Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/I8BSHZjJe4fRK_pUy0SQfbwHviY.roa
File:                     I8BSHZjJe4fRK_pUy0SQfbwHviY.roa (raw, json)
Hash identifier:          owvOqrLDeUoNT6uZ5W/6Ts90NCtLLVm8pkgG0HtL5JY=
Subject key identifier:   23:C0:52:1D:98:C9:7B:87:D1:2B:FA:54:CB:44:90:7D:BC:07:BE:26
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       0194266BE2C7A32718AEDADD06E2AFCFBCCF
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/I8BSHZjJe4fRK_pUy0SQfbwHviY.roa
Signing time:             Thu 02 Jan 2025 09:49:51 +0000
ROA not before:           Thu 02 Jan 2025 09:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48126
IP address blocks:        2a0f:5707:aa40::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:e2:c7:a3:27:18:ae:da:dd:06:e2:af:cf:bc:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  2 09:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23c0521d98c97b87d12bfa54cb44907dbc07be26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:cc:c5:bb:fe:66:96:2f:7d:94:a9:b8:5a:73:
                    9d:36:61:28:75:23:30:0f:b6:21:60:22:be:0e:bd:
                    8e:a8:7f:ba:1a:37:e5:e1:70:8c:0e:3b:34:86:cd:
                    85:7b:de:cd:2f:36:cf:43:7c:bf:78:4f:fb:a0:ae:
                    f7:23:26:64:c6:64:93:1e:79:93:a8:81:9c:36:6a:
                    af:4d:ab:1e:cc:80:bd:a0:0c:89:12:fa:95:07:e9:
                    6c:7c:e4:97:a7:c8:37:e5:3b:82:38:57:c0:24:4c:
                    98:21:61:ac:c7:35:29:f5:1f:c3:0c:61:e1:7b:95:
                    b1:0d:8c:2f:55:2d:f6:e4:38:11:09:a9:10:e5:12:
                    66:58:ce:fa:e6:b5:33:94:b9:03:c3:6c:b5:d6:ac:
                    76:e8:c4:f8:41:b7:ee:18:b9:18:8b:e0:e5:f8:67:
                    1d:67:b2:89:b4:ce:93:f7:a0:c5:8f:6a:cf:00:e3:
                    ca:32:65:4b:2d:d4:d6:e2:c1:f6:0b:97:96:42:76:
                    43:43:0d:09:2a:64:70:d9:90:6a:59:40:30:5a:53:
                    a2:42:13:69:a6:10:05:3e:8f:8f:90:1b:29:39:06:
                    a3:0a:8e:1e:3e:39:0b:70:01:f9:b4:0f:ce:f4:63:
                    e7:51:e2:22:73:f1:9a:0a:b9:de:73:86:90:34:8f:
                    0f:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:C0:52:1D:98:C9:7B:87:D1:2B:FA:54:CB:44:90:7D:BC:07:BE:26
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/I8BSHZjJe4fRK_pUy0SQfbwHviY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:aa40::/44

    Signature Algorithm: sha256WithRSAEncryption
         a3:08:e2:91:28:5c:b6:16:85:7a:08:25:35:d0:37:78:eb:9a:
         e3:fd:d2:6f:20:81:23:fd:a2:f9:c9:3c:8f:7e:92:51:19:3b:
         97:75:72:8f:76:2b:0c:a5:20:d7:f8:b3:31:1f:84:21:ee:5f:
         9b:d8:07:1b:5b:5d:5d:64:51:2c:84:47:00:91:5c:57:d7:38:
         4e:c8:d9:99:25:92:5b:6f:14:36:15:01:d1:c9:20:10:9d:37:
         f3:d6:05:a3:2f:c0:2d:d9:31:3c:cc:e0:34:45:fb:bb:e2:ee:
         44:e7:3c:cf:51:3c:5c:34:4f:4c:c1:70:90:87:e3:db:11:c8:
         4d:fd:27:b1:ff:e8:c9:69:00:ea:5b:97:3c:e8:c5:c7:b3:8f:
         4e:c1:df:4b:c7:ec:9d:b8:60:d2:e2:79:c5:c1:5e:8e:10:b3:
         72:7d:a8:5a:8b:1b:cd:2e:57:ca:dd:46:47:cf:c4:71:69:de:
         e8:79:e3:d1:75:72:f5:91:c2:bf:f5:83:86:6c:0e:f0:a6:d7:
         2d:f5:f4:3d:2c:26:16:f0:8c:da:bf:a6:5f:46:bf:3f:d1:a5:
         44:bb:ec:c4:e3:a3:f0:6d:23:bc:24:98:75:c7:3b:07:18:db:
         25:71:a9:10:04:ba:08:64:28:b5:81:65:8f:7b:ce:15:83:66:
         2b:b0:84:10
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQma+LHoycYrtrdBuKvz7zPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjUwMTAyMDk0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2MwNTIxZDk4Yzk3Yjg3ZDEyYmZhNTRjYjQ0OTA3ZGJjMDdiZTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMzFu/5mli99lKm4WnOdNmEodSMw
D7YhYCK+Dr2OqH+6Gjfl4XCMDjs0hs2Fe97NLzbPQ3y/eE/7oK73IyZkxmSTHnmT
qIGcNmqvTasezIC9oAyJEvqVB+lsfOSXp8g35TuCOFfAJEyYIWGsxzUp9R/DDGHh
e5WxDYwvVS325DgRCakQ5RJmWM765rUzlLkDw2y11qx26MT4QbfuGLkYi+Dl+Gcd
Z7KJtM6T96DFj2rPAOPKMmVLLdTW4sH2C5eWQnZDQw0JKmRw2ZBqWUAwWlOiQhNp
phAFPo+PkBspOQajCo4ePjkLcAH5tA/O9GPnUeIic/GaCrnec4aQNI8PQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCPAUh2YyXuH0Sv6VMtEkH28B74mMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvSThCU0haakplNGZSS19wVXkwU1FmYndIdmlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6pA
MA0GCSqGSIb3DQEBCwUAA4IBAQCjCOKRKFy2FoV6CCU10Dd465rj/dJvIIEj/aL5
yTyPfpJRGTuXdXKPdisMpSDX+LMxH4Qh7l+b2AcbW11dZFEshEcAkVxX1zhOyNmZ
JZJbbxQ2FQHRySAQnTfz1gWjL8At2TE8zOA0Rfu74u5E5zzPUTxcNE9MwXCQh+Pb
EchN/Sex/+jJaQDqW5c86MXHs49Owd9Lx+yduGDS4nnFwV6OELNyfahaixvNLlfK
3UZHz8Rxad7oeePRdXL1kcK/9YOGbA7wptct9fQ9LCYW8Izav6ZfRr8/0aVEu+zE
46PwbSO8JJh1xzsHGNslcakQBLoIZCi1gWWPe84Vg2YrsIQQ
-----END CERTIFICATE-----