Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/IXrxF0uerhzvl1FuZToNNO4aun0.roa
File:                     IXrxF0uerhzvl1FuZToNNO4aun0.roa (raw, json)
Hash identifier:          1Rzc7oRV+C1D3JFwIs5DKqJKknRuYmOVkYhJsCU9/ZM=
Subject key identifier:   21:7A:F1:17:4B:9E:AE:1C:EF:97:51:6E:65:3A:0D:34:EE:1A:BA:7D
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DAFA217EE00F3E89239C2EE6BBA008
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/IXrxF0uerhzvl1FuZToNNO4aun0.roa
Signing time:             Mon 01 Jan 2024 02:29:39 +0000
ROA not before:           Mon 01 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44486
IP address blocks:        2a0f:5707:aae0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 10:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fa:21:7e:e0:0f:3e:89:23:9c:2e:e6:bb:a0:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=217af1174b9eae1cef97516e653a0d34ee1aba7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:6f:ba:fa:d0:a3:1c:d5:90:a1:9c:17:c5:be:
                    71:62:08:f0:6f:5b:0b:d7:e0:01:76:19:92:7f:b1:
                    bf:10:31:b8:7f:51:d8:ec:20:3c:3f:f8:d2:3b:e5:
                    c4:15:e6:c8:65:c0:ba:75:32:d3:59:9c:fd:4f:83:
                    fd:66:a6:86:7c:e5:d3:d3:70:21:7a:f3:65:5e:f1:
                    c3:2b:b6:2d:cd:8a:0c:04:94:1d:41:23:bf:40:a4:
                    32:5b:0b:a1:9a:ce:d2:2b:80:12:37:46:d7:18:13:
                    89:e8:5e:b1:f3:99:4b:38:14:86:63:14:aa:bf:15:
                    72:92:51:fc:f9:dc:2a:ac:b0:42:5e:c4:7b:70:bc:
                    67:71:b6:7e:22:10:5c:09:c8:d5:43:9b:76:9a:a6:
                    7e:c0:b1:67:c3:d6:ee:92:97:54:1d:94:de:7a:68:
                    c1:88:ee:90:41:8e:59:e0:74:6d:27:48:f5:03:2f:
                    02:97:f7:0f:d8:3a:51:e0:1b:86:f8:35:b7:4b:3f:
                    21:58:df:91:9a:29:09:21:63:63:78:5e:9b:7a:01:
                    11:69:b7:1b:c7:71:50:f4:00:70:b1:0d:92:90:ef:
                    e1:a6:a7:98:14:50:e1:89:0e:9a:bb:05:55:18:f1:
                    55:ef:1f:69:d8:4d:95:e8:7e:c9:75:62:ea:62:9c:
                    32:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:7A:F1:17:4B:9E:AE:1C:EF:97:51:6E:65:3A:0D:34:EE:1A:BA:7D
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/IXrxF0uerhzvl1FuZToNNO4aun0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:aae0::/44

    Signature Algorithm: sha256WithRSAEncryption
         4d:b3:fe:f5:f4:3c:07:2b:13:2d:48:93:85:51:da:81:6b:62:
         ee:e6:18:5b:fc:22:8d:12:93:f5:77:2d:36:b6:d1:cb:d0:ed:
         f0:26:07:29:b6:58:a4:42:a7:a1:67:05:2d:62:52:65:ba:25:
         14:ee:53:3b:28:1d:94:ab:9f:a8:e1:ce:1b:d0:36:cb:fb:2a:
         7f:97:0e:8d:14:fd:41:5c:11:8b:c8:8f:d1:98:9f:d9:c2:f2:
         50:7d:08:72:b0:76:0b:c1:ca:f1:5a:04:71:24:eb:dc:aa:8f:
         ce:57:03:fb:2b:13:55:1e:e8:59:30:8d:c8:76:5d:00:75:a3:
         3a:dc:43:6a:42:6d:fd:53:5e:3a:28:65:25:02:bf:fe:28:da:
         d0:88:c0:97:2b:6b:80:b1:65:1e:a2:22:ce:89:e1:dd:2d:e3:
         08:7c:42:38:6b:4e:7e:37:91:92:7f:78:0c:17:ce:47:24:f6:
         54:c7:22:0e:3a:a8:07:a0:7b:dc:04:1f:cf:35:c5:78:8f:7a:
         05:d7:cf:88:39:6e:13:42:5f:03:7e:d0:6a:c1:51:a2:52:12:
         6d:48:9b:47:90:d7:d9:bb:80:aa:68:08:5a:aa:6b:d4:c8:22:
         9f:94:28:e2:9c:b3:c5:4f:34:8d:1c:7f:f4:bc:1d:fd:48:54:
         a7:af:fa:44
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2vohfuAPPokjnC7mu6AIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTdhZjExNzRiOWVhZTFjZWY5NzUxNmU2NTNhMGQzNGVlMWFiYTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAim+6+tCjHNWQoZwXxb5xYgjwb1sL
1+ABdhmSf7G/EDG4f1HY7CA8P/jSO+XEFebIZcC6dTLTWZz9T4P9ZqaGfOXT03Ah
evNlXvHDK7YtzYoMBJQdQSO/QKQyWwuhms7SK4ASN0bXGBOJ6F6x85lLOBSGYxSq
vxVyklH8+dwqrLBCXsR7cLxncbZ+IhBcCcjVQ5t2mqZ+wLFnw9bukpdUHZTeemjB
iO6QQY5Z4HRtJ0j1Ay8Cl/cP2DpR4BuG+DW3Sz8hWN+RmikJIWNjeF6begERabcb
x3FQ9ABwsQ2SkO/hpqeYFFDhiQ6auwVVGPFV7x9p2E2V6H7JdWLqYpwymwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCF68RdLnq4c75dRbmU6DTTuGrp9MB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvSVhyeEYwdWVyaHp2bDFGdVpUb05OTzRhdW4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6rg
MA0GCSqGSIb3DQEBCwUAA4IBAQBNs/719DwHKxMtSJOFUdqBa2Lu5hhb/CKNEpP1
dy02ttHL0O3wJgcptlikQqehZwUtYlJluiUU7lM7KB2Uq5+o4c4b0DbL+yp/lw6N
FP1BXBGLyI/RmJ/ZwvJQfQhysHYLwcrxWgRxJOvcqo/OVwP7KxNVHuhZMI3Idl0A
daM63ENqQm39U146KGUlAr/+KNrQiMCXK2uAsWUeoiLOieHdLeMIfEI4a05+N5GS
f3gMF85HJPZUxyIOOqgHoHvcBB/PNcV4j3oF18+IOW4TQl8DftBqwVGiUhJtSJtH
kNfZu4CqaAhaqmvUyCKflCjinLPFTzSNHH/0vB39SFSnr/pE
-----END CERTIFICATE-----