Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/3cwOhtgSXhi4ajb5tZo0Xfs-k6s.roa
File:                     3cwOhtgSXhi4ajb5tZo0Xfs-k6s.roa (raw, json)
Hash identifier:          JPBKuPq7WE9CFKFDDLjhI9Isd03CJ2NF4DCcSMyCJjc=
Subject key identifier:   DD:CC:0E:86:D8:12:5E:18:B8:6A:36:F9:B5:9A:34:5D:FB:3E:93:AB
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019A2C6F4ECB781A736CE587867612C3B9A0
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/3cwOhtgSXhi4ajb5tZo0Xfs-k6s.roa
Signing time:             Tue 28 Oct 2025 20:08:03 +0000
ROA not before:           Tue 28 Oct 2025 20:08:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204613
IP address blocks:        2a10:4646:260::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2c:6f:4e:cb:78:1a:73:6c:e5:87:86:76:12:c3:b9:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Oct 28 20:08:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ddcc0e86d8125e18b86a36f9b59a345dfb3e93ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:29:0d:f6:1b:6c:41:e2:37:1c:f1:56:cf:da:
                    31:24:79:07:8f:6d:57:79:1b:1c:b1:db:a1:de:38:
                    5b:d5:b2:d4:9b:92:fa:09:a4:37:12:f6:bc:c8:80:
                    41:45:c1:be:19:8d:c3:b5:42:c3:f3:3f:a3:b9:59:
                    d8:a5:d6:8b:ff:c5:91:64:db:62:0b:dc:0a:e9:00:
                    4d:ee:9d:97:6b:25:35:a1:8d:94:a8:f1:bd:ea:25:
                    e7:ff:c7:b2:80:fa:af:a7:b5:f0:d3:97:13:b9:b2:
                    4e:46:fd:d8:2c:30:18:43:cf:bd:e3:27:8e:f1:63:
                    99:cb:f4:8b:35:25:79:9c:3b:d5:01:4e:25:1b:16:
                    ce:57:af:a6:8b:33:d3:1f:7b:b4:cf:b9:54:af:dd:
                    73:5b:03:79:3a:c0:1e:91:47:dc:49:28:35:89:40:
                    34:84:87:1e:9c:53:f6:9b:fa:74:84:13:52:c1:41:
                    ad:5d:b1:ec:f4:57:f4:cf:13:d1:db:27:7f:ca:40:
                    df:ce:72:87:c9:6b:0c:d8:ce:32:ee:a3:24:90:92:
                    ae:c7:1f:c3:05:35:53:03:b9:05:01:8d:41:13:16:
                    73:a7:83:15:63:d6:bf:dc:48:77:90:25:38:ce:67:
                    33:62:c1:46:74:7b:8a:94:e0:d4:12:16:e2:b5:b7:
                    1b:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:CC:0E:86:D8:12:5E:18:B8:6A:36:F9:B5:9A:34:5D:FB:3E:93:AB
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/3cwOhtgSXhi4ajb5tZo0Xfs-k6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:260::/44

    Signature Algorithm: sha256WithRSAEncryption
         45:ad:4d:6c:6e:6b:47:1a:3a:46:da:a6:78:d7:f7:70:f0:00:
         ff:ac:55:3b:e6:04:f6:41:a6:05:8b:49:e5:a2:66:21:2e:c7:
         17:d1:83:23:60:d4:ee:88:5f:9a:1f:53:0e:fe:a6:25:4e:98:
         c7:fa:7e:94:69:1e:52:89:29:5c:a9:a0:a6:6b:86:3c:cc:60:
         02:07:06:95:ff:9d:54:3d:3d:1a:4c:3d:3d:34:45:27:87:be:
         85:2f:6b:0f:89:66:d1:42:f7:35:62:05:b0:b7:3b:39:e3:ef:
         2c:96:b2:b8:50:42:69:1a:3d:15:7d:63:a6:a6:37:cc:2e:13:
         d6:5c:60:6f:ab:a9:24:2a:82:c7:bc:e8:df:9b:9c:61:4b:d8:
         e0:55:5b:97:20:5e:87:f1:b4:15:08:e1:ee:df:40:5c:1b:2b:
         10:81:34:e5:91:e8:60:08:81:ff:93:2f:70:c5:91:72:a2:e4:
         3c:86:c2:fd:d8:f5:96:dd:68:06:41:65:f9:fb:ce:a1:3b:3e:
         94:6f:36:59:4e:c8:e4:7f:b5:7d:6f:31:2a:9c:7b:82:3b:ce:
         8c:37:a8:d3:5d:95:62:6d:ed:ab:60:8d:ad:4d:e7:f1:6d:2e:
         7d:46:8f:4c:b9:50:96:71:0d:85:f1:8d:f0:7a:b1:73:02:8a:
         cf:db:86:18
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZosb07LeBpzbOWHhnYSw7mgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjUxMDI4MjAwODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGNjMGU4NmQ4MTI1ZTE4Yjg2YTM2ZjliNTlhMzQ1ZGZiM2U5M2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCkN9htsQeI3HPFWz9oxJHkHj21X
eRscsduh3jhb1bLUm5L6CaQ3Eva8yIBBRcG+GY3DtULD8z+juVnYpdaL/8WRZNti
C9wK6QBN7p2XayU1oY2UqPG96iXn/8eygPqvp7Xw05cTubJORv3YLDAYQ8+94yeO
8WOZy/SLNSV5nDvVAU4lGxbOV6+mizPTH3u0z7lUr91zWwN5OsAekUfcSSg1iUA0
hIcenFP2m/p0hBNSwUGtXbHs9Ff0zxPR2yd/ykDfznKHyWsM2M4y7qMkkJKuxx/D
BTVTA7kFAY1BExZzp4MVY9a/3Eh3kCU4zmczYsFGdHuKlODUEhbitbcbtQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN3MDobYEl4YuGo2+bWaNF37PpOrMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvM2N3T2h0Z1NYaGk0YWpiNXRabzBYZnMtazZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgJg
MA0GCSqGSIb3DQEBCwUAA4IBAQBFrU1sbmtHGjpG2qZ41/dw8AD/rFU75gT2QaYF
i0nlomYhLscX0YMjYNTuiF+aH1MO/qYlTpjH+n6UaR5SiSlcqaCma4Y8zGACBwaV
/51UPT0aTD09NEUnh76FL2sPiWbRQvc1YgWwtzs54+8slrK4UEJpGj0VfWOmpjfM
LhPWXGBvq6kkKoLHvOjfm5xhS9jgVVuXIF6H8bQVCOHu30BcGysQgTTlkehgCIH/
ky9wxZFyouQ8hsL92PWW3WgGQWX5+86hOz6UbzZZTsjkf7V9bzEqnHuCO86MN6jT
XZVibe2rYI2tTefxbS59Ro9MuVCWcQ2F8Y3werFzAorP24YY
-----END CERTIFICATE-----