Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/0v_RTqodXg7uts804DO8DlpFX78.roa
File:                     0v_RTqodXg7uts804DO8DlpFX78.roa (raw, json)
Hash identifier:          y+krhTMUMJ5yn5MwcvgMpKhAmzkKLIME0VMymZPp5pE=
Subject key identifier:   D2:FF:D1:4E:AA:1D:5E:0E:EE:B6:CF:34:E0:33:BC:0E:5A:45:5F:BF
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       0194266BE8D3081CA28E87CA95AB137217B3
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/0v_RTqodXg7uts804DO8DlpFX78.roa
Signing time:             Thu 02 Jan 2025 09:49:53 +0000
ROA not before:           Thu 02 Jan 2025 09:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205298
IP address blocks:        2a0f:5707:aaa0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:e8:d3:08:1c:a2:8e:87:ca:95:ab:13:72:17:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  2 09:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2ffd14eaa1d5e0eeeb6cf34e033bc0e5a455fbf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:a5:3a:8b:fc:bc:ca:68:11:64:61:89:6f:87:
                    37:8f:67:12:9e:1b:03:1f:2b:53:33:0a:a6:30:4c:
                    87:c0:2e:ee:c0:44:cc:26:e5:81:3c:53:86:06:01:
                    33:3b:f9:98:c8:2b:9f:d6:84:c3:c5:6d:2e:30:2b:
                    ea:26:b7:30:99:75:d3:32:99:04:6b:91:4b:0c:8e:
                    9e:ea:02:a3:55:97:a2:c9:d3:56:93:f0:9c:9f:07:
                    39:63:c1:ad:1c:11:e9:89:67:8c:1c:f8:0b:d0:7c:
                    85:92:e0:b8:6b:76:57:3a:86:1a:0d:35:ee:8d:25:
                    28:ff:a0:62:0d:9f:f5:cc:60:a9:ed:9f:78:c4:e0:
                    36:26:ec:70:ee:21:e7:ca:96:4b:de:c6:3f:de:a7:
                    c0:22:17:db:2d:4b:fe:ad:c5:9f:9a:d6:e7:b4:27:
                    8a:c8:5b:50:37:83:fb:71:96:34:92:fc:ac:63:e6:
                    08:e9:00:fe:d1:2e:32:b7:f3:2e:7a:7d:7f:8c:3a:
                    a5:c8:0b:35:76:57:ea:02:d1:8e:69:96:05:87:c5:
                    f7:a4:13:c6:b3:4d:4e:15:7d:7a:85:58:01:83:75:
                    fb:ee:70:77:44:2d:1e:dd:42:88:64:20:c1:5d:d3:
                    37:7e:e7:ad:03:2c:0a:d0:dd:ba:b9:02:64:ee:5d:
                    51:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:FF:D1:4E:AA:1D:5E:0E:EE:B6:CF:34:E0:33:BC:0E:5A:45:5F:BF
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/0v_RTqodXg7uts804DO8DlpFX78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:aaa0::/44

    Signature Algorithm: sha256WithRSAEncryption
         1a:ad:e5:eb:90:ae:2c:9a:57:91:e6:45:68:14:71:1c:a0:58:
         2f:32:38:5e:20:11:f5:d1:43:3f:3e:59:99:df:80:9b:0e:91:
         f3:4c:04:54:89:b1:78:11:98:a1:bd:4d:9b:03:93:35:44:57:
         30:8b:67:dc:11:cd:a7:d6:fe:6a:e3:79:88:11:fe:1c:13:83:
         4c:8f:0d:1d:80:46:24:03:08:03:25:69:44:b1:b6:e1:73:00:
         ac:e2:82:20:a2:e7:af:10:a4:08:da:5d:db:3a:06:e2:89:03:
         88:13:5b:6d:47:3a:17:83:bb:c7:21:a2:12:c9:64:87:80:43:
         cc:31:af:46:70:b2:18:65:2f:51:54:83:5a:c2:f4:1b:74:90:
         67:df:20:53:fe:e2:c3:81:a0:f9:0f:ed:4c:60:0b:d0:ad:fd:
         fc:e2:be:1d:a2:d8:b7:fc:ed:96:5c:62:54:ca:59:3d:af:ef:
         32:b5:9c:cb:a5:20:3d:13:7a:e2:c0:bd:e1:62:41:1c:aa:d8:
         7e:91:06:8f:8b:08:28:3b:51:19:f3:70:2b:b1:b6:f3:24:d0:
         01:9d:ed:d9:b6:53:b6:d9:d2:1f:95:a2:4c:b6:ed:b5:13:dd:
         78:f6:01:32:1b:9f:c6:46:8e:ba:4f:b3:72:21:4f:67:d9:eb:
         f7:05:8a:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQma+jTCByijofKlasTchezMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjUwMTAyMDk0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmZmZDE0ZWFhMWQ1ZTBlZWViNmNmMzRlMDMzYmMwZTVhNDU1ZmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6U6i/y8ymgRZGGJb4c3j2cSnhsD
HytTMwqmMEyHwC7uwETMJuWBPFOGBgEzO/mYyCuf1oTDxW0uMCvqJrcwmXXTMpkE
a5FLDI6e6gKjVZeiydNWk/Ccnwc5Y8GtHBHpiWeMHPgL0HyFkuC4a3ZXOoYaDTXu
jSUo/6BiDZ/1zGCp7Z94xOA2Juxw7iHnypZL3sY/3qfAIhfbLUv+rcWfmtbntCeK
yFtQN4P7cZY0kvysY+YI6QD+0S4yt/Muen1/jDqlyAs1dlfqAtGOaZYFh8X3pBPG
s01OFX16hVgBg3X77nB3RC0e3UKIZCDBXdM3fuetAywK0N26uQJk7l1R5wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNL/0U6qHV4O7rbPNOAzvA5aRV+/MB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvMHZfUlRxb2RYZzd1dHM4MDRETzhEbHBGWDc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6qg
MA0GCSqGSIb3DQEBCwUAA4IBAQAareXrkK4smleR5kVoFHEcoFgvMjheIBH10UM/
PlmZ34CbDpHzTARUibF4EZihvU2bA5M1RFcwi2fcEc2n1v5q43mIEf4cE4NMjw0d
gEYkAwgDJWlEsbbhcwCs4oIgouevEKQI2l3bOgbiiQOIE1ttRzoXg7vHIaISyWSH
gEPMMa9GcLIYZS9RVINawvQbdJBn3yBT/uLDgaD5D+1MYAvQrf384r4doti3/O2W
XGJUylk9r+8ytZzLpSA9E3riwL3hYkEcqth+kQaPiwgoO1EZ83ArsbbzJNABne3Z
tlO22dIflaJMtu21E9149gEyG5/GRo66T7NyIU9n2ev3BYqk
-----END CERTIFICATE-----