Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/DHjEDGq1dgjnzu6TuRTWdod81rU.roa
File:                     DHjEDGq1dgjnzu6TuRTWdod81rU.roa (raw, json)
Hash identifier:          +7Dv8JKNFivYy+eeMS3S5mEZme2iv+liMqNruEKDwYs=
Subject key identifier:   0C:78:C4:0C:6A:B5:76:08:E7:CE:EE:93:B9:14:D6:76:87:7C:D6:B5
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB0AD91FBBAFDB9041F10665E2354C
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/DHjEDGq1dgjnzu6TuRTWdod81rU.roa
Signing time:             Mon 01 Jan 2024 02:29:44 +0000
ROA not before:           Mon 01 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211684
IP address blocks:        2a0f:5707:b100::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:0a:d9:1f:bb:af:db:90:41:f1:06:65:e2:35:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c78c40c6ab57608e7ceee93b914d676877cd6b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:fb:34:8f:c0:2f:54:15:7e:34:35:8d:a5:38:
                    15:06:88:25:ae:99:42:51:8e:20:c1:f9:3e:20:d0:
                    83:cf:79:ed:fd:ed:57:e0:5e:20:55:00:f4:d1:2e:
                    0b:0d:6b:ce:be:2e:2b:ae:67:02:b7:82:7d:99:af:
                    b4:bc:e0:5b:2e:8e:80:89:00:18:01:57:34:57:8a:
                    f3:32:41:28:92:03:89:9c:50:d2:d2:83:76:a7:5f:
                    9d:43:62:c4:b5:bd:eb:ff:bb:b2:e8:dd:97:76:91:
                    46:91:35:ea:85:be:c7:ff:4c:b9:9e:8a:6c:ff:d8:
                    36:3b:ca:d6:9b:da:80:51:03:f0:3d:8e:ba:46:cc:
                    7a:ec:f1:3e:e1:ed:c8:39:ed:5d:9b:4a:9f:76:fa:
                    e0:a0:28:ce:49:e9:d2:5a:9c:f4:57:78:c1:28:de:
                    c2:71:e4:9a:0b:8d:29:86:fb:c5:91:0e:93:88:a3:
                    04:49:81:8f:ef:27:37:f5:9f:be:c8:f4:d8:6d:bd:
                    26:c7:6d:51:02:8b:a3:27:7e:8e:b1:61:b1:f2:55:
                    af:3c:3c:a5:64:98:ea:86:5d:7b:6e:fe:86:39:19:
                    ff:a4:c3:bb:fc:9d:b1:4a:23:04:8f:bf:08:8a:45:
                    18:db:8f:00:32:9d:fc:7c:4e:72:91:67:36:f5:26:
                    c0:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:78:C4:0C:6A:B5:76:08:E7:CE:EE:93:B9:14:D6:76:87:7C:D6:B5
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/DHjEDGq1dgjnzu6TuRTWdod81rU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:b100::/44

    Signature Algorithm: sha256WithRSAEncryption
         af:f8:48:f5:e4:56:19:56:cd:30:69:92:c6:cf:26:f1:19:c7:
         5b:7c:af:9b:f1:2b:49:c3:c1:04:a5:04:0b:65:6b:6a:63:91:
         dd:21:0a:3a:b3:15:46:eb:7d:d4:f5:a5:cf:8c:a7:ce:4a:e7:
         0c:0b:87:fe:65:58:98:ea:bf:5f:17:3a:a7:73:65:14:b6:50:
         c6:0b:2f:61:f8:f4:66:9e:aa:2a:4b:8c:79:86:6b:d1:17:87:
         24:90:f9:a6:a2:ed:f7:67:b1:1d:6b:3e:de:01:a1:cd:94:2b:
         a3:f3:69:e7:8a:20:45:40:3d:8c:fa:19:1c:49:5a:16:7e:6c:
         e7:6f:b1:7b:b0:e5:22:5e:7d:ba:59:c1:44:f2:5f:44:58:e9:
         f0:9a:2b:42:59:5c:ba:f8:05:c2:53:12:2f:68:27:8b:80:ef:
         7d:7d:ae:b0:a3:dc:0c:c5:b2:c5:77:bb:32:45:a2:4c:fc:c5:
         30:0a:5f:eb:3a:24:c9:0f:ad:c7:18:60:c1:a9:91:a1:2d:b8:
         c5:a4:ac:03:8d:57:a8:ec:81:0f:4f:0c:f6:9d:65:4e:18:5d:
         5b:13:3d:45:4b:53:18:96:0a:f8:1b:7a:07:62:8c:ae:d1:90:
         21:c8:0c:14:94:05:3c:f7:b7:8f:61:d0:70:56:d1:ea:27:70:
         90:db:f5:18
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wrZH7uv25BB8QZl4jVMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzc4YzQwYzZhYjU3NjA4ZTdjZWVlOTNiOTE0ZDY3Njg3N2NkNmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPs0j8AvVBV+NDWNpTgVBoglrplC
UY4gwfk+INCDz3nt/e1X4F4gVQD00S4LDWvOvi4rrmcCt4J9ma+0vOBbLo6AiQAY
AVc0V4rzMkEokgOJnFDS0oN2p1+dQ2LEtb3r/7uy6N2XdpFGkTXqhb7H/0y5nops
/9g2O8rWm9qAUQPwPY66Rsx67PE+4e3IOe1dm0qfdvrgoCjOSenSWpz0V3jBKN7C
ceSaC40phvvFkQ6TiKMESYGP7yc39Z++yPTYbb0mx21RAoujJ36OsWGx8lWvPDyl
ZJjqhl17bv6GORn/pMO7/J2xSiMEj78IikUY248AMp38fE5ykWc29SbAxQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAx4xAxqtXYI587uk7kU1naHfNa1MB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvREhqRURHcTFkZ2puenU2VHVSVFdkb2Q4MXJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB7EA
MA0GCSqGSIb3DQEBCwUAA4IBAQCv+Ej15FYZVs0waZLGzybxGcdbfK+b8StJw8EE
pQQLZWtqY5HdIQo6sxVG633U9aXPjKfOSucMC4f+ZViY6r9fFzqnc2UUtlDGCy9h
+PRmnqoqS4x5hmvRF4ckkPmmou33Z7Edaz7eAaHNlCuj82nniiBFQD2M+hkcSVoW
fmznb7F7sOUiXn26WcFE8l9EWOnwmitCWVy6+AXCUxIvaCeLgO99fa6wo9wMxbLF
d7syRaJM/MUwCl/rOiTJD63HGGDBqZGhLbjFpKwDjVeo7IEPTwz2nWVOGF1bEz1F
S1MYlgr4G3oHYoyu0ZAhyAwUlAU897ePYdBwVtHqJ3CQ2/UY
-----END CERTIFICATE-----