Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/LgEojSSWxqPQSa07ze94dva_jUY.roa
File:                     LgEojSSWxqPQSa07ze94dva_jUY.roa (raw, json)
Hash identifier:          bgXznWdGQZcKwK/PhDBEr8V0fAhdejJIL6EFj3ITnqs=
Subject key identifier:   2E:01:28:8D:24:96:C6:A3:D0:49:AD:3B:CD:EF:78:76:F6:BF:8D:46
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019427B562FF905464EC6E772D437B776EF0
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/LgEojSSWxqPQSa07ze94dva_jUY.roa
Signing time:             Thu 02 Jan 2025 15:49:46 +0000
ROA not before:           Thu 02 Jan 2025 15:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212124
IP address blocks:        2a10:4646:10::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 11:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:62:ff:90:54:64:ec:6e:77:2d:43:7b:77:6e:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 15:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e01288d2496c6a3d049ad3bcdef7876f6bf8d46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:c4:8c:4e:a3:3c:ba:80:5f:0e:95:de:11:c2:
                    ed:a2:00:9f:a9:43:fe:28:2d:6d:3a:93:fe:d5:81:
                    6f:d0:58:1a:64:45:90:f5:a5:11:6a:68:50:73:fa:
                    af:15:37:14:da:e7:49:03:64:85:f8:25:de:36:6a:
                    e1:e6:58:3c:ca:58:ff:65:8f:64:f1:62:81:d3:c6:
                    ed:8f:d0:14:b2:49:7d:60:30:95:77:4b:18:8e:93:
                    5c:3f:ac:cf:38:cc:3c:37:bc:5b:c6:fa:47:d4:25:
                    69:40:d1:54:71:67:33:6a:c9:68:d2:dd:ce:c1:57:
                    27:14:2c:81:10:ec:84:6f:4c:c2:bf:3d:71:98:de:
                    98:35:62:c9:cd:69:d9:79:f2:74:65:61:ae:db:b7:
                    0c:14:fb:d7:6d:fa:92:69:96:76:df:5c:62:55:60:
                    76:f1:bd:f6:f7:a7:fb:6d:f3:29:1b:c2:21:6d:63:
                    b5:93:2b:51:f6:ef:e3:87:dc:12:65:52:86:8a:2d:
                    b5:70:17:21:8f:64:ee:73:49:7d:00:3e:e5:93:34:
                    d7:ef:9a:34:76:3b:69:42:b4:6d:94:6d:b5:a9:da:
                    a2:00:ff:21:a3:28:9d:eb:33:8c:f0:09:f8:71:d9:
                    5f:ae:03:86:ea:1e:20:d2:dd:32:c5:c0:8f:36:b8:
                    9c:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:01:28:8D:24:96:C6:A3:D0:49:AD:3B:CD:EF:78:76:F6:BF:8D:46
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/LgEojSSWxqPQSa07ze94dva_jUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:b5:72:40:29:7c:29:98:1e:ad:22:db:4b:ac:36:6c:ee:f6:
         aa:11:a5:32:48:ea:99:cd:8a:09:30:bf:16:77:e9:48:47:0d:
         ae:1c:91:cf:1b:7d:7b:98:d1:00:d1:eb:55:3c:6a:03:f8:21:
         0e:2d:ed:f7:f8:e4:8a:60:86:2d:18:6e:49:6e:16:c8:3d:58:
         bc:8d:c5:88:63:ce:78:4c:05:95:42:7b:48:cb:97:f9:49:c4:
         35:01:28:71:08:9f:65:2c:fd:1f:cf:dd:d2:f7:26:20:1c:63:
         5d:bc:9c:f9:8e:ea:18:43:af:64:e6:e0:d1:6c:f3:64:9a:9f:
         3d:d1:f4:11:10:fb:c4:7a:29:17:90:be:14:0e:dd:3d:b6:51:
         9f:b3:0e:60:af:e5:66:01:21:23:ba:3b:62:44:0c:78:49:e3:
         46:df:a9:e6:49:53:87:4f:47:09:9d:5b:7c:22:7c:0c:d0:ef:
         db:e8:e9:15:6d:da:7b:fe:44:63:c3:06:b5:91:cb:67:b6:07:
         82:b3:8d:de:6b:a8:66:af:bb:dc:a1:1f:f6:e6:f1:d8:42:1d:
         fd:90:88:3d:5e:a5:32:0a:c2:18:be:02:7d:ea:dc:17:10:df:
         ea:aa:14:52:91:ac:24:ba:ed:63:dd:01:47:c9:bf:7a:88:2b:
         80:c5:c8:35
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntWL/kFRk7G53LUN7d27wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjUwMTAyMTU0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTAxMjg4ZDI0OTZjNmEzZDA0OWFkM2JjZGVmNzg3NmY2YmY4ZDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8SMTqM8uoBfDpXeEcLtogCfqUP+
KC1tOpP+1YFv0FgaZEWQ9aURamhQc/qvFTcU2udJA2SF+CXeNmrh5lg8ylj/ZY9k
8WKB08btj9AUskl9YDCVd0sYjpNcP6zPOMw8N7xbxvpH1CVpQNFUcWczaslo0t3O
wVcnFCyBEOyEb0zCvz1xmN6YNWLJzWnZefJ0ZWGu27cMFPvXbfqSaZZ231xiVWB2
8b3296f7bfMpG8IhbWO1kytR9u/jh9wSZVKGii21cBchj2Tuc0l9AD7lkzTX75o0
djtpQrRtlG21qdqiAP8hoyid6zOM8An4cdlfrgOG6h4g0t0yxcCPNricuwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC4BKI0klsaj0EmtO83veHb2v41GMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvTGdFb2pTU1d4cVBRU2EwN3plOTRkdmFfalVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhBGRgAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCltXJAKXwpmB6tIttLrDZs7vaqEaUySOqZzYoJ
ML8Wd+lIRw2uHJHPG317mNEA0etVPGoD+CEOLe33+OSKYIYtGG5JbhbIPVi8jcWI
Y854TAWVQntIy5f5ScQ1AShxCJ9lLP0fz93S9yYgHGNdvJz5juoYQ69k5uDRbPNk
mp890fQREPvEeikXkL4UDt09tlGfsw5gr+VmASEjujtiRAx4SeNG36nmSVOHT0cJ
nVt8InwM0O/b6OkVbdp7/kRjwwa1kctntgeCs43ea6hmr7vcoR/25vHYQh39kIg9
XqUyCsIYvgJ96twXEN/qqhRSkawkuu1j3QFHyb96iCuAxcg1
-----END CERTIFICATE-----