Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/K8_HMbn070bGDLhvTkafoNw1SW8.roa
File:                     K8_HMbn070bGDLhvTkafoNw1SW8.roa (raw, json)
Hash identifier:          a17mB6/Ri00jdtLYZFuaFIOYf/Km/XK4ejZM0byYNvQ=
Subject key identifier:   2B:CF:C7:31:B9:F4:EF:46:C6:0C:B8:6F:4E:46:9F:A0:DC:35:49:6F
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB05AB97DAC567A59C9B9AD89DDE39
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/K8_HMbn070bGDLhvTkafoNw1SW8.roa
Signing time:             Mon 01 Jan 2024 02:29:42 +0000
ROA not before:           Mon 01 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208148
IP address blocks:        2a0f:5707:ab00::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:05:ab:97:da:c5:67:a5:9c:9b:9a:d8:9d:de:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2bcfc731b9f4ef46c60cb86f4e469fa0dc35496f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:09:a4:68:89:32:45:ef:06:94:92:55:46:20:
                    c9:93:46:b2:95:4d:18:01:43:a5:64:af:db:5b:ef:
                    0e:18:82:46:31:84:f0:1d:d9:5f:14:1c:04:f4:bd:
                    31:ff:ac:a0:df:6d:9c:6a:aa:82:7c:d0:94:c0:50:
                    5f:27:64:1f:15:7b:49:e4:86:6b:6c:aa:24:ea:93:
                    ef:c6:fd:f5:93:34:1d:5f:c5:68:a0:ff:e3:11:88:
                    ce:c4:a3:fe:bd:02:77:22:f1:17:04:d4:65:72:32:
                    e3:9f:21:d2:11:60:1c:7b:76:c6:e0:3a:d5:bc:84:
                    5a:ff:41:3f:d7:6f:2a:84:eb:ae:50:9f:06:f7:bd:
                    46:de:80:03:64:73:99:ab:ad:be:5f:57:cf:6f:86:
                    5b:5f:fa:48:79:db:21:f4:84:17:38:68:2b:50:01:
                    11:be:2d:4a:4a:af:71:2b:ed:59:db:0f:23:a6:33:
                    bc:08:e8:a3:05:14:d3:fa:01:a9:d0:a6:49:0a:b2:
                    8b:da:9a:58:2c:e2:c8:f7:8e:3c:0c:3d:57:ff:a6:
                    0e:d1:ee:fe:c9:19:0e:bf:7c:64:a4:7d:33:bb:6a:
                    fa:c3:24:3e:87:d9:09:c7:d0:73:41:cd:f0:7b:01:
                    fe:3a:1c:c4:5c:c2:3f:92:cb:3a:23:ca:a8:b6:0c:
                    a2:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:CF:C7:31:B9:F4:EF:46:C6:0C:B8:6F:4E:46:9F:A0:DC:35:49:6F
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/K8_HMbn070bGDLhvTkafoNw1SW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:ab00::/44

    Signature Algorithm: sha256WithRSAEncryption
         2b:47:18:b8:38:8a:83:0a:dc:2e:5e:92:ff:b6:72:86:f7:2c:
         51:29:4d:76:7d:3b:1b:46:95:0c:c5:6b:e2:49:8e:dc:98:cf:
         95:30:c1:6d:bc:85:21:a4:56:8c:3f:ae:91:fc:cc:bc:2a:cc:
         02:0f:60:11:5c:5c:58:9f:2b:09:95:d7:6e:c7:5b:c9:e2:c1:
         26:f9:3f:ab:b1:e8:dc:d6:97:58:2f:48:3b:c6:ba:f4:bc:4a:
         c4:98:b4:3e:d7:b6:e4:a6:72:f0:8a:14:e3:d3:f1:c3:dd:2e:
         de:0e:48:2e:ad:a3:f0:bc:0a:ab:71:20:1a:06:12:c1:d3:28:
         01:d0:2b:6d:d7:cf:17:53:39:01:5c:2b:ad:a0:d5:ef:8e:45:
         1f:d8:14:b3:0a:a3:e5:e4:27:d6:50:e7:bd:d1:ea:c6:ef:c1:
         9c:01:53:d3:f5:12:7f:07:1d:1f:e6:13:a4:cb:2c:0e:a8:6e:
         c6:0a:8a:13:a2:0d:59:eb:c8:fb:a5:55:41:73:ee:f3:f4:4b:
         1e:ef:a0:ba:b6:15:47:96:3c:e9:77:16:6d:91:49:1c:52:76:
         d0:bf:24:3f:95:ee:42:b2:69:27:d2:d7:82:18:9f:68:f6:34:
         05:d8:13:df:0e:82:55:af:e6:ee:f7:56:66:63:e6:a2:12:82:
         9b:06:9d:ee
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wWrl9rFZ6Wcm5rYnd45MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmNmYzczMWI5ZjRlZjQ2YzYwY2I4NmY0ZTQ2OWZhMGRjMzU0OTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvAmkaIkyRe8GlJJVRiDJk0aylU0Y
AUOlZK/bW+8OGIJGMYTwHdlfFBwE9L0x/6yg322caqqCfNCUwFBfJ2QfFXtJ5IZr
bKok6pPvxv31kzQdX8VooP/jEYjOxKP+vQJ3IvEXBNRlcjLjnyHSEWAce3bG4DrV
vIRa/0E/128qhOuuUJ8G971G3oADZHOZq62+X1fPb4ZbX/pIedsh9IQXOGgrUAER
vi1KSq9xK+1Z2w8jpjO8COijBRTT+gGp0KZJCrKL2ppYLOLI9448DD1X/6YO0e7+
yRkOv3xkpH0zu2r6wyQ+h9kJx9BzQc3wewH+OhzEXMI/kss6I8qotgyiJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCvPxzG59O9Gxgy4b05Gn6DcNUlvMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvSzhfSE1ibjA3MGJHRExodlRrYWZvTncxU1c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6sA
MA0GCSqGSIb3DQEBCwUAA4IBAQArRxi4OIqDCtwuXpL/tnKG9yxRKU12fTsbRpUM
xWviSY7cmM+VMMFtvIUhpFaMP66R/My8KswCD2ARXFxYnysJlddux1vJ4sEm+T+r
sejc1pdYL0g7xrr0vErEmLQ+17bkpnLwihTj0/HD3S7eDkguraPwvAqrcSAaBhLB
0ygB0Ctt188XUzkBXCutoNXvjkUf2BSzCqPl5CfWUOe90erG78GcAVPT9RJ/Bx0f
5hOkyywOqG7GCooTog1Z68j7pVVBc+7z9Ese76C6thVHljzpdxZtkUkcUnbQvyQ/
le5Csmkn0teCGJ9o9jQF2BPfDoJVr+bu91ZmY+aiEoKbBp3u
-----END CERTIFICATE-----