Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/C0hpnOsU9qtanemwtgHXrIasMw8.roa
File:                     C0hpnOsU9qtanemwtgHXrIasMw8.roa (raw, json)
Hash identifier:          Doxbl5BznVpWxZS2kSOwKrIyip83VV2LHwvrulwz8Yw=
Subject key identifier:   0B:48:69:9C:EB:14:F6:AB:5A:9D:E9:B0:B6:01:D7:AC:86:AC:33:0F
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB041BCFA4382694BE544AAC095FD7
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/C0hpnOsU9qtanemwtgHXrIasMw8.roa
Signing time:             Mon 01 Jan 2024 02:29:42 +0000
ROA not before:           Mon 01 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207622
IP address blocks:        2a0f:5707:aa20::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:04:1b:cf:a4:38:26:94:be:54:4a:ac:09:5f:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b48699ceb14f6ab5a9de9b0b601d7ac86ac330f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:db:8f:fd:8f:af:ad:93:b5:c9:1d:53:7f:29:
                    fd:24:db:85:79:7a:88:5d:35:d2:e5:0c:7a:ff:a7:
                    fe:7f:d3:44:f3:ee:65:5b:78:81:92:8b:f0:9f:46:
                    7b:c4:b3:b6:7b:37:55:87:8b:88:30:25:b5:4f:36:
                    49:30:e4:55:85:85:e0:4a:c6:73:ea:20:08:d8:6b:
                    49:d7:9e:e5:8c:d4:d9:cf:ac:b5:dd:d6:26:1e:f6:
                    c0:64:94:92:64:82:df:83:a2:3a:52:51:f4:bd:01:
                    f5:19:0c:e3:73:7a:ee:39:52:c1:a4:e2:e3:28:06:
                    7b:df:a4:b5:9e:c0:6b:9a:e6:97:e6:f3:21:4f:0e:
                    2b:b5:50:87:88:ac:45:77:6f:22:d6:d2:aa:45:1a:
                    62:a9:ca:c3:d1:b7:54:94:b5:13:a4:ec:db:25:9e:
                    b9:e9:f5:a1:b2:28:e2:89:ad:f2:f0:8c:e9:8b:40:
                    16:98:52:a8:fd:be:a5:56:5a:e8:6d:b7:7c:01:81:
                    c5:9f:7b:72:1e:cf:d4:ff:f3:cb:2e:a2:38:97:23:
                    7c:b7:24:fb:d1:1f:b6:89:39:9e:8a:d2:71:ca:01:
                    55:c5:3d:b1:86:c8:7e:cc:3e:5f:b5:6a:1e:2b:8e:
                    bf:82:e1:b7:25:a1:ac:d6:0e:58:07:e2:79:e0:3b:
                    3d:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:48:69:9C:EB:14:F6:AB:5A:9D:E9:B0:B6:01:D7:AC:86:AC:33:0F
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/C0hpnOsU9qtanemwtgHXrIasMw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:aa20::/44

    Signature Algorithm: sha256WithRSAEncryption
         bc:2f:f7:b8:0e:6c:98:8c:8d:6a:d6:ae:ba:47:0d:f9:03:bd:
         b3:ae:30:4a:04:29:60:6c:96:bb:32:52:60:db:e6:30:7d:27:
         0b:97:e8:38:bb:8b:6f:ff:97:e0:3c:a6:1e:7f:08:62:f2:7d:
         ce:0b:f3:ff:ee:3c:c0:c1:05:80:b1:b4:89:13:a4:f7:4c:94:
         75:ba:fb:2e:30:75:70:f7:fb:fc:ac:1d:de:78:0d:fd:d9:34:
         74:bb:0b:c6:1b:95:bd:39:02:fd:68:63:89:fe:71:a1:79:5f:
         21:4e:e9:05:63:4e:22:99:78:ad:4d:0e:c4:fc:16:d2:b0:94:
         28:3a:60:0b:7f:a3:f4:40:2e:fe:07:95:f4:b5:8d:03:c7:3b:
         2a:16:3e:60:48:c3:be:f3:e4:87:21:96:94:57:4e:e9:fa:8a:
         bb:56:dc:3c:b4:be:fe:6e:87:f3:52:c3:a0:48:fa:83:82:dc:
         f3:3b:56:a5:06:b2:f5:2a:d2:f5:a8:ad:59:f9:d0:97:7c:ce:
         6f:75:fc:aa:14:a6:c5:85:b3:fb:ec:c0:54:c3:47:cd:04:56:
         0d:2d:29:b2:96:11:0e:7f:f5:97:7f:75:84:bb:24:60:f4:35:
         e2:2c:b7:ba:86:48:9f:1b:41:7b:cb:8d:a5:03:b5:f8:20:ec:
         c8:cb:68:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wQbz6Q4JpS+VEqsCV/XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjQ4Njk5Y2ViMTRmNmFiNWE5ZGU5YjBiNjAxZDdhYzg2YWMzMzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NuP/Y+vrZO1yR1Tfyn9JNuFeXqI
XTXS5Qx6/6f+f9NE8+5lW3iBkovwn0Z7xLO2ezdVh4uIMCW1TzZJMORVhYXgSsZz
6iAI2GtJ157ljNTZz6y13dYmHvbAZJSSZILfg6I6UlH0vQH1GQzjc3ruOVLBpOLj
KAZ736S1nsBrmuaX5vMhTw4rtVCHiKxFd28i1tKqRRpiqcrD0bdUlLUTpOzbJZ65
6fWhsijiia3y8Izpi0AWmFKo/b6lVlrobbd8AYHFn3tyHs/U//PLLqI4lyN8tyT7
0R+2iTmeitJxygFVxT2xhsh+zD5ftWoeK46/guG3JaGs1g5YB+J54Ds9mwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAtIaZzrFParWp3psLYB16yGrDMPMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvQzBocG5Pc1U5cXRhbmVtd3RnSFhySWFzTXc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6og
MA0GCSqGSIb3DQEBCwUAA4IBAQC8L/e4DmyYjI1q1q66Rw35A72zrjBKBClgbJa7
MlJg2+YwfScLl+g4u4tv/5fgPKYefwhi8n3OC/P/7jzAwQWAsbSJE6T3TJR1uvsu
MHVw9/v8rB3eeA392TR0uwvGG5W9OQL9aGOJ/nGheV8hTukFY04imXitTQ7E/BbS
sJQoOmALf6P0QC7+B5X0tY0DxzsqFj5gSMO+8+SHIZaUV07p+oq7Vtw8tL7+bofz
UsOgSPqDgtzzO1alBrL1KtL1qK1Z+dCXfM5vdfyqFKbFhbP77MBUw0fNBFYNLSmy
lhEOf/WXf3WEuyRg9DXiLLe6hkifG0F7y42lA7X4IOzIy2hL
-----END CERTIFICATE-----