Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/pLRMCkjbhFiMNh52TnBAspU8Hjk.roa
File:                     pLRMCkjbhFiMNh52TnBAspU8Hjk.roa (raw, json)
Hash identifier:          U1FUmpIZB70rTHNhu4UV38Kt+GlWp4EPp8i4yoOh8xY=
Subject key identifier:   A4:B4:4C:0A:48:DB:84:58:8C:36:1E:76:4E:70:40:B2:95:3C:1E:39
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019427B566406A075C09E97595493D98A725
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/pLRMCkjbhFiMNh52TnBAspU8Hjk.roa
Signing time:             Thu 02 Jan 2025 15:49:47 +0000
ROA not before:           Thu 02 Jan 2025 15:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216075
IP address blocks:        2a10:4646:200::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:66:40:6a:07:5c:09:e9:75:95:49:3d:98:a7:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  2 15:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a4b44c0a48db84588c361e764e7040b2953c1e39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:88:9b:84:b3:9c:18:26:c4:a6:ba:d9:1c:8c:
                    c4:d1:6a:a2:2a:bc:93:57:db:ba:ce:c3:96:ea:e0:
                    07:16:1d:7c:61:91:b7:f8:1e:a0:b2:8d:01:5c:61:
                    d6:b3:b3:f1:69:a9:f0:04:82:9b:aa:bf:b5:3b:77:
                    70:41:70:48:be:95:11:7b:df:be:1e:28:a0:96:55:
                    ca:41:d2:51:ea:a7:80:4e:d4:72:89:7a:0d:b1:b8:
                    6d:73:e9:97:b8:13:7b:39:ec:57:8e:e3:e8:49:b1:
                    16:3b:6d:bf:ba:eb:11:3d:62:e3:3e:2c:8a:bb:39:
                    65:28:b9:61:67:4a:15:fc:00:eb:6b:9a:01:51:59:
                    dd:7e:a4:0e:51:5b:da:9f:a3:35:76:cc:b1:6a:d5:
                    ff:66:dc:ff:d2:28:86:80:8a:76:ff:d1:f8:0b:0e:
                    be:98:a1:d3:fe:e9:09:78:3b:5e:bd:95:d2:4b:be:
                    7c:3d:f9:1a:6f:15:c7:7c:bc:92:00:e5:44:18:f4:
                    41:5b:e6:5a:eb:53:71:f3:b0:2f:44:3b:ab:8c:7a:
                    71:e7:9c:dd:c3:0f:34:a0:4e:74:92:78:93:35:41:
                    83:a3:f1:b2:d2:21:e7:46:5e:fa:bb:8a:88:a6:12:
                    84:69:27:5b:b3:e1:6f:e2:10:04:15:40:d6:5a:09:
                    ee:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:B4:4C:0A:48:DB:84:58:8C:36:1E:76:4E:70:40:B2:95:3C:1E:39
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/pLRMCkjbhFiMNh52TnBAspU8Hjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:200::/44

    Signature Algorithm: sha256WithRSAEncryption
         55:4f:e5:c7:07:b3:40:a7:bb:91:4c:05:6a:40:bf:74:91:15:
         41:b4:f8:86:a9:2d:58:07:03:54:30:96:b9:b1:d2:89:6c:84:
         f8:0d:c9:84:d8:5a:dc:fb:98:84:b2:c1:ff:d2:87:9a:da:1f:
         65:0b:ca:9f:37:a2:de:07:9c:7d:d7:c6:ba:31:9b:ff:d7:d0:
         41:ac:16:10:aa:c5:85:2f:90:03:db:eb:0d:0b:e8:6d:76:43:
         54:39:58:78:c4:48:de:03:98:bb:3c:34:19:5e:94:fe:75:d4:
         72:0e:0e:77:ba:4d:a1:b7:b4:03:37:e5:0c:f4:7a:65:c2:16:
         3c:84:cd:a0:1b:df:d5:16:07:5a:85:cb:86:08:e3:2d:0e:bb:
         97:b3:7f:7e:94:50:5b:7d:f9:85:71:ad:79:ff:62:28:26:e5:
         c1:75:0c:21:c3:d6:3a:27:74:97:05:ae:36:9a:fb:c9:73:f6:
         63:3d:f1:cd:7c:7e:cb:5d:90:69:3d:d5:58:15:92:54:ae:2c:
         71:3d:cf:96:37:a4:ec:4a:65:2d:ab:ea:b8:78:89:6c:cc:84:
         c4:18:85:46:a8:9a:26:65:74:e7:db:e2:b4:3e:be:40:57:45:
         58:47:c1:17:2e:4f:35:63:a9:ea:4a:37:18:b6:33:01:5e:fe:
         fc:c7:b9:fe
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQntWZAagdcCel1lUk9mKclMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjUwMTAyMTU0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGI0NGMwYTQ4ZGI4NDU4OGMzNjFlNzY0ZTcwNDBiMjk1M2MxZTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIibhLOcGCbEprrZHIzE0WqiKryT
V9u6zsOW6uAHFh18YZG3+B6gso0BXGHWs7PxaanwBIKbqr+1O3dwQXBIvpURe9++
HiigllXKQdJR6qeATtRyiXoNsbhtc+mXuBN7OexXjuPoSbEWO22/uusRPWLjPiyK
uzllKLlhZ0oV/ADra5oBUVndfqQOUVvan6M1dsyxatX/Ztz/0iiGgIp2/9H4Cw6+
mKHT/ukJeDtevZXSS758PfkabxXHfLySAOVEGPRBW+Za61Nx87AvRDurjHpx55zd
ww80oE50kniTNUGDo/Gy0iHnRl76u4qIphKEaSdbs+Fv4hAEFUDWWgnuUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKS0TApI24RYjDYedk5wQLKVPB45MB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvcExSTUNramJoRmlNTmg1MlRuQkFzcFU4SGprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgIA
MA0GCSqGSIb3DQEBCwUAA4IBAQBVT+XHB7NAp7uRTAVqQL90kRVBtPiGqS1YBwNU
MJa5sdKJbIT4DcmE2Frc+5iEssH/0oea2h9lC8qfN6LeB5x918a6MZv/19BBrBYQ
qsWFL5AD2+sNC+htdkNUOVh4xEjeA5i7PDQZXpT+ddRyDg53uk2ht7QDN+UM9Hpl
whY8hM2gG9/VFgdahcuGCOMtDruXs39+lFBbffmFca15/2IoJuXBdQwhw9Y6J3SX
Ba42mvvJc/ZjPfHNfH7LXZBpPdVYFZJUrixxPc+WN6TsSmUtq+q4eIlszITEGIVG
qJomZXTn2+K0Pr5AV0VYR8EXLk81Y6nqSjcYtjMBXv78x7n+
-----END CERTIFICATE-----