Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/OufG3sBDvZI7hwG4WyzIc-Z0xOI.roa
File:                     OufG3sBDvZI7hwG4WyzIc-Z0xOI.roa (raw, json)
Hash identifier:          i/Y4cgjlSFEZdmlvRCXLNV99JlvYX2KAZ/g9aNaovag=
Subject key identifier:   3A:E7:C6:DE:C0:43:BD:92:3B:87:01:B8:5B:2C:C8:73:E6:74:C4:E2
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019427B55F90F0E494A8306F23E8EE65DEB2
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/OufG3sBDvZI7hwG4WyzIc-Z0xOI.roa
Signing time:             Thu 02 Jan 2025 15:49:45 +0000
ROA not before:           Thu 02 Jan 2025 15:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210810
IP address blocks:        2a10:4646:d0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 11:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:5f:90:f0:e4:94:a8:30:6f:23:e8:ee:65:de:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 15:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ae7c6dec043bd923b8701b85b2cc873e674c4e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c7:10:88:68:9c:a0:7f:6c:e3:3d:c3:c0:44:
                    26:8c:41:de:31:22:3b:0e:fa:c2:6d:5c:e5:b7:5c:
                    04:98:c8:8a:cb:04:18:d7:42:63:43:39:fb:62:50:
                    8f:a2:c9:78:0f:79:6a:98:2c:0a:91:97:25:19:4c:
                    74:bf:9e:23:3f:cf:f2:a3:0b:a3:0e:7c:20:61:18:
                    4a:25:c7:cf:4f:87:a1:35:46:ad:09:86:da:1b:1b:
                    24:37:ac:bd:9e:f8:3d:bc:b2:b7:f3:ab:a5:68:d0:
                    21:26:67:10:25:f2:05:d2:46:1f:cf:38:8b:9a:42:
                    43:b8:ac:c5:0e:52:c8:7a:70:2f:7d:bf:16:d6:38:
                    09:74:f2:e4:5d:4f:cd:65:95:74:8a:dc:df:bf:8f:
                    10:a4:5d:3f:19:9c:15:26:71:54:74:c7:78:60:68:
                    d6:77:3e:fa:fc:61:b9:31:dd:41:ac:f9:87:6a:42:
                    dc:88:91:d9:ee:fe:a1:7c:2c:90:9e:29:7e:fb:45:
                    6e:dd:9c:2c:05:8b:7f:8f:e2:1a:39:0b:8e:1d:b7:
                    0b:b9:f6:6b:59:a3:1b:f6:71:0d:e4:0e:a3:8e:27:
                    2a:b5:a0:48:7d:7c:2c:dd:83:06:f0:07:b7:fd:ce:
                    3c:1e:1a:50:b5:25:24:09:6f:d9:24:f7:5f:5a:24:
                    ca:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:E7:C6:DE:C0:43:BD:92:3B:87:01:B8:5B:2C:C8:73:E6:74:C4:E2
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/OufG3sBDvZI7hwG4WyzIc-Z0xOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         c9:0b:94:72:fe:4e:90:93:62:63:ad:f2:59:08:d6:91:52:74:
         f9:d0:f5:28:bf:46:13:71:49:bc:59:e8:1c:14:00:66:f6:d9:
         e5:30:ca:7e:30:79:12:53:34:38:a0:e2:b8:1e:ad:60:77:66:
         73:3c:a5:fe:ea:56:67:02:dc:ad:e2:30:5c:4a:a1:1c:ed:63:
         1f:b7:82:39:73:04:01:14:b9:77:be:0e:54:7f:83:79:c4:1c:
         ca:50:ac:2e:64:b9:4c:b7:a6:ad:61:cd:c6:34:44:3d:48:11:
         4a:ee:20:ed:66:cb:c3:98:51:0b:42:ba:c8:8d:3c:09:a4:2f:
         4a:51:be:0f:13:97:a0:74:35:bc:f7:07:6d:82:90:74:0a:06:
         ec:77:ab:63:af:b3:b7:2c:27:15:c7:d5:fe:12:87:a1:ff:cf:
         90:50:47:a6:90:65:a9:a3:db:63:82:42:57:03:bd:07:26:f4:
         f4:6c:82:f7:aa:04:18:16:fe:cf:d3:19:b9:3b:bb:18:60:18:
         d3:57:83:2b:73:bb:ce:99:f8:ef:d3:77:34:d1:09:db:39:99:
         4e:3b:f4:d5:f4:a4:94:14:28:b3:6d:e7:0d:75:23:96:98:b0:
         c6:da:45:d7:f1:f4:6d:91:58:1a:57:1b:fe:91:4d:4d:3c:57:
         0f:43:7f:49
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntV+Q8OSUqDBvI+juZd6yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjUwMTAyMTU0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWU3YzZkZWMwNDNiZDkyM2I4NzAxYjg1YjJjYzg3M2U2NzRjNGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ccQiGicoH9s4z3DwEQmjEHeMSI7
DvrCbVzlt1wEmMiKywQY10JjQzn7YlCPosl4D3lqmCwKkZclGUx0v54jP8/yowuj
DnwgYRhKJcfPT4ehNUatCYbaGxskN6y9nvg9vLK386ulaNAhJmcQJfIF0kYfzziL
mkJDuKzFDlLIenAvfb8W1jgJdPLkXU/NZZV0itzfv48QpF0/GZwVJnFUdMd4YGjW
dz76/GG5Md1BrPmHakLciJHZ7v6hfCyQnil++0Vu3ZwsBYt/j+IaOQuOHbcLufZr
WaMb9nEN5A6jjicqtaBIfXws3YMG8Ae3/c48HhpQtSUkCW/ZJPdfWiTKZQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDrnxt7AQ72SO4cBuFssyHPmdMTiMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvT3VmRzNzQkR2Wkk3aHdHNFd5ekljLVoweE9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgDQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDJC5Ry/k6Qk2JjrfJZCNaRUnT50PUov0YTcUm8
WegcFABm9tnlMMp+MHkSUzQ4oOK4Hq1gd2ZzPKX+6lZnAtyt4jBcSqEc7WMft4I5
cwQBFLl3vg5Uf4N5xBzKUKwuZLlMt6atYc3GNEQ9SBFK7iDtZsvDmFELQrrIjTwJ
pC9KUb4PE5egdDW89wdtgpB0Cgbsd6tjr7O3LCcVx9X+Eoeh/8+QUEemkGWpo9tj
gkJXA70HJvT0bIL3qgQYFv7P0xm5O7sYYBjTV4Mrc7vOmfjv03c00QnbOZlOO/TV
9KSUFCizbecNdSOWmLDG2kXX8fRtkVgaVxv+kU1NPFcPQ39J
-----END CERTIFICATE-----