Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/n6aLez2hhjOEBM2wJjruDOXVywY.roa
File:                     n6aLez2hhjOEBM2wJjruDOXVywY.roa (raw, json)
Hash identifier:          EmHYnJgkJN9XL1kpI7cpM78YT+WVjfmYp5YhfrjI3rQ=
Subject key identifier:   9F:A6:8B:7B:3D:A1:86:33:84:04:CD:B0:26:3A:EE:0C:E5:D5:CB:06
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       018CC49372145B6A7DE6330A6C6DC2C2C80C
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/n6aLez2hhjOEBM2wJjruDOXVywY.roa
Signing time:             Mon 01 Jan 2024 10:30:46 +0000
ROA not before:           Mon 01 Jan 2024 10:30:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216147
IP address blocks:        2a10:4646:3d0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:72:14:5b:6a:7d:e6:33:0a:6c:6d:c2:c2:c8:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jan  1 10:30:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9fa68b7b3da186338404cdb0263aee0ce5d5cb06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7e:3c:61:1c:2e:a2:be:57:1c:19:49:88:9b:
                    6b:6f:86:80:ec:36:4b:28:98:c4:aa:04:dc:fa:3b:
                    3d:9a:10:80:62:c1:15:f0:ad:63:bb:9c:0a:48:bd:
                    cf:c4:69:43:1a:a2:61:10:83:2d:58:74:21:dd:32:
                    b0:bd:33:07:d1:94:a0:75:79:a4:30:b4:58:5c:10:
                    1f:02:56:ad:4d:1e:2d:5f:bc:04:fb:4d:e6:af:1e:
                    6a:39:17:5e:96:1a:2c:f7:77:91:b8:21:9b:1f:50:
                    77:62:c7:6e:f6:6d:55:ee:27:9b:ab:af:47:c9:1d:
                    c4:4c:c7:6b:81:49:e9:f8:7f:25:b6:b0:9f:d8:40:
                    5e:1f:b6:81:24:56:cb:62:79:b9:19:df:5d:ed:ff:
                    f6:63:5e:25:40:cb:5d:1d:f9:ae:a3:35:d9:63:d6:
                    1d:1e:0e:f2:e2:37:68:37:50:8b:3e:59:ca:80:04:
                    ef:7c:cd:a4:dc:73:98:36:b6:b0:60:71:f6:5f:1a:
                    12:02:02:c0:0c:89:b2:9e:3c:2c:0a:3a:56:51:b0:
                    c3:c7:3e:90:e6:c2:58:e5:19:33:e6:f1:22:16:4c:
                    f4:c7:33:3b:5e:51:b5:61:b4:15:c8:9a:ef:fe:a9:
                    09:d4:52:30:f8:d4:bd:d0:a0:46:04:ad:ce:b7:2a:
                    61:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:A6:8B:7B:3D:A1:86:33:84:04:CD:B0:26:3A:EE:0C:E5:D5:CB:06
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/n6aLez2hhjOEBM2wJjruDOXVywY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:3d0::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:42:da:e2:ad:11:26:5a:98:cd:f0:e2:9b:00:ac:a0:cf:0e:
         76:a1:d9:f3:16:98:b0:9e:cf:91:e0:2a:c1:9e:68:c5:41:12:
         37:96:2c:5f:a8:29:12:de:3f:9d:67:91:0b:6b:64:fd:bc:e5:
         da:35:6f:f7:ec:c8:5d:eb:f0:50:ed:32:1a:cb:fc:67:c1:c9:
         84:4d:74:b1:20:6f:3f:b1:6d:55:9e:a7:96:3f:50:f4:95:81:
         65:bf:fe:ee:fe:ca:b6:81:66:3d:9a:72:ed:c9:6c:72:81:62:
         f1:99:41:a6:ef:a4:fd:21:41:fe:e5:bf:51:2b:54:98:b4:52:
         7d:90:f4:46:9b:99:65:85:54:d1:a6:19:e4:a8:80:3c:76:bd:
         2b:64:06:97:ea:2f:28:45:b2:72:60:51:1a:ba:76:87:f6:43:
         5f:02:f0:00:46:56:c4:24:e6:69:bf:42:84:32:ee:b4:e1:39:
         79:8e:d3:a8:3a:5d:20:c9:8d:be:ad:36:3c:95:94:08:c7:c2:
         d2:40:c2:b4:71:fd:91:9d:18:e0:22:f4:b1:c7:5b:3a:7c:b8:
         f8:c8:c0:56:3f:39:21:51:75:1d:d4:96:96:ec:24:2f:bc:99:
         57:7c:d7:53:75:00:30:e4:0b:20:73:e2:be:22:23:32:36:77:
         e9:a6:1a:34
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEk3IUW2p95jMKbG3CwsgMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjQwMTAxMTAzMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmE2OGI3YjNkYTE4NjMzODQwNGNkYjAyNjNhZWUwY2U1ZDVjYjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq348YRwuor5XHBlJiJtrb4aA7DZL
KJjEqgTc+js9mhCAYsEV8K1ju5wKSL3PxGlDGqJhEIMtWHQh3TKwvTMH0ZSgdXmk
MLRYXBAfAlatTR4tX7wE+03mrx5qORdelhos93eRuCGbH1B3Ysdu9m1V7iebq69H
yR3ETMdrgUnp+H8ltrCf2EBeH7aBJFbLYnm5Gd9d7f/2Y14lQMtdHfmuozXZY9Yd
Hg7y4jdoN1CLPlnKgATvfM2k3HOYNrawYHH2XxoSAgLADImynjwsCjpWUbDDxz6Q
5sJY5Rkz5vEiFkz0xzM7XlG1YbQVyJrv/qkJ1FIw+NS90KBGBK3OtyphnQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ+mi3s9oYYzhATNsCY67gzl1csGMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvbjZhTGV6Mmhoak9FQk0yd0pqcnVET1hWeXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhBGRgPQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBKQtrirREmWpjN8OKbAKygzw52odnzFpiwns+R
4CrBnmjFQRI3lixfqCkS3j+dZ5ELa2T9vOXaNW/37Mhd6/BQ7TIay/xnwcmETXSx
IG8/sW1VnqeWP1D0lYFlv/7u/sq2gWY9mnLtyWxygWLxmUGm76T9IUH+5b9RK1SY
tFJ9kPRGm5llhVTRphnkqIA8dr0rZAaX6i8oRbJyYFEaunaH9kNfAvAARlbEJOZp
v0KEMu604Tl5jtOoOl0gyY2+rTY8lZQIx8LSQMK0cf2RnRjgIvSxx1s6fLj4yMBW
PzkhUXUd1JaW7CQvvJlXfNdTdQAw5Asgc+K+IiMyNnfppho0
-----END CERTIFICATE-----