Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/DtG6FkdfNlemrFE3q68cVo0r8UM.roa
File:                     DtG6FkdfNlemrFE3q68cVo0r8UM.roa (raw, json)
Hash identifier:          09XlHHnfHRlGSqCphDUYZK4zm6iXdHZT5bGNGLhJu4k=
Subject key identifier:   0E:D1:BA:16:47:5F:36:57:A6:AC:51:37:AB:AF:1C:56:8D:2B:F1:43
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB01AB13B3A87277C94DEF468A067E
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/DtG6FkdfNlemrFE3q68cVo0r8UM.roa
Signing time:             Mon 01 Jan 2024 02:29:41 +0000
ROA not before:           Mon 01 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206215
IP address blocks:        2a0f:5707:aa50::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:01:ab:13:b3:a8:72:77:c9:4d:ef:46:8a:06:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ed1ba16475f3657a6ac5137abaf1c568d2bf143
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:0c:8d:39:0d:61:db:2b:43:0e:03:48:89:07:
                    e4:8c:69:b4:85:31:a3:49:b6:39:80:85:b9:01:30:
                    e8:3f:73:dc:24:4b:e8:bd:6a:04:4b:65:32:2f:a2:
                    69:08:1c:8b:03:b3:36:ac:91:ff:08:29:22:ea:4a:
                    c3:29:35:ef:8d:4f:13:86:40:c6:97:72:5e:16:dd:
                    41:08:f1:38:f8:f3:5f:c3:95:ee:0d:21:51:fd:d3:
                    71:ac:41:21:e2:f0:cd:0f:a8:46:7f:31:41:63:e0:
                    9d:2f:83:d1:94:bb:aa:ab:76:1a:d7:b2:87:9d:eb:
                    3d:de:a1:7b:54:03:a2:dd:c9:8a:d7:87:2c:f6:77:
                    a2:94:3c:89:7c:60:53:ea:c2:6a:7e:36:64:5b:ef:
                    6f:30:43:f9:9e:93:c5:23:1a:09:95:c5:e7:60:9f:
                    55:77:b8:43:dd:e9:db:ce:7b:44:91:05:e1:b4:36:
                    e8:07:7f:f8:53:50:0a:03:5d:6a:98:e8:1c:d3:ec:
                    7d:09:e0:eb:46:55:0a:f7:e9:91:d4:0d:cd:28:95:
                    4a:41:16:e9:b0:8b:d9:4f:94:2b:49:26:2d:9f:0f:
                    cd:9c:69:f7:e3:76:4d:3b:3c:ec:48:c8:07:6a:2b:
                    db:89:85:b4:63:f3:11:14:84:e5:9a:3d:98:06:69:
                    9a:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:D1:BA:16:47:5F:36:57:A6:AC:51:37:AB:AF:1C:56:8D:2B:F1:43
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/DtG6FkdfNlemrFE3q68cVo0r8UM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:aa50::/44

    Signature Algorithm: sha256WithRSAEncryption
         18:5a:c0:99:30:8d:81:fc:73:b9:d0:6e:8b:e6:cd:01:bf:d7:
         12:91:c2:85:db:35:a5:3d:17:23:8f:d0:4b:f6:51:3c:08:d6:
         1f:6b:f7:ae:53:ce:c2:b3:4f:2f:8c:bc:4b:c2:6a:27:21:52:
         76:5b:12:51:61:1c:9f:df:a0:b7:26:94:dc:f5:a1:e5:e0:4e:
         83:ec:e9:a3:11:2f:2d:78:4e:f0:3a:f5:29:52:cc:c5:6c:ea:
         82:94:44:c0:2a:ef:25:c2:9e:66:d2:c5:02:05:d6:c4:cf:44:
         b8:50:2e:14:72:b3:7b:c6:96:b7:e4:51:ea:3f:90:70:31:1c:
         20:28:ed:cd:62:ce:19:cc:c6:06:5d:47:12:68:d1:bf:2d:df:
         22:d2:aa:0e:32:b8:6d:cd:92:2a:d4:03:d9:28:f4:17:5f:00:
         f8:d0:cf:a3:e3:3f:f9:3b:c8:c1:e7:8b:9a:3d:c6:35:3e:ee:
         84:25:e9:c3:17:8e:3c:a8:cb:1c:7d:97:c1:a9:50:a8:0c:ec:
         e4:41:91:0a:04:6f:30:3f:31:68:f5:cd:d7:5c:60:f1:5a:d4:
         f4:c8:eb:e2:26:56:51:1d:ed:45:f3:0f:04:00:79:c9:f0:8e:
         fc:f7:6b:1d:c5:1a:ce:f9:5f:eb:09:39:1f:ff:eb:60:dc:b1:
         47:12:e1:48
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wGrE7OocnfJTe9GigZ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWQxYmExNjQ3NWYzNjU3YTZhYzUxMzdhYmFmMWM1NjhkMmJmMTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQyNOQ1h2ytDDgNIiQfkjGm0hTGj
SbY5gIW5ATDoP3PcJEvovWoES2UyL6JpCByLA7M2rJH/CCki6krDKTXvjU8ThkDG
l3JeFt1BCPE4+PNfw5XuDSFR/dNxrEEh4vDND6hGfzFBY+CdL4PRlLuqq3Ya17KH
nes93qF7VAOi3cmK14cs9neilDyJfGBT6sJqfjZkW+9vMEP5npPFIxoJlcXnYJ9V
d7hD3enbzntEkQXhtDboB3/4U1AKA11qmOgc0+x9CeDrRlUK9+mR1A3NKJVKQRbp
sIvZT5QrSSYtnw/NnGn343ZNOzzsSMgHaivbiYW0Y/MRFITlmj2YBmmalwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA7RuhZHXzZXpqxRN6uvHFaNK/FDMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvRHRHNkZrZGZObGVtckZFM3E2OGNWbzByOFVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6pQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAYWsCZMI2B/HO50G6L5s0Bv9cSkcKF2zWlPRcj
j9BL9lE8CNYfa/euU87Cs08vjLxLwmonIVJ2WxJRYRyf36C3JpTc9aHl4E6D7Omj
ES8teE7wOvUpUszFbOqClETAKu8lwp5m0sUCBdbEz0S4UC4UcrN7xpa35FHqP5Bw
MRwgKO3NYs4ZzMYGXUcSaNG/Ld8i0qoOMrhtzZIq1APZKPQXXwD40M+j4z/5O8jB
54uaPcY1Pu6EJenDF448qMscfZfBqVCoDOzkQZEKBG8wPzFo9c3XXGDxWtT0yOvi
JlZRHe1F8w8EAHnJ8I7892sdxRrO+V/rCTkf/+tg3LFHEuFI
-----END CERTIFICATE-----