Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/B-HvPcMNkORIEsyHin-5Ucm45so.roa
File:                     B-HvPcMNkORIEsyHin-5Ucm45so.roa (raw, json)
Hash identifier:          QH08oAPROflXQtq3pjVDZyI9xtgTK2UfOm1DEys9OhE=
Subject key identifier:   07:E1:EF:3D:C3:0D:90:E4:48:12:CC:87:8A:7F:B9:51:C9:B8:E6:CA
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       0194266BE334805D14A8A8C1E9578634B846
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/B-HvPcMNkORIEsyHin-5Ucm45so.roa
Signing time:             Thu 02 Jan 2025 09:49:52 +0000
ROA not before:           Thu 02 Jan 2025 09:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49575
IP address blocks:        2a0f:5707:fe00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:e3:34:80:5d:14:a8:a8:c1:e9:57:86:34:b8:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  2 09:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07e1ef3dc30d90e44812cc878a7fb951c9b8e6ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:8a:8d:b1:e4:8c:b9:e4:99:55:0e:da:6c:38:
                    ba:30:ef:96:94:c6:20:ab:be:cd:76:21:cd:69:4e:
                    01:33:9b:aa:f4:2f:4b:6c:64:93:e1:d5:98:b6:82:
                    40:ba:87:31:73:7a:f9:6e:73:a9:8e:be:13:50:2c:
                    c6:39:09:36:13:e4:09:f4:12:40:31:6b:14:d3:78:
                    7e:e3:0c:e3:fa:e5:ac:e2:88:a3:2c:7c:a1:42:41:
                    4e:76:66:c0:31:80:d8:3d:80:b9:df:ca:3c:9f:8e:
                    9c:f9:57:5c:16:b7:6e:c2:a2:18:0f:2a:bc:94:16:
                    3c:98:cc:cd:71:26:3b:47:4d:2d:31:41:62:af:d3:
                    9d:2a:47:d9:2e:89:53:1a:59:0f:36:e0:ac:85:f6:
                    13:b6:9d:cf:d1:62:84:fb:42:dc:ef:9c:d6:b2:65:
                    d3:36:d6:bd:0a:43:69:52:69:60:f8:58:74:64:43:
                    88:54:bd:6b:39:d0:ba:c3:44:24:c5:84:dc:5d:b4:
                    49:8f:a2:2e:ca:12:1a:a4:6d:85:f6:f1:14:49:94:
                    a2:74:57:57:28:7a:73:79:bb:c6:e6:aa:a5:7e:f6:
                    46:e2:33:9d:a8:74:fc:4e:4a:f5:6c:29:21:bc:1e:
                    c9:3d:6c:3c:21:1f:9b:a9:a9:40:af:04:d2:d7:79:
                    2a:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:E1:EF:3D:C3:0D:90:E4:48:12:CC:87:8A:7F:B9:51:C9:B8:E6:CA
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/B-HvPcMNkORIEsyHin-5Ucm45so.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:fe00::/40

    Signature Algorithm: sha256WithRSAEncryption
         3e:30:a6:14:94:0a:ab:61:e6:e3:22:9c:85:0e:a1:b8:44:02:
         08:dd:90:d7:e3:1a:e7:97:2c:7c:f6:48:19:3d:b5:f0:d2:52:
         5c:75:e7:a3:42:8a:78:bf:d8:71:c7:3c:50:29:32:76:e2:6a:
         4d:a8:3f:c0:81:70:46:8a:d4:ef:a1:ee:8d:cd:8f:88:f0:9e:
         6d:7a:d8:59:43:30:1e:c0:a5:a0:d9:76:62:ca:e0:d0:ea:1e:
         dc:45:45:16:8a:52:98:d1:dc:b8:fc:a6:c5:85:54:e3:09:04:
         b5:40:93:ee:05:a0:a9:c9:9a:00:ac:de:7d:ba:8c:a5:d4:7a:
         f2:e8:ff:ba:e3:62:f9:d9:6c:83:9b:c8:2f:4a:74:05:f0:1b:
         fb:d7:79:d1:18:c0:d3:19:a8:f1:74:82:37:85:5a:a4:4b:db:
         a8:ae:66:04:c7:3e:aa:3f:db:52:00:e5:4e:cc:de:e5:de:f4:
         b6:9f:f5:5b:5c:28:fb:d1:5b:50:8d:bf:6a:b3:e2:ff:df:cf:
         01:92:19:40:0f:ec:00:72:e4:82:a2:7c:a3:34:c0:c4:4d:84:
         73:1f:ba:9b:69:24:b2:82:8c:54:d0:2b:92:c0:a0:1f:34:05:
         04:b8:b5:1a:34:90:8a:79:e3:9b:bf:74:38:26:f2:62:54:1f:
         4b:d7:53:f7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQma+M0gF0UqKjB6VeGNLhGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjUwMTAyMDk0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2UxZWYzZGMzMGQ5MGU0NDgxMmNjODc4YTdmYjk1MWM5YjhlNmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioqNseSMueSZVQ7abDi6MO+WlMYg
q77NdiHNaU4BM5uq9C9LbGST4dWYtoJAuocxc3r5bnOpjr4TUCzGOQk2E+QJ9BJA
MWsU03h+4wzj+uWs4oijLHyhQkFOdmbAMYDYPYC538o8n46c+VdcFrduwqIYDyq8
lBY8mMzNcSY7R00tMUFir9OdKkfZLolTGlkPNuCshfYTtp3P0WKE+0Lc75zWsmXT
Nta9CkNpUmlg+Fh0ZEOIVL1rOdC6w0QkxYTcXbRJj6IuyhIapG2F9vEUSZSidFdX
KHpzebvG5qqlfvZG4jOdqHT8Tkr1bCkhvB7JPWw8IR+bqalArwTS13kqsQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAfh7z3DDZDkSBLMh4p/uVHJuObKMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvQi1IdlBjTU5rT1JJRXN5SGluLTVVY200NXNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg9XB/4w
DQYJKoZIhvcNAQELBQADggEBAD4wphSUCqth5uMinIUOobhEAgjdkNfjGueXLHz2
SBk9tfDSUlx156NCini/2HHHPFApMnbiak2oP8CBcEaK1O+h7o3Nj4jwnm162FlD
MB7ApaDZdmLK4NDqHtxFRRaKUpjR3Lj8psWFVOMJBLVAk+4FoKnJmgCs3n26jKXU
evLo/7rjYvnZbIObyC9KdAXwG/vXedEYwNMZqPF0gjeFWqRL26iuZgTHPqo/21IA
5U7M3uXe9Laf9VtcKPvRW1CNv2qz4v/fzwGSGUAP7ABy5IKifKM0wMRNhHMfuptp
JLKCjFTQK5LAoB80BQS4tRo0kIp545u/dDgm8mJUH0vXU/c=
-----END CERTIFICATE-----