Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Smcp0y8BBP23sWXREw0RpJGMMP0.roa
File:                     Smcp0y8BBP23sWXREw0RpJGMMP0.roa (raw, json)
Hash identifier:          R6nkOYVBv9fK7EOq08OeGVTz/yth0HOafbgtSiaPyhQ=
Subject key identifier:   4A:67:29:D3:2F:01:04:FD:B7:B1:65:D1:13:0D:11:A4:91:8C:30:FD
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252234027489585677CA94D4E5660DC9
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Smcp0y8BBP23sWXREw0RpJGMMP0.roa
Signing time:             Thu 02 Jan 2025 03:49:45 +0000
ROA not before:           Thu 02 Jan 2025 03:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209209
IP address blocks:        2a0e:b107:1560::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:34:02:74:89:58:56:77:ca:94:d4:e5:66:0d:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a6729d32f0104fdb7b165d1130d11a4918c30fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:9e:cd:e6:cf:2c:0f:3e:a6:0f:e6:96:bc:19:
                    bf:ac:84:42:dd:2b:8d:54:0f:7f:59:58:ad:f4:88:
                    13:1e:61:97:ce:36:35:02:1d:71:36:53:fb:39:8b:
                    21:4d:82:64:a9:02:6e:0e:c1:40:58:19:e4:05:c6:
                    82:6b:03:ac:99:cf:02:a1:ec:e9:82:59:9e:b1:d1:
                    0b:e0:cb:7f:a3:02:a7:98:b2:12:ea:25:e7:95:4a:
                    fe:18:44:5a:15:ed:7b:03:13:74:5a:fb:6b:2d:a5:
                    d5:31:4d:cd:4a:fa:39:27:3d:75:26:79:65:9b:d0:
                    12:3b:cf:c2:33:74:b2:aa:a7:93:e0:6d:4f:88:2c:
                    55:86:ad:6c:0d:5e:5c:cb:46:f5:3c:21:e1:e5:b5:
                    a8:f2:2b:f2:67:e1:c3:1d:03:17:ef:c3:18:50:1c:
                    de:0e:c4:83:00:f3:ec:ab:7b:08:31:7d:00:28:d5:
                    9a:bc:43:6d:2f:85:f2:44:cf:62:81:ab:67:0a:66:
                    39:77:a6:e0:e2:80:62:f8:fe:fd:6f:82:63:f1:77:
                    82:8c:10:55:67:32:b5:09:ae:1f:2d:b9:21:f2:65:
                    31:41:b0:88:a1:c3:12:1f:2d:21:b4:33:08:43:d9:
                    72:e4:2c:ab:24:89:f2:a5:40:11:54:dc:68:19:95:
                    57:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:67:29:D3:2F:01:04:FD:B7:B1:65:D1:13:0D:11:A4:91:8C:30:FD
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Smcp0y8BBP23sWXREw0RpJGMMP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1560::/44

    Signature Algorithm: sha256WithRSAEncryption
         a6:b3:b3:bc:cd:a4:81:53:11:80:d1:2f:44:57:c5:88:56:76:
         0f:57:34:e6:44:3b:c4:85:ec:41:8e:6c:d3:18:ad:23:1b:f5:
         07:a0:1f:dd:5f:71:8c:a7:58:ce:34:cd:1d:dc:a8:b3:2a:a2:
         c0:df:43:65:af:4f:24:45:f2:0a:f4:80:29:eb:e2:ec:c9:ac:
         af:ce:5f:cb:3b:2f:85:ad:02:0d:31:45:77:2f:da:4e:32:ea:
         5f:71:e1:a6:1b:94:27:a5:d1:53:3c:7b:5b:f7:30:99:5e:ac:
         39:8f:8c:de:c5:0e:41:30:98:eb:af:15:15:56:bc:97:4c:36:
         02:db:bc:86:31:23:f0:72:f0:73:f5:4d:9e:0f:c5:d0:ab:0c:
         5c:6e:4a:1f:ab:ae:ad:b5:f5:15:0c:25:9a:34:33:96:69:b4:
         49:33:99:48:1d:43:82:74:46:9d:bc:56:84:ed:d4:a5:0e:0b:
         d0:86:c0:03:d5:62:64:1f:e9:dc:17:84:e5:7c:08:fc:09:68:
         83:d7:39:ac:e1:c5:66:aa:20:37:90:4c:b2:a0:35:6a:8e:46:
         4d:40:18:46:58:79:b5:5a:ae:f4:95:86:ad:85:e5:d6:92:ba:
         6e:76:e8:17:0e:d1:68:50:a0:62:f8:34:e1:2e:40:62:2f:4a:
         d8:3d:8a:75
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIjQCdIlYVnfKlNTlZg3JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTY3MjlkMzJmMDEwNGZkYjdiMTY1ZDExMzBkMTFhNDkxOGMzMGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJ7N5s8sDz6mD+aWvBm/rIRC3SuN
VA9/WVit9IgTHmGXzjY1Ah1xNlP7OYshTYJkqQJuDsFAWBnkBcaCawOsmc8Coezp
glmesdEL4Mt/owKnmLIS6iXnlUr+GERaFe17AxN0WvtrLaXVMU3NSvo5Jz11Jnll
m9ASO8/CM3SyqqeT4G1PiCxVhq1sDV5cy0b1PCHh5bWo8ivyZ+HDHQMX78MYUBze
DsSDAPPsq3sIMX0AKNWavENtL4XyRM9igatnCmY5d6bg4oBi+P79b4Jj8XeCjBBV
ZzK1Ca4fLbkh8mUxQbCIocMSHy0htDMIQ9ly5CyrJInypUARVNxoGZVXmQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEpnKdMvAQT9t7Fl0RMNEaSRjDD9MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvU21jcDB5OEJCUDIzc1dYUkV3MFJwSkdNTVAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxVg
MA0GCSqGSIb3DQEBCwUAA4IBAQCms7O8zaSBUxGA0S9EV8WIVnYPVzTmRDvEhexB
jmzTGK0jG/UHoB/dX3GMp1jONM0d3KizKqLA30Nlr08kRfIK9IAp6+Lsyayvzl/L
Oy+FrQINMUV3L9pOMupfceGmG5QnpdFTPHtb9zCZXqw5j4zexQ5BMJjrrxUVVryX
TDYC27yGMSPwcvBz9U2eD8XQqwxcbkofq66ttfUVDCWaNDOWabRJM5lIHUOCdEad
vFaE7dSlDgvQhsAD1WJkH+ncF4TlfAj8CWiD1zms4cVmqiA3kEyyoDVqjkZNQBhG
WHm1Wq70lYatheXWkrpudugXDtFoUKBi+DThLkBiL0rYPYp1
-----END CERTIFICATE-----