Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sf1fHMspDkxHrMsocEfHyWt5OCo.roa
File:                     Sf1fHMspDkxHrMsocEfHyWt5OCo.roa (raw, json)
Hash identifier:          2ylMz0wvlo0eK+7UAooyArXd5D8LuMYKzvSm2e2lY7s=
Subject key identifier:   49:FD:5F:1C:CB:29:0E:4C:47:AC:CB:28:70:47:C7:C9:6B:79:38:2A
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018F3F0890867A4F8ED59B5152EB375DACD8
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sf1fHMspDkxHrMsocEfHyWt5OCo.roa
Signing time:             Fri 03 May 2024 15:17:56 +0000
ROA not before:           Fri 03 May 2024 15:17:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215144
IP address blocks:        2a10:4646:450::/44 maxlen: 44
                          2a10:4646:455::/48 maxlen: 48
                          2a10:4646:45a::/48 maxlen: 48
                          2a10:4646:45b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:3f:08:90:86:7a:4f:8e:d5:9b:51:52:eb:37:5d:ac:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: May  3 15:17:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=49fd5f1ccb290e4c47accb287047c7c96b79382a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c9:0a:cf:05:cc:43:b8:b9:b7:df:64:8d:78:
                    38:e0:b3:78:e9:c0:70:03:81:49:b0:90:de:3c:39:
                    85:92:94:fa:74:fe:d8:73:20:50:6c:aa:36:02:cb:
                    2a:0b:54:ce:f1:d3:f1:85:61:a2:f9:e3:dc:a8:af:
                    42:1e:b7:57:d5:5f:1c:b7:22:b0:98:91:d1:b6:07:
                    fa:68:a8:8f:24:71:1f:59:5c:ef:3b:d4:ae:f8:58:
                    c2:6e:9b:b0:0e:dc:fc:fb:f0:e3:8a:0d:65:72:8e:
                    0d:c0:36:aa:87:e4:d2:07:7a:ca:68:0c:20:69:d3:
                    8a:e2:0a:25:65:d7:6f:76:63:56:1e:af:cc:a0:da:
                    4e:5b:17:d7:b8:a3:9c:ae:70:b9:99:29:e2:07:5f:
                    9d:b9:9c:83:3b:a7:0a:87:ef:16:a1:8e:73:da:1e:
                    49:de:d6:26:7d:d9:cb:b3:ae:9e:cb:f4:82:02:3c:
                    fe:2f:5e:66:96:57:e7:c8:d9:de:ee:64:77:eb:57:
                    2c:1c:08:ee:f2:89:7c:3a:c6:36:f1:d3:b1:c0:dc:
                    ef:a4:33:ac:41:0d:d0:e1:b1:de:12:51:73:50:be:
                    be:3f:94:de:9a:4b:78:dd:47:6f:53:e2:48:61:ce:
                    aa:f3:f3:b2:06:0d:80:92:c3:6a:37:88:b3:9e:2b:
                    4c:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:FD:5F:1C:CB:29:0E:4C:47:AC:CB:28:70:47:C7:C9:6B:79:38:2A
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sf1fHMspDkxHrMsocEfHyWt5OCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:450::/44

    Signature Algorithm: sha256WithRSAEncryption
         39:5d:74:63:01:26:93:24:34:73:4f:9d:34:0f:80:72:c8:75:
         52:dc:7b:60:1c:ca:2f:18:11:13:6c:5d:f2:6a:8b:3e:9f:10:
         91:d6:c6:ea:23:ea:da:86:6b:1a:34:10:b5:bc:90:db:b4:f8:
         d1:09:32:cc:83:f0:24:f1:fe:ac:c6:1c:5e:ff:f6:15:ec:48:
         66:13:2d:46:38:f8:76:1e:d3:ba:a3:75:de:76:5d:40:f8:b9:
         7a:10:1d:19:bc:7b:d9:03:e6:78:00:ab:34:ab:c4:67:28:c9:
         58:80:31:db:90:1f:00:b9:fb:9e:f0:36:41:82:62:11:78:e2:
         97:59:e0:39:cd:da:05:c6:97:a0:aa:4e:06:30:f6:42:d6:b8:
         d3:40:3c:91:2c:23:ea:2f:16:8e:ba:64:7d:7a:c8:9a:21:c1:
         5b:17:01:77:56:c3:d4:4a:7c:02:2d:94:22:ed:63:8f:93:24:
         92:b4:97:d4:35:f7:54:73:ea:51:99:b0:40:32:48:5a:83:07:
         a7:66:79:f9:d9:7d:d7:6b:fe:f6:35:b1:26:c3:3b:f9:51:b2:
         6d:ec:0b:8f:87:14:57:11:38:0c:59:d7:a4:a5:9c:fd:07:79:
         ee:61:c2:5a:f0:19:e3:6d:5a:93:36:16:79:0f:5e:62:d1:ed:
         04:5c:f3:d6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY8/CJCGek+O1ZtRUus3XazYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwNTAzMTUxNzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWZkNWYxY2NiMjkwZTRjNDdhY2NiMjg3MDQ3YzdjOTZiNzkzODJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtskKzwXMQ7i5t99kjXg44LN46cBw
A4FJsJDePDmFkpT6dP7YcyBQbKo2AssqC1TO8dPxhWGi+ePcqK9CHrdX1V8ctyKw
mJHRtgf6aKiPJHEfWVzvO9Su+FjCbpuwDtz8+/Djig1lco4NwDaqh+TSB3rKaAwg
adOK4golZddvdmNWHq/MoNpOWxfXuKOcrnC5mSniB1+duZyDO6cKh+8WoY5z2h5J
3tYmfdnLs66ey/SCAjz+L15mllfnyNne7mR361csHAju8ol8OsY28dOxwNzvpDOs
QQ3Q4bHeElFzUL6+P5Temkt43UdvU+JIYc6q8/OyBg2AksNqN4iznitMcQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEn9XxzLKQ5MR6zLKHBHx8lreTgqMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvU2YxZkhNc3BEa3hIck1zb2NFZkh5V3Q1T0NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgRQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA5XXRjASaTJDRzT500D4ByyHVS3HtgHMovGBET
bF3yaos+nxCR1sbqI+rahmsaNBC1vJDbtPjRCTLMg/Ak8f6sxhxe//YV7EhmEy1G
OPh2HtO6o3Xedl1A+Ll6EB0ZvHvZA+Z4AKs0q8RnKMlYgDHbkB8Aufue8DZBgmIR
eOKXWeA5zdoFxpegqk4GMPZC1rjTQDyRLCPqLxaOumR9esiaIcFbFwF3VsPUSnwC
LZQi7WOPkySStJfUNfdUc+pRmbBAMkhagwenZnn52X3Xa/72NbEmwzv5UbJt7AuP
hxRXETgMWdekpZz9B3nuYcJa8BnjbVqTNhZ5D15i0e0EXPPW
-----END CERTIFICATE-----