Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/SBzgWhSF_OyJTG2wd8o-Ulr1nmk.roa
File:                     SBzgWhSF_OyJTG2wd8o-Ulr1nmk.roa (raw, json)
Hash identifier:          6nfYexvO1Kc2k+mD82GVF9WHZYMyGMTF3rCD7nDSq6c=
Subject key identifier:   48:1C:E0:5A:14:85:FC:EC:89:4C:6D:B0:77:CA:3E:52:5A:F5:9E:69
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019427B557995DE2CD6733814DB21392AD6E
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/SBzgWhSF_OyJTG2wd8o-Ulr1nmk.roa
Signing time:             Thu 02 Jan 2025 15:49:43 +0000
ROA not before:           Thu 02 Jan 2025 15:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52073
IP address blocks:        2a10:4646:120::/44 maxlen: 48
                          2a10:4646:120::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 11:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:57:99:5d:e2:cd:67:33:81:4d:b2:13:92:ad:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 15:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=481ce05a1485fcec894c6db077ca3e525af59e69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:5d:01:73:1e:2b:24:71:8d:80:6c:df:2c:5a:
                    ae:2b:95:84:0f:1a:0b:dc:0e:6c:20:a7:3f:08:b6:
                    13:a3:43:ce:27:47:a1:a3:6a:46:16:5b:8d:3a:c0:
                    d6:2c:40:f4:0f:24:7c:0c:9d:80:40:a4:35:52:cd:
                    d9:5e:a3:d6:37:d5:66:ee:8c:ca:c2:54:49:e6:0b:
                    fe:16:62:eb:96:83:a9:29:5a:91:d8:6a:9e:54:73:
                    18:60:66:10:88:38:09:1a:85:5a:70:65:3d:2b:74:
                    b3:1f:ef:0a:fe:0e:bd:6c:15:ef:98:df:b7:28:e5:
                    88:f4:24:a4:6e:ac:c9:8a:9e:7b:7a:b8:02:08:a1:
                    a0:fe:20:62:7c:2e:2b:88:15:17:eb:29:e6:c6:aa:
                    46:51:e3:ad:c2:55:49:d7:53:9a:77:67:30:ff:3d:
                    b0:9d:38:9f:41:ee:c9:d3:74:7b:3b:c6:ac:98:bc:
                    90:54:9e:25:70:a1:ce:d2:22:7d:7b:7b:85:c7:08:
                    c1:f0:61:d6:78:c8:11:a7:46:38:87:06:3b:7b:d0:
                    a5:8a:dd:ea:b4:11:a0:5d:c3:95:96:67:b0:9e:ae:
                    12:c9:47:d7:e1:19:d3:07:93:90:c9:41:76:6e:fe:
                    fe:ba:52:21:29:22:03:c0:39:7b:f9:53:17:17:bf:
                    78:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:1C:E0:5A:14:85:FC:EC:89:4C:6D:B0:77:CA:3E:52:5A:F5:9E:69
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/SBzgWhSF_OyJTG2wd8o-Ulr1nmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:120::/44

    Signature Algorithm: sha256WithRSAEncryption
         5a:39:1f:12:b6:ae:b1:e3:9e:f7:46:52:e5:96:03:8d:29:59:
         e9:98:ab:e2:bc:9c:51:6f:20:48:5c:5b:a8:bb:52:98:f2:5b:
         12:0e:bc:43:05:5e:b8:da:7c:8c:f3:8f:00:e1:9e:cc:ec:0f:
         16:2e:d8:1f:24:2b:5d:ed:e0:84:5a:bb:8c:c1:9e:c0:e7:a3:
         a1:1e:4d:e7:8e:e6:66:5b:d9:22:ef:09:ad:33:db:71:3e:57:
         90:b1:d1:76:7d:8c:e4:79:4d:7f:5c:dd:c0:0d:88:47:58:db:
         56:f2:cc:49:89:0d:17:26:18:61:d6:f8:c1:b4:a0:a6:21:ab:
         00:87:d7:bb:bd:2d:8d:3a:ff:cf:8c:e0:98:a5:75:c7:27:68:
         cf:ca:ef:23:82:f4:7f:59:5a:57:8b:49:8f:a9:1d:9b:fb:3c:
         8d:25:a1:af:14:a6:3a:de:1b:d9:5f:3a:0c:22:b9:17:f6:7a:
         98:f6:b3:7a:98:a9:f5:08:11:22:4e:90:44:1a:7e:87:c9:aa:
         98:b0:57:5d:29:bd:10:5f:6f:36:db:8b:e9:4c:39:4f:b8:11:
         12:56:08:f0:a5:ec:12:b5:47:cd:b0:48:94:85:f8:c0:c1:25:
         7e:f0:96:d6:56:88:0c:7b:bb:06:c8:a5:d5:5c:38:8d:fd:9d:
         63:c7:13:ea
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntVeZXeLNZzOBTbITkq1uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjUwMTAyMTU0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODFjZTA1YTE0ODVmY2VjODk0YzZkYjA3N2NhM2U1MjVhZjU5ZTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2V0Bcx4rJHGNgGzfLFquK5WEDxoL
3A5sIKc/CLYTo0POJ0eho2pGFluNOsDWLED0DyR8DJ2AQKQ1Us3ZXqPWN9Vm7ozK
wlRJ5gv+FmLrloOpKVqR2GqeVHMYYGYQiDgJGoVacGU9K3SzH+8K/g69bBXvmN+3
KOWI9CSkbqzJip57ergCCKGg/iBifC4riBUX6ynmxqpGUeOtwlVJ11Oad2cw/z2w
nTifQe7J03R7O8asmLyQVJ4lcKHO0iJ9e3uFxwjB8GHWeMgRp0Y4hwY7e9Clit3q
tBGgXcOVlmewnq4SyUfX4RnTB5OQyUF2bv7+ulIhKSIDwDl7+VMXF7949wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEgc4FoUhfzsiUxtsHfKPlJa9Z5pMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvU0J6Z1doU0ZfT3lKVEcyd2Q4by1VbHIxbm1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgEg
MA0GCSqGSIb3DQEBCwUAA4IBAQBaOR8Stq6x4573RlLllgONKVnpmKvivJxRbyBI
XFuou1KY8lsSDrxDBV642nyM848A4Z7M7A8WLtgfJCtd7eCEWruMwZ7A56OhHk3n
juZmW9ki7wmtM9txPleQsdF2fYzkeU1/XN3ADYhHWNtW8sxJiQ0XJhhh1vjBtKCm
IasAh9e7vS2NOv/PjOCYpXXHJ2jPyu8jgvR/WVpXi0mPqR2b+zyNJaGvFKY63hvZ
XzoMIrkX9nqY9rN6mKn1CBEiTpBEGn6HyaqYsFddKb0QX28224vpTDlPuBESVgjw
pewStUfNsEiUhfjAwSV+8JbWVogMe7sGyKXVXDiN/Z1jxxPq
-----END CERTIFICATE-----