Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/6bRapEPWdzQ9h8fgQ7CcGO_dKa4.roa
File:                     6bRapEPWdzQ9h8fgQ7CcGO_dKa4.roa (raw, json)
Hash identifier:          VRwW7uXLy1OjgPrpJEbxPThDBL7Jjj3X6UD4OBEan4A=
Subject key identifier:   E9:B4:5A:A4:43:D6:77:34:3D:87:C7:E0:43:B0:9C:18:EF:DD:29:AE
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DAFB8D581C0EEECF6E3F37DC0E1358
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/6bRapEPWdzQ9h8fgQ7CcGO_dKa4.roa
Signing time:             Mon 01 Jan 2024 02:29:40 +0000
ROA not before:           Mon 01 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50310
IP address blocks:        2a0f:5707:fff7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fb:8d:58:1c:0e:ee:cf:6e:3f:37:dc:0e:13:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9b45aa443d677343d87c7e043b09c18efdd29ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:61:0c:ee:81:f2:0c:47:91:cb:ca:11:be:49:
                    ed:42:03:17:1e:42:bb:53:b2:a7:d2:27:df:98:39:
                    e7:91:c9:c8:28:23:32:7b:31:7d:2b:55:5b:db:de:
                    aa:7c:66:f4:01:5f:05:fc:8f:5b:64:e6:71:da:67:
                    33:f3:5d:5d:75:4a:c6:af:39:34:a6:0d:49:28:fe:
                    d3:6a:f4:53:26:12:af:29:e3:ed:77:e9:65:f4:75:
                    1c:a4:d7:3c:6b:57:c8:22:cc:9c:d5:84:13:6c:66:
                    20:1b:cd:fd:fb:87:26:c8:61:3d:38:fd:da:7b:53:
                    e9:48:6b:5d:5f:8b:99:c9:61:7d:f7:0f:68:74:64:
                    13:f7:db:49:4a:9b:59:29:c8:b5:4e:f1:4f:b5:00:
                    2d:80:0e:7f:29:50:f8:c7:3f:e9:e6:84:9a:e1:83:
                    9f:24:d2:a8:b0:3d:23:57:1a:74:cd:fa:9b:6c:83:
                    40:84:f1:19:58:81:85:f6:91:77:59:8e:e4:08:da:
                    29:ee:09:9a:bf:8b:a7:bf:76:c5:ff:ed:fb:ed:57:
                    88:e4:e5:88:4d:e6:eb:9b:50:58:fc:0b:51:8b:84:
                    47:0f:72:3c:e2:29:09:f7:6d:a1:dd:74:2b:4f:45:
                    c4:4c:58:80:d6:4c:4a:dd:12:d9:3f:c2:3b:e2:7f:
                    54:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:B4:5A:A4:43:D6:77:34:3D:87:C7:E0:43:B0:9C:18:EF:DD:29:AE
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/6bRapEPWdzQ9h8fgQ7CcGO_dKa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:fff7::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:1a:d1:6c:19:68:a2:56:bc:dd:c5:bf:3d:ab:b5:34:99:9a:
         66:80:5d:70:8d:cf:6c:5a:7a:b7:2a:ce:e2:73:3e:af:fd:8d:
         cf:63:47:21:6c:2a:c6:9d:7b:fa:82:e1:5c:ed:9b:66:cb:d4:
         ce:e0:2b:d6:de:4e:15:9c:5c:b6:5a:96:64:96:40:bb:d7:fe:
         63:aa:ca:31:27:7f:81:bb:5b:cc:b8:cd:72:cd:d0:3d:6f:21:
         f2:86:4e:6d:ab:3a:5b:0f:e0:d3:87:3e:8a:87:aa:75:d8:8e:
         5d:73:c0:0e:9b:2e:61:73:0a:63:11:bc:94:06:ab:f4:27:fa:
         6d:96:01:fa:b3:09:4b:08:cd:92:9b:29:c4:58:ef:e3:9f:d9:
         1b:13:4f:f4:a1:8e:86:de:0f:c4:1f:b8:50:38:2e:a5:fe:7e:
         b6:04:4f:5e:54:95:4d:1c:38:a4:71:5b:97:f2:14:6e:3c:de:
         ed:25:90:5f:09:90:e8:35:d2:6e:3b:90:e2:f5:59:c4:35:01:
         8f:27:cd:27:a4:77:cb:98:9d:07:f5:0c:66:cc:a9:1a:bb:f6:
         98:ab:20:b5:8d:ff:33:cb:f5:d0:f6:b8:b8:d0:4d:04:b2:02:
         cf:3e:04:73:5a:58:4e:31:44:a9:42:35:c4:99:e7:b5:63:b5:
         34:1e:97:03
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2vuNWBwO7s9uPzfcDhNYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWI0NWFhNDQzZDY3NzM0M2Q4N2M3ZTA0M2IwOWMxOGVmZGQyOWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmEM7oHyDEeRy8oRvkntQgMXHkK7
U7Kn0iffmDnnkcnIKCMyezF9K1Vb296qfGb0AV8F/I9bZOZx2mcz811ddUrGrzk0
pg1JKP7TavRTJhKvKePtd+ll9HUcpNc8a1fIIsyc1YQTbGYgG839+4cmyGE9OP3a
e1PpSGtdX4uZyWF99w9odGQT99tJSptZKci1TvFPtQAtgA5/KVD4xz/p5oSa4YOf
JNKosD0jVxp0zfqbbINAhPEZWIGF9pF3WY7kCNop7gmav4unv3bF/+377VeI5OWI
Tebrm1BY/AtRi4RHD3I84ikJ922h3XQrT0XETFiA1kxK3RLZP8I74n9UrQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOm0WqRD1nc0PYfH4EOwnBjv3SmuMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvNmJSYXBFUFdkelE5aDhmZ1E3Q2NHT19kS2E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9XB//3
MA0GCSqGSIb3DQEBCwUAA4IBAQAzGtFsGWiiVrzdxb89q7U0mZpmgF1wjc9sWnq3
Ks7icz6v/Y3PY0chbCrGnXv6guFc7Ztmy9TO4CvW3k4VnFy2WpZklkC71/5jqsox
J3+Bu1vMuM1yzdA9byHyhk5tqzpbD+DThz6Kh6p12I5dc8AOmy5hcwpjEbyUBqv0
J/ptlgH6swlLCM2SmynEWO/jn9kbE0/0oY6G3g/EH7hQOC6l/n62BE9eVJVNHDik
cVuX8hRuPN7tJZBfCZDoNdJuO5Di9VnENQGPJ80npHfLmJ0H9QxmzKkau/aYqyC1
jf8zy/XQ9ri40E0EsgLPPgRzWlhOMUSpQjXEmee1Y7U0HpcD
-----END CERTIFICATE-----