Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/EM1hMxbO0bsfXw2j2a8lTXCRKiA.roa
File:                     EM1hMxbO0bsfXw2j2a8lTXCRKiA.roa (raw, json)
Hash identifier:          sYqqYrGDIOl30ZxmSRGhLReSGVqO1ySn9eTtLPXJi6c=
Subject key identifier:   10:CD:61:33:16:CE:D1:BB:1F:5F:0D:A3:D9:AF:25:4D:70:91:2A:20
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DAFCB4A69BA4E0DA8136E60274F7EB
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/EM1hMxbO0bsfXw2j2a8lTXCRKiA.roa
Signing time:             Mon 01 Jan 2024 02:29:40 +0000
ROA not before:           Mon 01 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56662
IP address blocks:        2a0f:5707:ba00::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fc:b4:a6:9b:a4:e0:da:81:36:e6:02:74:f7:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10cd613316ced1bb1f5f0da3d9af254d70912a20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ca:b5:de:b8:65:91:87:3f:31:6c:fa:21:6e:
                    13:f1:bb:cb:91:51:3b:94:af:29:69:4c:9a:cb:1b:
                    50:bf:0a:68:63:9d:24:04:f7:bc:a4:70:1b:c9:26:
                    e1:44:e3:c1:47:56:0e:2a:51:e8:39:dc:e3:fb:0d:
                    3b:d0:13:c8:53:ab:eb:a9:0f:c9:50:b3:9b:ba:0b:
                    28:40:42:a2:31:c0:88:35:44:d9:61:2d:a9:5b:5d:
                    07:1e:f1:5b:96:ee:50:f9:c4:6f:cf:d9:d4:4b:63:
                    49:f3:77:30:f0:d1:20:d3:67:cc:a7:c7:12:25:10:
                    db:24:d4:20:0e:34:b6:ae:12:56:94:ab:c6:9d:b4:
                    40:83:b7:f4:28:0b:ae:01:d2:23:c2:96:74:37:61:
                    30:c1:35:bf:ad:24:bf:9f:6e:a3:16:b2:1d:95:a9:
                    b2:35:fd:f5:5b:34:41:07:98:63:58:b3:e0:25:a2:
                    0d:b4:fe:16:28:b7:c5:f7:18:fd:2f:d9:52:f0:e7:
                    26:c1:89:24:87:2b:14:2d:50:d9:69:6a:b6:e1:03:
                    58:e5:c0:f6:41:30:3a:cb:7c:ee:89:a0:d6:6e:e1:
                    ff:74:18:d5:8d:45:c8:35:c7:90:bc:bf:e5:93:03:
                    fe:78:56:d4:38:fb:64:00:c7:13:41:2a:ab:55:3c:
                    df:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:CD:61:33:16:CE:D1:BB:1F:5F:0D:A3:D9:AF:25:4D:70:91:2A:20
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/EM1hMxbO0bsfXw2j2a8lTXCRKiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:ba00::/44

    Signature Algorithm: sha256WithRSAEncryption
         20:bc:bc:37:1d:75:81:d2:69:3c:3d:45:05:e1:7e:fa:02:3e:
         80:06:c3:e7:82:4d:45:01:55:6b:3e:95:0e:c9:79:e2:c0:0f:
         87:11:12:ac:a7:11:7f:bf:ad:82:82:7b:6b:e3:8c:3f:10:f9:
         2d:be:61:4e:f3:97:24:9f:24:bd:13:bd:99:9e:60:37:22:b0:
         06:62:2b:63:bd:4e:2a:d7:86:04:e0:b4:6d:73:51:77:a7:2d:
         97:be:3e:69:0a:91:3a:49:21:f5:10:1f:81:f1:7a:4f:0f:27:
         b1:16:69:82:95:8e:5c:a8:1c:94:8a:d0:7f:10:48:69:3d:43:
         8d:bb:09:bd:90:b7:4e:0f:c5:2c:40:e7:51:b2:3b:9f:c4:dd:
         b9:d3:a1:d6:df:bd:a0:e8:02:cf:86:8f:fe:2c:05:7e:f1:bc:
         2a:4e:77:20:88:88:6d:02:71:07:5c:dd:68:c9:df:b2:a2:fa:
         20:1a:1e:fa:08:2a:f1:49:80:d8:4f:6b:cc:04:77:bd:ee:9e:
         a0:66:26:89:86:c5:ba:b8:b1:5b:93:45:b5:78:e0:9f:f5:ac:
         70:ec:f6:12:69:f0:19:fa:d0:b9:d8:88:62:ec:3b:36:52:2b:
         43:56:22:6d:b4:87:e2:d4:41:7b:63:58:f2:05:dd:a6:65:d8:
         e8:9f:49:99
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2vy0ppuk4NqBNuYCdPfrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGNkNjEzMzE2Y2VkMWJiMWY1ZjBkYTNkOWFmMjU0ZDcwOTEyYTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcq13rhlkYc/MWz6IW4T8bvLkVE7
lK8paUyayxtQvwpoY50kBPe8pHAbySbhROPBR1YOKlHoOdzj+w070BPIU6vrqQ/J
ULObugsoQEKiMcCINUTZYS2pW10HHvFblu5Q+cRvz9nUS2NJ83cw8NEg02fMp8cS
JRDbJNQgDjS2rhJWlKvGnbRAg7f0KAuuAdIjwpZ0N2EwwTW/rSS/n26jFrIdlamy
Nf31WzRBB5hjWLPgJaINtP4WKLfF9xj9L9lS8OcmwYkkhysULVDZaWq24QNY5cD2
QTA6y3zuiaDWbuH/dBjVjUXINceQvL/lkwP+eFbUOPtkAMcTQSqrVTzfIwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBDNYTMWztG7H18No9mvJU1wkSogMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvRU0xaE14Yk8wYnNmWHcyajJhOGxUWENSS2lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB7oA
MA0GCSqGSIb3DQEBCwUAA4IBAQAgvLw3HXWB0mk8PUUF4X76Aj6ABsPngk1FAVVr
PpUOyXniwA+HERKspxF/v62Cgntr44w/EPktvmFO85cknyS9E72ZnmA3IrAGYitj
vU4q14YE4LRtc1F3py2Xvj5pCpE6SSH1EB+B8XpPDyexFmmClY5cqByUitB/EEhp
PUONuwm9kLdOD8UsQOdRsjufxN2506HW372g6ALPho/+LAV+8bwqTncgiIhtAnEH
XN1oyd+yovogGh76CCrxSYDYT2vMBHe97p6gZiaJhsW6uLFbk0W1eOCf9axw7PYS
afAZ+tC52Ihi7Ds2UitDViJttIfi1EF7Y1jyBd2mZdjon0mZ
-----END CERTIFICATE-----