Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/HIuQQFKgSBuAKuZ5NFV39UWdk-0.roa
File:                     HIuQQFKgSBuAKuZ5NFV39UWdk-0.roa (raw, json)
Hash identifier:          6EaFRuDYvhQ4ZsTUqzReAUxLoig1ZR4YO2BpnNtxZIo=
Subject key identifier:   1C:8B:90:40:52:A0:48:1B:80:2A:E6:79:34:55:77:F5:45:9D:93:ED
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019427B5572C0EB192992911A6AE6FF5E362
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/HIuQQFKgSBuAKuZ5NFV39UWdk-0.roa
Signing time:             Thu 02 Jan 2025 15:49:43 +0000
ROA not before:           Thu 02 Jan 2025 15:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47484
IP address blocks:        2a10:4646:6::/48 maxlen: 48
                          2a10:4646:2f0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 11:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:57:2c:0e:b1:92:99:29:11:a6:ae:6f:f5:e3:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 15:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c8b904052a0481b802ae679345577f5459d93ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f8:d5:64:1f:ff:ea:bf:34:35:e8:dd:a6:be:
                    3a:53:35:aa:cc:64:6d:43:af:cb:45:4c:18:23:73:
                    9c:4f:8f:39:a1:ce:62:6c:f9:64:6d:61:73:9c:ed:
                    9b:8e:bc:00:20:f9:57:d8:14:5a:80:28:79:40:ad:
                    94:18:08:5b:a8:ab:26:05:7a:1d:7f:e8:0d:f5:04:
                    92:b4:de:a9:3e:fb:f8:2f:e5:b3:4d:38:84:9f:03:
                    2e:bc:2f:b3:d1:11:b1:b6:0e:e9:a0:17:e2:91:4d:
                    15:7e:40:3e:f4:05:bd:b4:27:24:ef:3a:6d:65:4a:
                    ec:d1:45:a7:81:f6:2b:4d:68:f8:c1:d5:8c:7f:14:
                    6c:f9:ed:bd:2a:42:3c:bd:6f:c8:90:92:52:26:69:
                    87:80:36:a8:cd:31:43:19:c8:a6:30:cb:8f:c5:f3:
                    a1:e2:2e:bd:d7:bf:3e:ff:04:87:5c:a0:52:1e:57:
                    82:9d:fc:75:d9:2a:6e:c6:7d:73:1d:c3:6f:93:2f:
                    79:0f:a6:55:f9:6f:d5:9d:b3:32:1f:39:df:6d:db:
                    f3:09:fa:a4:c0:23:e9:5d:bb:e4:55:9a:ae:f5:52:
                    fd:e3:b0:e5:93:fa:8d:f4:45:27:e6:fd:d2:ac:00:
                    7c:01:71:08:e6:20:92:57:88:88:e5:ce:5f:9f:f0:
                    77:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:8B:90:40:52:A0:48:1B:80:2A:E6:79:34:55:77:F5:45:9D:93:ED
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/HIuQQFKgSBuAKuZ5NFV39UWdk-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:6::/48
                  2a10:4646:2f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a5:68:eb:fe:9c:44:d4:c5:3a:d9:da:a1:e1:7d:ac:c1:a8:ca:
         4e:11:01:c3:71:7a:ac:76:89:d6:a6:ae:58:2e:e6:0c:a8:c0:
         99:04:02:59:22:ec:c3:ed:13:ea:10:65:bc:b0:b8:60:b0:b9:
         2f:ee:c5:5d:68:c7:17:a1:8e:d6:16:ac:47:2c:89:96:4b:f0:
         b9:f5:e5:7e:92:09:e1:7c:78:74:0b:2f:d1:94:32:cb:4a:ed:
         d4:a3:21:ad:ae:c9:2b:8a:62:56:bf:cb:e9:06:69:aa:76:68:
         99:61:2f:b7:e7:23:8c:46:59:28:cb:db:a1:71:ff:bd:92:72:
         19:78:fa:7f:ca:e4:a8:39:f4:58:c8:43:75:c0:27:30:1b:91:
         dd:07:d6:38:b9:f5:0b:e3:da:fb:e0:52:7c:a7:cf:5d:e5:eb:
         cb:ff:a8:f2:8d:42:18:fe:da:35:25:90:7f:e0:d2:11:cb:1f:
         68:07:a6:f1:7a:64:96:71:7f:b7:09:65:54:c4:52:6c:fd:f7:
         1d:b4:e4:cd:a7:88:68:cb:e9:e0:dc:db:0c:b8:ff:65:13:95:
         01:25:71:fb:d8:1c:59:90:f3:47:62:b7:da:fc:49:46:3e:a1:
         b7:df:85:59:ae:49:4e:c3:a8:0b:ee:a5:b2:cf:76:da:ee:fa:
         e9:e5:12:b1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQntVcsDrGSmSkRpq5v9eNiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjUwMTAyMTU0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzhiOTA0MDUyYTA0ODFiODAyYWU2NzkzNDU1NzdmNTQ1OWQ5M2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovjVZB//6r80Nejdpr46UzWqzGRt
Q6/LRUwYI3OcT485oc5ibPlkbWFznO2bjrwAIPlX2BRagCh5QK2UGAhbqKsmBXod
f+gN9QSStN6pPvv4L+WzTTiEnwMuvC+z0RGxtg7poBfikU0VfkA+9AW9tCck7zpt
ZUrs0UWngfYrTWj4wdWMfxRs+e29KkI8vW/IkJJSJmmHgDaozTFDGcimMMuPxfOh
4i69178+/wSHXKBSHleCnfx12Spuxn1zHcNvky95D6ZV+W/VnbMyHznfbdvzCfqk
wCPpXbvkVZqu9VL947Dlk/qN9EUn5v3SrAB8AXEI5iCSV4iI5c5fn/B3YwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFByLkEBSoEgbgCrmeTRVd/VFnZPtMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvSEl1UVFGS2dTQnVBS3VaNU5GVjM5VVdkay0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhBGRgAG
AwcEKhBGRgLwMA0GCSqGSIb3DQEBCwUAA4IBAQClaOv+nETUxTrZ2qHhfazBqMpO
EQHDcXqsdonWpq5YLuYMqMCZBAJZIuzD7RPqEGW8sLhgsLkv7sVdaMcXoY7WFqxH
LImWS/C59eV+kgnhfHh0Cy/RlDLLSu3UoyGtrskrimJWv8vpBmmqdmiZYS+35yOM
Rlkoy9uhcf+9knIZePp/yuSoOfRYyEN1wCcwG5HdB9Y4ufUL49r74FJ8p89d5evL
/6jyjUIY/to1JZB/4NIRyx9oB6bxemSWcX+3CWVUxFJs/fcdtOTNp4hoy+ng3NsM
uP9lE5UBJXH72BxZkPNHYrfa/ElGPqG334VZrklOw6gL7qWyz3ba7vrp5RKx
-----END CERTIFICATE-----