vEuBS/YaaZwqkyfmaB7NaS7r
PbJASKzCFIkSjhC5e2seYeKhDTXLVagh4Ci2NITqeHe/TUUlOpETgkh69mg09A87
ls+UqgnZTVzBRyLP1UC8fLt59bYYjQJct9JGEA4SSWCl+U/0bXwsIbi5MJ7NK8Dp
8wHdOUMNExFFhPFlrUfrBII7KPqgWGc22XGfplwQnq88/lwOYDeskZkgJxHMvZX0
BSG+1O55VCuLt5/ZfDqsbDR9aYwAUg7xYWMz7FGKuKiGBTPO03LAkdj8lJOB9nPH
evPeLsNiPxYxhYqiM+/voEz+ASDu/Rw61mJifsWb36/cuY0IH0I3BiY8KwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB+9oLozAjAGaS0YNnDZ22sDTItgMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvSDcyZ3VqTUNNQVpwTFJnMmNObmJhd05NaTJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhBGRgAM
AwcAKhBGRgAUMA0GCSqGSIb3DQEBCwUAA4IBAQAHRuEuhhg85dQrtdzbcsaWM2R9
5vPvHscuNeS7d1MzA0NGE+Xyi8NXSIZI+9pcsXzXNJ2T7suhhVT9PHFsiFWkebeV
KZpDs4SfCwE+7MGu9vTbKsTq5OhWgv0IMhQC+zKxxiS0lLzJyZG6BcfHs3tv2IQH
/tBRzsP721z2kVED2gkqO3plzRSQb49K0YtGzB4x8aVCiop73hXVN7X8mnsFbYah
ECXlH4vtMAV1fpm8VHkcpRHrHQbuZxmvbysh+HHO1IruTdwN93lwBSs7MWNOBUN9
Kp0MNA4wHIEe0URj3QrdMIsi6Xxv6hQTZ2o87uWo3WufGHHZ9+gl8+1JGHWu
-----END CERTIFICATE-----