Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/fwxQxZGfZNTx01xvaAJZncp0iwc.roa
File:                     fwxQxZGfZNTx01xvaAJZncp0iwc.roa (raw, json)
Hash identifier:          ErZhmMBMz44uu1nZpJLxraDS3drrhcAxEAEAfjlaaAQ=
Subject key identifier:   7F:0C:50:C5:91:9F:64:D4:F1:D3:5C:6F:68:02:59:9D:CA:74:8B:07
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018CC49365B4C841A3E1BE1EA11973F1A941
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/fwxQxZGfZNTx01xvaAJZncp0iwc.roa
Signing time:             Mon 01 Jan 2024 10:30:43 +0000
ROA not before:           Mon 01 Jan 2024 10:30:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39091
IP address blocks:        2a10:4646:9::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 06:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:65:b4:c8:41:a3:e1:be:1e:a1:19:73:f1:a9:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  1 10:30:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f0c50c5919f64d4f1d35c6f6802599dca748b07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:5b:37:3d:a8:d7:bd:89:a0:8f:23:79:a4:52:
                    2e:f6:96:0e:08:ad:4d:e1:f2:db:4e:36:00:ff:c2:
                    ec:5c:84:e4:53:0e:c1:9f:ff:bf:3e:98:6d:40:cc:
                    7a:05:61:11:79:06:7e:da:b1:18:36:1f:3a:a4:af:
                    73:41:9b:4a:36:dd:66:da:72:ce:2e:37:b2:ec:c6:
                    53:4c:f8:af:37:cb:c0:8f:c1:25:97:f5:e9:08:3e:
                    07:64:8a:d7:3f:61:79:a4:91:34:af:d1:9c:51:ce:
                    74:7a:c0:27:cf:35:a3:99:b0:c3:e7:f8:17:61:53:
                    01:21:c6:fb:5e:0f:98:b1:c6:4e:af:e7:68:9a:47:
                    64:89:07:c2:be:51:f7:5e:45:00:a5:03:33:92:1a:
                    c6:1c:32:51:9d:1e:e2:e3:3d:5f:4e:32:9b:b7:08:
                    c7:76:36:bd:b3:47:43:df:5a:d4:96:0d:f0:f2:20:
                    d8:38:d3:d6:cf:2e:f8:df:8c:32:d9:4b:8b:b3:11:
                    ee:99:fe:ea:0b:35:8f:c3:41:93:db:04:d3:8f:eb:
                    de:6b:3c:f7:1d:37:7e:52:ea:b6:30:8e:5c:75:ce:
                    35:d4:3e:ea:d0:65:73:20:f2:ed:2e:65:30:04:98:
                    ee:95:a3:1a:8a:63:88:6c:51:84:0f:1d:b8:e4:1c:
                    0c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:0C:50:C5:91:9F:64:D4:F1:D3:5C:6F:68:02:59:9D:CA:74:8B:07
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/fwxQxZGfZNTx01xvaAJZncp0iwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         d1:bf:5c:7d:91:74:7c:92:b9:d3:d7:b4:ac:25:00:ff:18:ce:
         15:d2:64:a2:dd:32:f2:a9:73:b1:fe:08:40:37:0e:c2:35:48:
         85:f3:f4:e3:1d:de:5f:18:cf:c1:57:de:f9:91:33:db:9f:04:
         e9:0c:8a:73:f3:d1:3b:de:01:e5:14:22:de:0a:55:db:c7:cb:
         f2:de:a0:cd:49:e9:b7:aa:59:66:33:a2:bc:00:a8:1b:d6:83:
         cc:6a:f8:32:d0:47:78:ef:f9:8a:e4:39:b9:2e:e9:46:de:46:
         e1:41:dc:d2:56:d7:92:0a:9a:5b:09:c4:15:91:47:fc:36:24:
         80:17:c3:83:38:ee:3a:7f:75:4a:77:a2:8e:54:fe:31:71:40:
         15:b5:3d:1f:c5:0a:97:5f:58:cc:1a:6f:ef:13:c5:f5:44:d6:
         61:a9:2f:71:4f:0a:ad:e2:41:57:96:cf:b8:89:07:0a:7e:be:
         3b:08:cf:3e:93:3b:20:58:af:79:c3:b5:ce:87:74:cb:50:14:
         04:b6:6b:11:4b:97:6a:8c:aa:c8:4b:b2:24:19:90:70:42:5a:
         84:47:31:93:8a:a5:9e:49:f3:b5:1d:fa:88:84:cc:73:3d:37:
         b7:0d:fe:60:54:4f:90:04:ee:36:27:14:35:bb:ed:f5:36:8d:
         c4:24:e3:e1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk2W0yEGj4b4eoRlz8alBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTAxMTAzMDQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjBjNTBjNTkxOWY2NGQ0ZjFkMzVjNmY2ODAyNTk5ZGNhNzQ4YjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Fs3PajXvYmgjyN5pFIu9pYOCK1N
4fLbTjYA/8LsXITkUw7Bn/+/PphtQMx6BWEReQZ+2rEYNh86pK9zQZtKNt1m2nLO
Ljey7MZTTPivN8vAj8Ell/XpCD4HZIrXP2F5pJE0r9GcUc50esAnzzWjmbDD5/gX
YVMBIcb7Xg+YscZOr+domkdkiQfCvlH3XkUApQMzkhrGHDJRnR7i4z1fTjKbtwjH
dja9s0dD31rUlg3w8iDYONPWzy7434wy2UuLsxHumf7qCzWPw0GT2wTTj+veazz3
HTd+Uuq2MI5cdc411D7q0GVzIPLtLmUwBJjulaMaimOIbFGEDx245BwMJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH8MUMWRn2TU8dNcb2gCWZ3KdIsHMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvZnd4UXhaR2ZaTlR4MDF4dmFBSlpuY3AwaXdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhBGRgAJ
MA0GCSqGSIb3DQEBCwUAA4IBAQDRv1x9kXR8krnT17SsJQD/GM4V0mSi3TLyqXOx
/ghANw7CNUiF8/TjHd5fGM/BV975kTPbnwTpDIpz89E73gHlFCLeClXbx8vy3qDN
Sem3qllmM6K8AKgb1oPMavgy0Ed47/mK5Dm5LulG3kbhQdzSVteSCppbCcQVkUf8
NiSAF8ODOO46f3VKd6KOVP4xcUAVtT0fxQqXX1jMGm/vE8X1RNZhqS9xTwqt4kFX
ls+4iQcKfr47CM8+kzsgWK95w7XOh3TLUBQEtmsRS5dqjKrIS7IkGZBwQlqERzGT
iqWeSfO1HfqIhMxzPTe3Df5gVE+QBO42JxQ1u+31No3EJOPh
-----END CERTIFICATE-----