Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/4KH-y6QREzE4LeyWTu5_77D181o.roa
File:                     4KH-y6QREzE4LeyWTu5_77D181o.roa (raw, json)
Hash identifier:          Neqwl6/04QwN4l0XrwEVz0se3RRDdMOSG5N6v2wvO78=
Subject key identifier:   E0:A1:FE:CB:A4:11:13:31:38:2D:EC:96:4E:EE:7F:EF:B0:F5:F3:5A
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       0194266BEF187958DEA9923E59FD9598FF2E
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/4KH-y6QREzE4LeyWTu5_77D181o.roa
Signing time:             Thu 02 Jan 2025 09:49:55 +0000
ROA not before:           Thu 02 Jan 2025 09:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210590
IP address blocks:        2a0f:5707:111::/48 maxlen: 48
                          2a0f:5707:1000::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 21:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:ef:18:79:58:de:a9:92:3e:59:fd:95:98:ff:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  2 09:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0a1fecba4111331382dec964eee7fefb0f5f35a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ed:90:02:05:9b:a2:1c:52:41:a9:72:70:1e:
                    c2:38:76:f8:1c:0e:1b:85:8d:c2:d5:bd:ce:3a:61:
                    c5:68:1f:67:59:cd:37:47:d7:7b:3d:1f:3b:08:a2:
                    e3:fd:2b:c7:24:b8:79:e7:ac:25:c3:63:7a:40:6e:
                    35:30:fd:31:44:22:65:7c:e2:0e:1a:3b:c8:61:85:
                    21:0a:03:90:9a:13:ef:90:13:cb:9f:02:0a:a4:b4:
                    53:e9:f6:07:34:5f:db:e8:84:65:aa:ce:d4:36:04:
                    42:3a:a4:7b:72:ce:9b:ac:01:a7:d4:73:65:f7:fa:
                    3c:54:a8:50:b5:d6:f7:2c:61:bb:9d:dc:2f:bb:f0:
                    3f:d1:93:66:e0:36:f5:45:1d:a4:b2:bf:0a:88:44:
                    a7:04:f9:71:d1:44:62:c5:e5:15:b8:7e:ee:11:25:
                    e5:fd:9f:39:d6:10:aa:6b:4f:28:c8:fa:fc:e6:52:
                    0d:06:b0:74:4f:26:e6:7d:a1:21:30:56:63:2b:34:
                    7b:c0:24:12:f4:5d:29:ef:5b:fe:63:71:a8:3b:dc:
                    48:9e:6b:5c:cb:e1:d0:84:05:cd:ba:bd:39:71:43:
                    ee:62:65:2c:f6:3f:e6:ff:0b:50:d5:ca:0e:c0:00:
                    15:07:cf:3c:22:64:c3:35:9f:7d:5f:0d:38:31:d6:
                    b4:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:A1:FE:CB:A4:11:13:31:38:2D:EC:96:4E:EE:7F:EF:B0:F5:F3:5A
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/4KH-y6QREzE4LeyWTu5_77D181o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:111::/48
                  2a0f:5707:1000::/44

    Signature Algorithm: sha256WithRSAEncryption
         95:bf:44:0b:15:54:7e:90:52:d5:75:40:e5:f9:83:2f:9e:06:
         c1:a9:53:d4:bd:b9:bb:4c:c2:b6:1f:50:49:a6:c2:48:39:09:
         e1:03:6c:2a:c1:45:1e:b8:95:41:54:42:e1:9e:48:81:1e:51:
         cb:54:91:29:df:98:09:cb:6a:5c:21:71:e5:de:da:9e:1c:5d:
         f2:8e:49:fc:60:34:1d:7a:6e:4b:9e:aa:0c:86:8d:50:ed:1d:
         a5:8a:4e:87:2a:e2:00:8d:fc:5c:a2:74:49:fa:5f:d7:12:ce:
         e3:06:c3:76:4c:17:1e:e4:41:79:f5:3f:d4:e0:e0:9a:46:34:
         0c:a4:ea:66:12:69:3c:6d:33:49:07:3c:88:3c:74:a1:5a:9e:
         8d:ce:ec:1f:54:a4:53:6f:d6:c6:38:cb:69:88:71:14:dc:db:
         38:ad:a6:33:f7:e4:0f:e6:75:e5:cd:fb:f2:30:ef:71:94:cc:
         26:93:e3:57:af:3b:9b:26:b4:82:03:a3:ed:01:b8:08:e3:18:
         fb:5f:f5:be:3c:06:84:5d:16:0e:8e:25:1f:b8:3f:23:fb:4c:
         36:93:bf:a4:3b:da:e5:1e:96:21:fd:e4:f9:61:05:db:42:6b:
         15:f3:07:32:75:3f:15:c4:a5:82:8f:ae:83:70:4b:16:73:d7:
         da:19:f8:08
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQma+8YeVjeqZI+Wf2VmP8uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjUwMTAyMDk0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGExZmVjYmE0MTExMzMxMzgyZGVjOTY0ZWVlN2ZlZmIwZjVmMzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2u2QAgWbohxSQalycB7COHb4HA4b
hY3C1b3OOmHFaB9nWc03R9d7PR87CKLj/SvHJLh556wlw2N6QG41MP0xRCJlfOIO
GjvIYYUhCgOQmhPvkBPLnwIKpLRT6fYHNF/b6IRlqs7UNgRCOqR7cs6brAGn1HNl
9/o8VKhQtdb3LGG7ndwvu/A/0ZNm4Db1RR2ksr8KiESnBPlx0URixeUVuH7uESXl
/Z851hCqa08oyPr85lINBrB0TybmfaEhMFZjKzR7wCQS9F0p71v+Y3GoO9xInmtc
y+HQhAXNur05cUPuYmUs9j/m/wtQ1coOwAAVB888ImTDNZ99Xw04Mda0JwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOCh/sukERMxOC3slk7uf++w9fNaMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvNEtILXk2UVJFekU0TGV5V1R1NV83N0QxODFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg9XBwER
AwcEKg9XBxAAMA0GCSqGSIb3DQEBCwUAA4IBAQCVv0QLFVR+kFLVdUDl+YMvngbB
qVPUvbm7TMK2H1BJpsJIOQnhA2wqwUUeuJVBVELhnkiBHlHLVJEp35gJy2pcIXHl
3tqeHF3yjkn8YDQdem5LnqoMho1Q7R2lik6HKuIAjfxconRJ+l/XEs7jBsN2TBce
5EF59T/U4OCaRjQMpOpmEmk8bTNJBzyIPHShWp6NzuwfVKRTb9bGOMtpiHEU3Ns4
raYz9+QP5nXlzfvyMO9xlMwmk+NXrzubJrSCA6PtAbgI4xj7X/W+PAaEXRYOjiUf
uD8j+0w2k7+kO9rlHpYh/eT5YQXbQmsV8wcydT8VxKWCj66DcEsWc9faGfgI
-----END CERTIFICATE-----