Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/W81rCzQb4TbKxPTooSlXa8XN4QI.roa
File:                     W81rCzQb4TbKxPTooSlXa8XN4QI.roa (raw, json)
Hash identifier:          CtqqoCzBFYTr59fu6lgBm7DIo8Hs2FvwBTe1ZDr7Ngk=
Subject key identifier:   5B:CD:6B:0B:34:1B:E1:36:CA:C4:F4:E8:A1:29:57:6B:C5:CD:E1:02
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019427B5629E460B05376C96696ACAA01D06
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/W81rCzQb4TbKxPTooSlXa8XN4QI.roa
Signing time:             Thu 02 Jan 2025 15:49:46 +0000
ROA not before:           Thu 02 Jan 2025 15:49:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212106
IP address blocks:        2a10:4646:11::/48 maxlen: 48
                          2a10:4646:60::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:62:9e:46:0b:05:37:6c:96:69:6a:ca:a0:1d:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 15:49:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5bcd6b0b341be136cac4f4e8a129576bc5cde102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:05:31:42:8f:13:da:da:40:c5:eb:00:76:78:
                    17:c4:96:3e:18:8f:ea:72:d3:81:d2:ba:29:35:33:
                    7e:d9:a8:6b:92:5d:a8:b6:ed:31:e7:14:7f:6e:da:
                    4f:06:7b:e5:fd:83:73:e7:b7:2a:a4:7c:95:13:7f:
                    86:90:56:a3:1d:12:87:4b:e4:ab:38:d5:10:05:8d:
                    fc:43:01:ad:2c:af:4b:05:b2:6d:91:01:c1:0f:d2:
                    99:8f:ae:57:36:f7:42:a7:d2:2e:c4:ea:6b:e8:5d:
                    50:56:46:9e:f6:19:70:ca:72:85:c2:98:d0:0a:b6:
                    5f:7e:e7:26:7c:dd:83:33:d5:b4:04:b2:cb:60:44:
                    f6:cb:33:d3:8f:c8:6d:ff:d0:13:46:58:a3:3e:1d:
                    b5:b2:68:ca:e3:34:1e:6d:3c:27:47:63:a0:72:d6:
                    b9:95:26:1b:c2:7d:47:a0:2e:b6:d1:2c:44:9d:51:
                    a2:2a:81:60:d4:b6:d5:5c:e4:39:5f:cf:8d:f1:bf:
                    ed:ca:1c:79:4d:8d:86:a7:6c:15:86:b6:ca:f5:3f:
                    ac:4a:70:1c:c6:75:c8:70:6f:e2:31:24:8b:cf:62:
                    07:9c:57:78:dd:50:57:7d:64:40:73:0b:33:e6:86:
                    79:75:8c:04:8b:28:6a:e9:5e:d5:ae:c1:17:ac:4e:
                    71:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:CD:6B:0B:34:1B:E1:36:CA:C4:F4:E8:A1:29:57:6B:C5:CD:E1:02
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/W81rCzQb4TbKxPTooSlXa8XN4QI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:11::/48
                  2a10:4646:60::/44

    Signature Algorithm: sha256WithRSAEncryption
         4f:0c:32:1a:fd:be:eb:2d:0c:ba:68:f3:d7:7a:12:a5:a2:f3:
         7b:55:04:2a:2c:32:0e:12:e9:46:3e:94:b9:7a:e4:c9:fd:34:
         ea:85:c7:69:c0:fc:d9:38:ab:7b:a5:bb:f5:65:de:bd:f0:21:
         da:66:97:d6:2e:30:8d:e8:0e:d4:fd:1e:e6:1b:9d:a9:d2:f6:
         ee:be:1e:14:6e:ba:28:fd:a1:dd:36:68:25:1d:a2:8f:b2:2a:
         f3:ac:c2:2d:1e:9e:55:e9:35:eb:c6:88:58:f9:08:d7:0c:a8:
         0b:7b:74:33:25:da:87:e3:50:9f:1c:4c:47:d9:61:d5:fc:ef:
         9a:3b:3a:38:5d:20:75:02:31:50:d5:29:be:6f:70:b1:1a:6a:
         04:38:d2:1a:7d:b1:07:54:ed:75:1a:78:7c:3f:52:97:ad:9e:
         5f:f1:4a:52:41:4b:b6:fc:94:98:5c:0c:39:8c:23:62:21:23:
         86:f4:b4:bf:da:57:12:61:c2:18:7d:04:34:d2:2b:46:37:41:
         cf:0c:d7:65:4d:80:a9:79:dc:0e:39:fc:ba:a6:e7:47:c9:82:
         40:ae:b1:d2:64:2c:9a:58:6a:2d:24:99:0e:80:dc:5a:5d:1f:
         e7:25:b2:8e:3a:a4:b8:27:57:0d:db:c0:9c:9f:e6:3b:ba:a2:
         62:d2:23:9b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQntWKeRgsFN2yWaWrKoB0GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjUwMTAyMTU0OTQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmNkNmIwYjM0MWJlMTM2Y2FjNGY0ZThhMTI5NTc2YmM1Y2RlMTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgUxQo8T2tpAxesAdngXxJY+GI/q
ctOB0ropNTN+2ahrkl2otu0x5xR/btpPBnvl/YNz57cqpHyVE3+GkFajHRKHS+Sr
ONUQBY38QwGtLK9LBbJtkQHBD9KZj65XNvdCp9IuxOpr6F1QVkae9hlwynKFwpjQ
CrZffucmfN2DM9W0BLLLYET2yzPTj8ht/9ATRlijPh21smjK4zQebTwnR2Ogcta5
lSYbwn1HoC620SxEnVGiKoFg1LbVXOQ5X8+N8b/tyhx5TY2Gp2wVhrbK9T+sSnAc
xnXIcG/iMSSLz2IHnFd43VBXfWRAcwsz5oZ5dYwEiyhq6V7VrsEXrE5xtwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFvNaws0G+E2ysT06KEpV2vFzeECMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvVzgxckN6UWI0VGJLeFBUb29TbFhhOFhONFFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhBGRgAR
AwcEKhBGRgBgMA0GCSqGSIb3DQEBCwUAA4IBAQBPDDIa/b7rLQy6aPPXehKlovN7
VQQqLDIOEulGPpS5euTJ/TTqhcdpwPzZOKt7pbv1Zd698CHaZpfWLjCN6A7U/R7m
G52p0vbuvh4Ubroo/aHdNmglHaKPsirzrMItHp5V6TXrxohY+QjXDKgLe3QzJdqH
41CfHExH2WHV/O+aOzo4XSB1AjFQ1Sm+b3CxGmoEONIafbEHVO11Gnh8P1KXrZ5f
8UpSQUu2/JSYXAw5jCNiISOG9LS/2lcSYcIYfQQ00itGN0HPDNdlTYCpedwOOfy6
pudHyYJArrHSZCyaWGotJJkOgNxaXR/nJbKOOqS4J1cN28Ccn+Y7uqJi0iOb
-----END CERTIFICATE-----