Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/9HdbHzZ27Vd3tlQStmluQMdFsxg.roa
File:                     9HdbHzZ27Vd3tlQStmluQMdFsxg.roa (raw, json)
Hash identifier:          Kkqk35e6lllQPlKYLd1+lhlbXoHZPI4IQZ6jvHb2ESk=
Subject key identifier:   F4:77:5B:1F:36:76:ED:57:77:B6:54:12:B6:69:6E:40:C7:45:B3:18
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       0194266BE3C7D5EA1EFB0E0DFE250B7DF2E2
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/9HdbHzZ27Vd3tlQStmluQMdFsxg.roa
Signing time:             Thu 02 Jan 2025 09:49:52 +0000
ROA not before:           Thu 02 Jan 2025 09:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51087
IP address blocks:        2a0f:5707:fa00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:e3:c7:d5:ea:1e:fb:0e:0d:fe:25:0b:7d:f2:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  2 09:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f4775b1f3676ed5777b65412b6696e40c745b318
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ec:09:82:4c:0b:f8:5d:b5:54:c5:37:17:1a:
                    3e:a1:08:21:4a:bb:bb:38:f6:25:cc:3e:2f:d2:79:
                    f5:ed:c5:56:06:88:8a:59:8c:89:5b:3d:96:69:43:
                    dd:f5:6f:07:88:1c:61:7a:19:70:e0:fb:a8:11:f4:
                    67:19:1f:90:77:66:19:2b:4d:c0:f3:63:b9:6b:0b:
                    fa:92:27:cd:23:22:78:a6:86:2f:78:fe:67:6a:f8:
                    23:4f:b0:c1:3e:75:9a:5d:11:d8:5f:a2:79:f2:3b:
                    11:c8:53:55:3a:b3:7d:82:8c:02:a1:a8:39:2c:b1:
                    81:be:21:42:d2:0d:20:17:47:b0:c9:b0:7e:cc:bd:
                    23:dd:97:b3:46:76:06:6b:57:7e:d2:67:b6:18:48:
                    ae:1d:90:31:d5:41:73:0f:95:ba:02:39:09:5b:ae:
                    d2:02:df:70:02:ac:20:8c:e3:1c:ab:bd:5f:df:a3:
                    01:06:ea:c4:74:e3:7b:28:89:9c:99:3f:ac:a4:88:
                    5b:db:ca:1d:8a:d2:27:d5:80:36:83:1c:37:77:f8:
                    ec:e8:2e:71:9d:50:98:d9:b9:c8:75:b0:c8:9c:b9:
                    88:db:f6:86:a9:8f:17:c4:9d:39:6c:61:2b:04:69:
                    fe:f6:fe:b6:f6:0b:ed:38:ba:ea:cc:52:ba:51:7a:
                    94:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:77:5B:1F:36:76:ED:57:77:B6:54:12:B6:69:6E:40:C7:45:B3:18
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/9HdbHzZ27Vd3tlQStmluQMdFsxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:fa00::/40

    Signature Algorithm: sha256WithRSAEncryption
         53:2f:8e:3e:c9:e0:64:54:76:b5:7b:27:84:58:5a:31:bc:b3:
         d4:df:6f:cd:ff:5f:08:ef:43:72:33:93:28:e9:0e:8e:b9:a5:
         17:85:94:a3:06:ff:fc:d0:6d:80:58:cd:3c:a2:e7:c6:be:aa:
         35:e7:72:a5:5d:f3:a2:a8:ec:05:57:63:4a:23:48:2a:3b:f5:
         39:f4:cb:34:8b:93:9e:60:dc:30:3f:03:ca:04:84:56:1f:33:
         91:69:03:3e:52:5a:5d:4d:0c:cb:d0:78:95:c6:10:8e:1f:5f:
         2b:05:b8:bd:cf:99:4e:e6:39:af:9e:11:ba:bb:1d:7f:18:df:
         f8:49:c7:38:34:86:2f:f2:57:b3:a7:cb:49:86:a5:03:e7:66:
         56:d9:2f:b5:a6:c4:fe:99:de:a6:55:04:71:e8:e2:ea:e1:36:
         a7:b4:d7:65:3c:cd:4c:4e:e2:97:49:b1:1b:a4:a3:5d:52:94:
         60:4b:49:a8:14:88:6b:13:df:65:be:38:10:84:6b:da:87:29:
         ba:a1:10:b9:ac:63:2b:6e:81:bc:d6:e9:9e:c4:69:66:e6:02:
         da:49:e5:d0:49:df:da:73:64:99:16:48:ae:86:a9:7d:62:b1:
         b5:24:25:d4:ab:f4:7d:4a:86:89:c6:c7:a5:09:2b:c2:af:1d:
         d9:08:f4:2e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQma+PH1eoe+w4N/iULffLiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjUwMTAyMDk0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDc3NWIxZjM2NzZlZDU3NzdiNjU0MTJiNjY5NmU0MGM3NDViMzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuwJgkwL+F21VMU3Fxo+oQghSru7
OPYlzD4v0nn17cVWBoiKWYyJWz2WaUPd9W8HiBxhehlw4PuoEfRnGR+Qd2YZK03A
82O5awv6kifNIyJ4poYveP5navgjT7DBPnWaXRHYX6J58jsRyFNVOrN9gowCoag5
LLGBviFC0g0gF0ewybB+zL0j3ZezRnYGa1d+0me2GEiuHZAx1UFzD5W6AjkJW67S
At9wAqwgjOMcq71f36MBBurEdON7KImcmT+spIhb28oditIn1YA2gxw3d/js6C5x
nVCY2bnIdbDInLmI2/aGqY8XxJ05bGErBGn+9v629gvtOLrqzFK6UXqUBwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPR3Wx82du1Xd7ZUErZpbkDHRbMYMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvOUhkYkh6WjI3VmQzdGxRU3RtbHVRTWRGc3hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg9XB/ow
DQYJKoZIhvcNAQELBQADggEBAFMvjj7J4GRUdrV7J4RYWjG8s9Tfb83/XwjvQ3Iz
kyjpDo65pReFlKMG//zQbYBYzTyi58a+qjXncqVd86Ko7AVXY0ojSCo79Tn0yzSL
k55g3DA/A8oEhFYfM5FpAz5SWl1NDMvQeJXGEI4fXysFuL3PmU7mOa+eEbq7HX8Y
3/hJxzg0hi/yV7Ony0mGpQPnZlbZL7WmxP6Z3qZVBHHo4urhNqe012U8zUxO4pdJ
sRuko11SlGBLSagUiGsT32W+OBCEa9qHKbqhELmsYytugbzW6Z7EaWbmAtpJ5dBJ
39pzZJkWSK6GqX1isbUkJdSr9H1KhonGx6UJK8KvHdkI9C4=
-----END CERTIFICATE-----