Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/M75cy1K7fw9oJcJaYC8ZunLzWlY.roa
File:                     M75cy1K7fw9oJcJaYC8ZunLzWlY.roa (raw, json)
Hash identifier:          xiVvommwlkcx0+NShl7Yoi0S4rOIGHYHHMpf+vT7eY8=
Subject key identifier:   33:BE:5C:CB:52:BB:7F:0F:68:25:C2:5A:60:2F:19:BA:72:F3:5A:56
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB0CF6026352AC455A1BD251B219B7
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/M75cy1K7fw9oJcJaYC8ZunLzWlY.roa
Signing time:             Mon 01 Jan 2024 02:29:44 +0000
ROA not before:           Mon 01 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212997
IP address blocks:        2a0f:5707:aab1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:0c:f6:02:63:52:ac:45:5a:1b:d2:51:b2:19:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=33be5ccb52bb7f0f6825c25a602f19ba72f35a56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:db:ac:82:42:cd:1d:d4:81:32:4b:b7:49:ff:
                    d9:c3:cb:77:01:15:4b:63:27:07:64:db:4d:c4:09:
                    5d:c1:63:ae:80:08:74:f3:4a:54:90:41:9d:f1:7d:
                    2b:15:67:79:62:93:de:38:68:16:39:de:94:a3:6d:
                    a6:06:26:92:de:df:7a:39:1b:8a:f9:a2:3d:2a:ed:
                    3b:0c:ac:84:b1:d7:dd:4e:49:2b:9f:9a:61:44:8c:
                    c3:72:0a:ce:56:56:d5:82:95:13:f9:dc:4c:b5:6d:
                    fe:bf:38:91:d8:30:30:bf:35:bb:20:d1:b0:bb:ee:
                    ea:11:76:cb:69:db:04:0c:23:74:db:5d:e3:d7:53:
                    6e:5d:a5:91:ee:cb:aa:e4:07:ad:c6:8c:24:50:59:
                    b3:da:46:45:ca:54:12:b2:66:67:d3:a7:f4:84:d2:
                    03:ad:91:26:40:9d:eb:5a:bb:c2:f8:88:e2:f5:30:
                    0a:c1:89:8e:0e:47:9c:de:86:e0:69:81:2c:4e:b1:
                    eb:83:73:39:02:9e:1c:f5:95:45:a2:6b:9f:9a:ae:
                    99:2f:9d:94:a0:ea:d6:88:98:4b:90:3d:28:e5:aa:
                    a4:82:67:f9:78:94:f5:8f:ab:f7:84:c1:1e:80:e0:
                    27:c2:5a:e9:1e:08:fd:3a:a1:7d:28:46:4d:86:8b:
                    74:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:BE:5C:CB:52:BB:7F:0F:68:25:C2:5A:60:2F:19:BA:72:F3:5A:56
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/M75cy1K7fw9oJcJaYC8ZunLzWlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:aab1::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:48:60:18:03:0b:7a:86:71:f7:e1:01:fe:6b:7f:04:05:24:
         dd:d9:af:76:be:9f:1b:bf:b1:4e:8e:97:eb:86:5b:40:6a:f3:
         43:6f:a1:cf:9e:67:8c:48:8b:32:4a:6b:2f:d2:eb:9d:fc:db:
         d4:28:3e:0b:d9:63:51:42:08:23:7f:56:24:16:0c:96:32:d4:
         6c:aa:e1:0c:5d:3a:4d:e7:b0:56:92:71:94:5d:13:69:38:50:
         26:cf:a5:ec:d5:6a:bd:3b:5e:b3:a8:e1:ca:1f:08:72:3a:15:
         91:cc:5c:c8:5f:a4:d1:e0:d7:12:bf:ca:b4:3a:3d:4d:22:54:
         fb:fe:18:76:ff:50:97:78:64:74:2f:9b:76:0c:50:18:9c:d2:
         0a:5f:20:21:7a:b6:63:f7:24:80:49:26:66:f4:b7:2c:0a:19:
         bc:0a:5d:73:a1:bd:a2:14:e5:cd:89:e0:dc:32:c3:0f:18:4e:
         19:9d:03:00:18:55:8d:47:c3:7a:1e:aa:ba:5c:85:45:2c:89:
         3b:15:c7:00:21:2b:f3:b1:30:2d:f2:46:9a:67:1d:e9:ca:c3:
         a0:8b:c0:8a:a7:b6:9c:0a:13:1f:ba:48:1c:a6:a2:78:6e:18:
         40:bd:db:c4:15:e3:fb:09:49:27:06:26:e1:60:ea:26:bf:b5:
         5b:e1:51:d9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wz2AmNSrEVaG9JRshm3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2JlNWNjYjUyYmI3ZjBmNjgyNWMyNWE2MDJmMTliYTcyZjM1YTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdusgkLNHdSBMku3Sf/Zw8t3ARVL
YycHZNtNxAldwWOugAh080pUkEGd8X0rFWd5YpPeOGgWOd6Uo22mBiaS3t96ORuK
+aI9Ku07DKyEsdfdTkkrn5phRIzDcgrOVlbVgpUT+dxMtW3+vziR2DAwvzW7INGw
u+7qEXbLadsEDCN0213j11NuXaWR7suq5AetxowkUFmz2kZFylQSsmZn06f0hNID
rZEmQJ3rWrvC+Iji9TAKwYmODkec3obgaYEsTrHrg3M5Ap4c9ZVFomufmq6ZL52U
oOrWiJhLkD0o5aqkgmf5eJT1j6v3hMEegOAnwlrpHgj9OqF9KEZNhot0IQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDO+XMtSu38PaCXCWmAvGbpy81pWMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvTTc1Y3kxSzdmdzlvSmNKYVlDOFp1bkx6V2xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9XB6qx
MA0GCSqGSIb3DQEBCwUAA4IBAQCKSGAYAwt6hnH34QH+a38EBSTd2a92vp8bv7FO
jpfrhltAavNDb6HPnmeMSIsySmsv0uud/NvUKD4L2WNRQggjf1YkFgyWMtRsquEM
XTpN57BWknGUXRNpOFAmz6Xs1Wq9O16zqOHKHwhyOhWRzFzIX6TR4NcSv8q0Oj1N
IlT7/hh2/1CXeGR0L5t2DFAYnNIKXyAherZj9ySASSZm9LcsChm8Cl1zob2iFOXN
ieDcMsMPGE4ZnQMAGFWNR8N6Hqq6XIVFLIk7FccAISvzsTAt8kaaZx3pysOgi8CK
p7acChMfukgcpqJ4bhhAvdvEFeP7CUknBibhYOomv7Vb4VHZ
-----END CERTIFICATE-----