Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/6kRnAkqT3NsMUEvGRbz_ykrn26s.roa
File:                     6kRnAkqT3NsMUEvGRbz_ykrn26s.roa (raw, json)
Hash identifier:          pdPI/8N2P0riAjNuGPbUYBM/c4k3UtA8ckShxXB/6so=
Subject key identifier:   EA:44:67:02:4A:93:DC:DB:0C:50:4B:C6:45:BC:FF:CA:4A:E7:DB:AB
Certificate issuer:       /CN=93a229e266b2558899f3547ee63d84ed6594768b
Certificate serial:       018EEB35F65AC28346FA9335AC0D3BA62AE9
Authority key identifier: 93:A2:29:E2:66:B2:55:88:99:F3:54:7E:E6:3D:84:ED:65:94:76:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k6Ip4mayVYiZ81R-5j2E7WWUdos.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/6kRnAkqT3NsMUEvGRbz_ykrn26s.roa
Signing time:             Wed 17 Apr 2024 08:39:25 +0000
ROA not before:           Wed 17 Apr 2024 08:39:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200508
IP address blocks:        2a03:94e0:2101::/48 maxlen: 48
                          2a0a:cd80:1001::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/k6Ip4mayVYiZ81R-5j2E7WWUdos.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/k6Ip4mayVYiZ81R-5j2E7WWUdos.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k6Ip4mayVYiZ81R-5j2E7WWUdos.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:eb:35:f6:5a:c2:83:46:fa:93:35:ac:0d:3b:a6:2a:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93a229e266b2558899f3547ee63d84ed6594768b
        Validity
            Not Before: Apr 17 08:39:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea4467024a93dcdb0c504bc645bcffca4ae7dbab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:c2:a1:03:2e:e2:5a:70:39:32:52:f1:20:16:
                    4c:4d:7d:02:fc:49:5e:5f:6a:bc:2b:90:21:d0:3b:
                    f5:f5:0b:08:a1:f5:ea:5b:4d:44:21:bb:08:c1:b5:
                    85:8e:e4:f1:60:7c:71:fc:25:48:da:2f:da:6e:ff:
                    ce:e1:5a:47:0a:5b:0b:23:ea:25:a6:d2:68:34:da:
                    20:49:90:74:3a:37:16:aa:9b:bd:95:5f:44:a7:85:
                    02:24:b4:06:9f:4e:cf:18:4a:1c:c8:68:f4:63:5f:
                    d1:41:3e:a4:4b:c0:24:46:06:24:a4:d3:54:41:e0:
                    5f:50:6f:bb:de:39:84:fe:a5:b8:32:5e:44:55:57:
                    a6:9a:3c:6f:32:8e:1d:ee:bd:fe:f2:5d:cb:50:04:
                    c9:5f:1c:1e:a4:3a:fb:63:e6:4c:ef:22:95:a5:de:
                    4f:52:e1:47:a3:a2:3a:f5:70:6f:4b:80:32:4e:e1:
                    97:35:fb:b5:ae:ad:77:86:39:97:6e:85:83:fc:ed:
                    67:d6:e5:e9:ff:a2:f2:b8:69:7d:5d:04:a3:1c:e8:
                    48:25:37:a9:4f:3a:4a:0d:ad:57:ab:ad:df:45:c5:
                    d2:27:c8:69:34:f9:ea:72:4d:46:20:d3:1d:fe:c7:
                    04:67:53:cb:45:cd:93:df:f4:36:3a:e0:30:35:49:
                    87:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:44:67:02:4A:93:DC:DB:0C:50:4B:C6:45:BC:FF:CA:4A:E7:DB:AB
            X509v3 Authority Key Identifier:
