Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/6qsA98uH4xQCbmQeG1-SnsTVUag.roa
File:                     6qsA98uH4xQCbmQeG1-SnsTVUag.roa (raw, json)
Hash identifier:          rBFKO0xQCm2OGBgFK4DScDQ0GKA+yYF2TjC1o38k9kM=
Subject key identifier:   EA:AB:00:F7:CB:87:E3:14:02:6E:64:1E:1B:5F:92:9E:C4:D5:51:A8
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018F3F08902E05D7367617FA372FD128717E
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/6qsA98uH4xQCbmQeG1-SnsTVUag.roa
Signing time:             Fri 03 May 2024 15:17:56 +0000
ROA not before:           Fri 03 May 2024 15:17:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215140
IP address blocks:        2a10:4646:440::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3f:08:90:2e:05:d7:36:76:17:fa:37:2f:d1:28:71:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: May  3 15:17:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eaab00f7cb87e314026e641e1b5f929ec4d551a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:f2:53:84:26:52:88:04:eb:21:07:5f:f4:ec:
                    5b:d1:a6:b5:6a:b3:8c:0b:7b:7b:fe:7d:05:86:13:
                    52:d3:a7:e7:67:01:c1:11:00:68:bd:e6:ab:d9:99:
                    bf:2f:7c:2b:04:db:c4:50:6c:a0:7c:ce:87:36:e0:
                    50:9c:66:9c:d7:55:13:93:9d:51:fa:b6:05:88:1b:
                    94:ae:a8:36:32:1a:89:ba:62:2f:55:c6:80:59:46:
                    44:96:cd:55:48:67:71:d6:3e:a8:c2:78:bc:d1:e7:
                    0c:33:07:24:da:55:43:83:0f:46:09:bf:05:be:f5:
                    96:14:5c:58:e4:ef:16:df:25:ca:aa:0c:05:e7:be:
                    6b:c0:93:05:c5:91:51:16:2a:e9:9d:69:0d:45:8b:
                    b6:c8:99:57:73:3b:a6:0c:dd:c1:a8:94:a3:8a:9a:
                    bf:f4:53:cd:88:83:41:8b:2a:f7:85:76:2c:75:f8:
                    db:da:fe:3e:9d:f0:31:e3:c8:00:dc:da:97:89:a6:
                    0d:9d:62:c7:ed:76:43:1c:44:82:21:d8:ca:09:d0:
                    0b:58:2d:c0:e2:d5:8b:ab:ab:49:0b:94:cc:17:c8:
                    04:9b:9c:e1:65:9b:58:3d:a7:12:28:91:a0:44:cc:
                    9e:0f:11:bb:43:6f:4b:03:3f:3d:0c:4d:f6:06:7a:
                    18:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:AB:00:F7:CB:87:E3:14:02:6E:64:1E:1B:5F:92:9E:C4:D5:51:A8
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/6qsA98uH4xQCbmQeG1-SnsTVUag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:440::/44

    Signature Algorithm: sha256WithRSAEncryption
         b5:3a:31:93:2b:07:fc:8e:76:32:6c:ae:18:4f:1b:18:81:18:
         30:26:39:1d:e1:bb:11:5a:33:cc:c8:40:ea:5c:12:df:c4:6a:
         54:20:10:f8:ca:41:2c:d1:cd:45:06:63:3a:1e:3f:0d:14:ba:
         e2:cd:6d:60:4b:23:74:5d:3a:ca:1a:a8:03:11:c6:47:6a:f1:
         fd:50:0e:d8:49:94:5d:f8:81:5f:bf:f8:d1:7e:7c:bd:ee:7c:
         76:69:3f:40:b0:bd:36:65:92:07:25:da:5a:ac:22:b4:1e:07:
         12:37:f6:f0:50:c2:85:75:0c:7f:b3:e7:e2:6f:1c:39:7e:6e:
         4b:db:f7:45:01:e8:4a:a2:79:62:77:d3:a1:7a:b0:7b:12:44:
         44:76:b9:f1:c2:0d:97:3d:62:ca:fe:8d:ba:47:69:26:98:94:
         6f:89:bf:c5:d6:45:68:02:1d:20:e8:cc:aa:df:cd:81:14:81:
         8d:03:f4:0b:97:b0:f1:c2:3a:b3:59:2b:60:a2:99:d2:ae:c4:
         a8:1d:ab:a5:3b:95:27:1d:26:83:6e:e3:8e:80:b5:12:c7:fe:
         ba:17:5f:7d:43:76:07:a0:a0:2a:2f:66:55:77:26:cc:d9:d5:
         2b:9e:c0:0c:87:f6:7b:42:84:bb:96:64:f1:d2:61:28:f9:28:
         cf:b2:22:5f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8/CJAuBdc2dhf6Ny/RKHF+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwNTAzMTUxNzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWFiMDBmN2NiODdlMzE0MDI2ZTY0MWUxYjVmOTI5ZWM0ZDU1MWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/JThCZSiATrIQdf9Oxb0aa1arOM
C3t7/n0FhhNS06fnZwHBEQBovear2Zm/L3wrBNvEUGygfM6HNuBQnGac11UTk51R
+rYFiBuUrqg2MhqJumIvVcaAWUZEls1VSGdx1j6owni80ecMMwck2lVDgw9GCb8F
vvWWFFxY5O8W3yXKqgwF575rwJMFxZFRFirpnWkNRYu2yJlXczumDN3BqJSjipq/
9FPNiINBiyr3hXYsdfjb2v4+nfAx48gA3NqXiaYNnWLH7XZDHESCIdjKCdALWC3A
4tWLq6tJC5TMF8gEm5zhZZtYPacSKJGgRMyeDxG7Q29LAz89DE32BnoYewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOqrAPfLh+MUAm5kHhtfkp7E1VGoMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvNnFzQTk4dUg0eFFDYm1RZUcxLVNuc1RWVWFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgRA
MA0GCSqGSIb3DQEBCwUAA4IBAQC1OjGTKwf8jnYybK4YTxsYgRgwJjkd4bsRWjPM
yEDqXBLfxGpUIBD4ykEs0c1FBmM6Hj8NFLrizW1gSyN0XTrKGqgDEcZHavH9UA7Y
SZRd+IFfv/jRfny97nx2aT9AsL02ZZIHJdparCK0HgcSN/bwUMKFdQx/s+fibxw5
fm5L2/dFAehKonlid9OherB7EkREdrnxwg2XPWLK/o26R2kmmJRvib/F1kVoAh0g
6Myq382BFIGNA/QLl7DxwjqzWStgopnSrsSoHaulO5UnHSaDbuOOgLUSx/66F199
Q3YHoKAqL2ZVdybM2dUrnsAMh/Z7QoS7lmTx0mEo+SjPsiJf
-----END CERTIFICATE-----