Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/3f8Cv5mYL6E2sTInnWGxTyY6Wpc.roa
File:                     3f8Cv5mYL6E2sTInnWGxTyY6Wpc.roa (raw, json)
Hash identifier:          uMcNtSrUnJXutzHHy2Qofl8IHx2e9HcoQNYOFF7wMFs=
Subject key identifier:   DD:FF:02:BF:99:98:2F:A1:36:B1:32:27:9D:61:B1:4F:26:3A:5A:97
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DAF9EA72FEE907BBC6056A71DF57A0
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/3f8Cv5mYL6E2sTInnWGxTyY6Wpc.roa
Signing time:             Mon 01 Jan 2024 02:29:39 +0000
ROA not before:           Mon 01 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43959
IP address blocks:        2a0f:5701:fe11::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f9:ea:72:fe:e9:07:bb:c6:05:6a:71:df:57:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ddff02bf99982fa136b132279d61b14f263a5a97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:2c:63:42:79:e7:cc:15:36:51:72:b1:97:af:
                    68:e0:1e:52:f0:24:14:68:af:ea:72:e8:ab:aa:29:
                    5f:21:99:8a:a6:5c:ad:a3:99:30:f6:cc:df:f1:b3:
                    88:5e:90:06:81:6f:3a:44:8e:f4:fa:b8:70:81:9b:
                    0a:7f:b6:79:bb:a6:11:5a:c5:31:91:d7:2e:0b:ed:
                    54:0b:79:7e:73:ab:98:4e:17:56:61:c5:50:95:f8:
                    eb:a0:22:c2:54:fe:fa:bd:86:f3:d4:83:b3:65:43:
                    dc:29:36:ae:74:34:1d:75:6a:ee:35:44:22:c5:fb:
                    f9:4c:e3:44:db:00:47:29:0f:1e:95:e9:9f:20:ea:
                    a7:1a:86:d5:80:01:a7:a4:e2:c3:2a:d4:a7:9e:53:
                    14:28:37:79:d5:07:be:36:b7:43:4a:fd:f9:d8:dd:
                    91:2d:8a:2c:6d:a0:02:cc:f8:7a:6a:ad:2e:6a:cc:
                    02:3d:a9:88:1d:00:ca:90:54:2b:8c:53:e2:45:fc:
                    76:71:ac:a0:7f:0d:a5:16:86:6e:95:a5:27:b7:b9:
                    0b:f7:f7:21:bf:15:0d:1c:a5:bb:09:15:9e:c3:3f:
                    c9:ab:c8:6a:cf:fc:25:0e:cb:04:78:6b:88:b5:f1:
                    8a:65:bd:7b:f2:8f:dd:35:de:e1:61:22:32:c7:c2:
                    e4:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:FF:02:BF:99:98:2F:A1:36:B1:32:27:9D:61:B1:4F:26:3A:5A:97
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/3f8Cv5mYL6E2sTInnWGxTyY6Wpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5701:fe11::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:cd:2f:ee:8f:c1:08:ac:f7:1b:e9:9f:cc:bd:36:bf:bf:bf:
         9e:86:55:64:df:e4:9b:a5:e2:b6:b4:c8:01:46:0e:4e:66:cc:
         df:44:b7:21:5c:5b:d5:26:d7:f7:ed:e3:db:ca:33:fc:a2:01:
         2b:8e:47:be:9a:f5:1d:88:5a:28:06:a2:9e:ac:03:99:95:38:
         15:f6:c2:8e:88:4a:d8:f2:d4:6c:6c:34:e6:31:97:fb:de:3b:
         8b:91:3e:40:46:08:e6:0f:86:b2:81:3c:4f:91:58:98:25:0e:
         60:1a:0d:c3:2d:89:65:2e:cd:b6:ba:27:dd:1b:82:f1:97:27:
         7d:ae:3a:6c:c6:53:d0:47:b9:f6:2c:33:7b:2c:39:75:00:a3:
         f3:f7:fa:58:59:3d:78:4f:f1:00:91:10:65:b5:87:6c:18:5d:
         33:75:c5:bd:33:b7:ff:d6:0f:96:04:12:94:06:e1:81:40:70:
         dc:8b:bb:99:57:4e:42:56:5b:78:10:32:09:c1:bf:2b:fa:bc:
         7a:6c:13:a5:a6:f9:87:f7:41:80:b0:7d:70:e8:25:df:7d:71:
         2e:1e:15:0b:44:6c:0f:2e:5c:a4:c8:a6:36:af:6e:e2:a6:00:
         e5:c1:7c:a7:1f:b7:2a:8b:ff:ca:6e:46:36:b2:7a:10:7d:6d:
         31:28:72:f7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2vnqcv7pB7vGBWpx31egMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGZmMDJiZjk5OTgyZmExMzZiMTMyMjc5ZDYxYjE0ZjI2M2E1YTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnixjQnnnzBU2UXKxl69o4B5S8CQU
aK/qcuirqilfIZmKplyto5kw9szf8bOIXpAGgW86RI70+rhwgZsKf7Z5u6YRWsUx
kdcuC+1UC3l+c6uYThdWYcVQlfjroCLCVP76vYbz1IOzZUPcKTaudDQddWruNUQi
xfv5TONE2wBHKQ8elemfIOqnGobVgAGnpOLDKtSnnlMUKDd51Qe+NrdDSv352N2R
LYosbaACzPh6aq0uaswCPamIHQDKkFQrjFPiRfx2caygfw2lFoZulaUnt7kL9/ch
vxUNHKW7CRWewz/Jq8hqz/wlDssEeGuItfGKZb178o/dNd7hYSIyx8LkowIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN3/Ar+ZmC+hNrEyJ51hsU8mOlqXMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvM2Y4Q3Y1bVlMNkUyc1RJbm5XR3hUeVk2V3BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9XAf4R
MA0GCSqGSIb3DQEBCwUAA4IBAQAqzS/uj8EIrPcb6Z/MvTa/v7+ehlVk3+SbpeK2
tMgBRg5OZszfRLchXFvVJtf37ePbyjP8ogErjke+mvUdiFooBqKerAOZlTgV9sKO
iErY8tRsbDTmMZf73juLkT5ARgjmD4aygTxPkViYJQ5gGg3DLYllLs22uifdG4Lx
lyd9rjpsxlPQR7n2LDN7LDl1AKPz9/pYWT14T/EAkRBltYdsGF0zdcW9M7f/1g+W
BBKUBuGBQHDci7uZV05CVlt4EDIJwb8r+rx6bBOlpvmH90GAsH1w6CXffXEuHhUL
RGwPLlykyKY2r27ipgDlwXynH7cqi//KbkY2snoQfW0xKHL3
-----END CERTIFICATE-----