                keyid:93:A2:29:E2:66:B2:55:88:99:F3:54:7E:E6:3D:84:ED:65:94:76:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k6Ip4mayVYiZ81R-5j2E7WWUdos.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/6kRnAkqT3NsMUEvGRbz_ykrn26s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/k6Ip4mayVYiZ81R-5j2E7WWUdos.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:94e0:2101::/48
                  2a0a:cd80:1001::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:34:9c:1a:08:82:1c:75:47:17:8c:db:00:cb:67:eb:a3:ea:
         d7:69:3f:76:60:4b:fa:43:3e:29:63:f9:95:89:2b:58:51:a9:
         21:b9:59:d8:5d:64:b6:64:e7:b6:df:07:b2:02:44:f1:ab:6c:
         99:2c:33:95:92:48:0c:a5:5c:b4:96:d5:ca:6e:dd:aa:b9:12:
         5c:82:6e:f8:a3:09:21:e6:b6:90:c0:d9:94:5a:0b:29:42:0d:
         79:8f:ea:b5:7f:ce:aa:06:74:94:51:a8:af:9a:f1:80:2f:f7:
         eb:30:74:ee:89:ce:f2:1d:83:3c:8b:03:f6:76:b1:33:7b:14:
         04:23:84:0d:0f:4c:14:21:cb:89:3e:71:66:5a:74:7c:08:c9:
         d3:14:77:9b:51:43:08:ce:55:63:62:05:0f:30:c2:46:bb:de:
         84:37:0a:ab:17:10:ca:aa:c0:b0:f8:2a:e5:42:83:85:f8:82:
         7e:4f:70:80:53:3d:44:8a:43:07:14:32:9f:1e:f6:29:e1:e0:
         ef:61:ff:a1:b5:ec:15:6f:1d:8b:7f:41:ee:75:d8:79:54:fb:
         c6:d3:d8:fe:1f:fd:01:1a:78:75:9c:ef:4c:e4:66:df:86:af:
         b8:1d:77:45:59:47:9d:e9:a3:91:71:4c:d4:d0:82:a4:64:56:
         97:2b:d2:70
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY7rNfZawoNG+pM1rA07pirpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYTIyOWUyNjZiMjU1ODg5OWYzNTQ3ZWU2M2Q4NGVkNjU5
NDc2OGIwHhcNMjQwNDE3MDgzOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTQ0NjcwMjRhOTNkY2RiMGM1MDRiYzY0NWJjZmZjYTRhZTdkYmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMKhAy7iWnA5MlLxIBZMTX0C/Ele
X2q8K5Ah0Dv19QsIofXqW01EIbsIwbWFjuTxYHxx/CVI2i/abv/O4VpHClsLI+ol
ptJoNNogSZB0OjcWqpu9lV9Ep4UCJLQGn07PGEocyGj0Y1/RQT6kS8AkRgYkpNNU
QeBfUG+73jmE/qW4Ml5EVVemmjxvMo4d7r3+8l3LUATJXxwepDr7Y+ZM7yKVpd5P
UuFHo6I69XBvS4AyTuGXNfu1rq13hjmXboWD/O1n1uXp/6LyuGl9XQSjHOhIJTep
TzpKDa1Xq63fRcXSJ8hpNPnqck1GINMd/scEZ1PLRc2T3/Q2OuAwNUmHZwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOpEZwJKk9zbDFBLxkW8/8pK59urMB8GA1UdIwQY
MBaAFJOiKeJmslWImfNUfuY9hO1llHaLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazZJcDRtYXlWWWlaODFSLTVqMkU3V1dVZG9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jNDA3M2EtOTIzYi00ZWNmLTk1NjYt
NGQ3NzdjYWNkOWE0LzEvNmtSbkFrcVQzTnNNVUV2R1Jiel95a3JuMjZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jNDA3M2EtOTIzYi00ZWNmLTk1NjYtNGQ3NzdjYWNkOWE0
LzEvazZJcDRtYXlWWWlaODFSLTVqMkU3V1dVZG9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgOU4CEB
AwcAKgrNgBABMA0GCSqGSIb3DQEBCwUAA4IBAQAENJwaCIIcdUcXjNsAy2fro+rX
aT92YEv6Qz4pY/mViStYUakhuVnYXWS2ZOe23weyAkTxq2yZLDOVkkgMpVy0ltXK
bt2quRJcgm74owkh5raQwNmUWgspQg15j+q1f86qBnSUUaivmvGAL/frMHTuic7y
HYM8iwP2drEzexQEI4QND0wUIcuJPnFmWnR8CMnTFHebUUMIzlVjYgUPMMJGu96E
NwqrFxDKqsCw+CrlQoOF+IJ+T3CAUz1EikMHFDKfHvYp4eDvYf+htewVbx2Lf0Hu
ddh5VPvG09j+H/0BGnh1nO9M5Gbfhq+4HXdFWUed6aORcUzU0IKkZFaXK9Jw
-----END CERTIFICATE-----