Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/MjtJWGzm5_f2mFBP8I4N32iTc-4.roa
File:                     MjtJWGzm5_f2mFBP8I4N32iTc-4.roa (raw, json)
Hash identifier:          aJwLirgkbC/JPwSdOE8hrKkslYd0mnJVTACDtqwDsTU=
Subject key identifier:   32:3B:49:58:6C:E6:E7:F7:F6:98:50:4F:F0:8E:0D:DF:68:93:73:EE
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       0194266BF1AF8C67D2449FB10C77CCBF0A3B
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/MjtJWGzm5_f2mFBP8I4N32iTc-4.roa
Signing time:             Thu 02 Jan 2025 09:49:55 +0000
ROA not before:           Thu 02 Jan 2025 09:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211579
IP address blocks:        2a0f:5707:24::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:f1:af:8c:67:d2:44:9f:b1:0c:77:cc:bf:0a:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  2 09:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=323b49586ce6e7f7f698504ff08e0ddf689373ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:96:3a:de:d4:d6:7b:e3:56:5b:98:b7:57:e5:
                    40:10:b1:81:ae:82:6c:30:fa:b3:0f:41:c6:73:1e:
                    6d:90:df:07:51:ca:8e:bc:5b:94:39:40:6d:5a:93:
                    51:80:0b:c7:21:c9:79:83:c8:ba:05:d0:47:74:3b:
                    b0:a7:55:c6:95:18:99:66:9e:26:a9:48:90:5c:61:
                    2d:63:e8:6d:d3:b3:5d:89:d6:a3:b1:b4:00:0c:59:
                    71:d7:65:e1:9d:84:1a:65:05:f9:80:23:56:47:2f:
                    ad:b0:da:6d:50:09:4c:6c:95:c7:2c:26:8a:44:07:
                    43:9f:2e:2a:cb:a4:16:a5:9b:28:e2:56:5b:ab:99:
                    e8:1c:40:15:86:ab:76:c5:1f:2c:2d:ff:06:20:bd:
                    35:64:9a:3b:53:76:e9:ef:de:7c:1d:44:cc:b8:ec:
                    64:66:69:f2:96:90:85:37:5b:4c:1f:0f:e5:1d:b8:
                    b1:2e:09:f1:0b:13:a4:b2:fe:35:5e:e8:dd:bb:b9:
                    1e:59:86:81:e8:b4:e7:f7:47:73:37:7d:f0:8c:8f:
                    67:15:65:73:67:dc:06:81:73:7f:ee:f5:8d:69:0a:
                    b6:8d:99:4d:5f:20:ef:ce:0b:7b:ee:99:c2:96:db:
                    0f:f6:d8:a2:e0:ae:58:9c:0d:b5:05:ee:50:d3:3d:
                    82:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:3B:49:58:6C:E6:E7:F7:F6:98:50:4F:F0:8E:0D:DF:68:93:73:EE
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/MjtJWGzm5_f2mFBP8I4N32iTc-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:24::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:95:ef:e4:f3:21:ed:f8:f4:d3:aa:4b:30:9e:9f:87:bb:82:
         ae:3f:44:30:c2:81:fa:70:af:6e:ff:54:5a:d3:f1:fa:a4:c8:
         4b:48:ac:a5:f8:10:80:b9:28:1e:77:4d:f1:a6:28:f3:3d:a7:
         a2:42:91:28:16:4f:73:39:8b:0e:5c:09:9d:79:76:c6:20:29:
         ad:72:7d:21:b4:08:05:0b:ba:a7:2b:dd:05:88:80:4c:a1:a4:
         4a:21:36:cd:0f:e4:66:42:bb:81:d5:80:5d:6c:d2:bf:f9:90:
         51:83:01:32:7c:93:a4:b1:7e:27:be:83:d4:b2:2f:71:76:b0:
         76:b1:37:a0:df:f7:60:3a:58:aa:68:6b:41:9f:25:65:46:7f:
         19:88:ce:38:e6:f4:4e:00:92:84:a4:99:a9:98:2f:34:34:3e:
         16:af:8b:02:16:0c:b8:ff:7d:e5:3c:9c:3c:72:ca:c1:d4:6a:
         81:96:f6:d2:af:d2:a3:1a:85:a1:27:47:e1:89:c0:01:54:35:
         48:c0:e1:eb:cc:60:5f:dd:a9:31:e0:de:33:99:a8:8f:8d:d5:
         db:08:5b:9d:fb:82:7c:5c:24:d7:2a:76:07:ef:a9:57:cf:bd:
         c0:8b:5c:3d:8c:9b:1c:e9:21:41:42:86:89:79:25:27:64:02:
         7e:20:31:f0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQma/GvjGfSRJ+xDHfMvwo7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjUwMTAyMDk0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjNiNDk1ODZjZTZlN2Y3ZjY5ODUwNGZmMDhlMGRkZjY4OTM3M2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpY63tTWe+NWW5i3V+VAELGBroJs
MPqzD0HGcx5tkN8HUcqOvFuUOUBtWpNRgAvHIcl5g8i6BdBHdDuwp1XGlRiZZp4m
qUiQXGEtY+ht07NdidajsbQADFlx12XhnYQaZQX5gCNWRy+tsNptUAlMbJXHLCaK
RAdDny4qy6QWpZso4lZbq5noHEAVhqt2xR8sLf8GIL01ZJo7U3bp7958HUTMuOxk
ZmnylpCFN1tMHw/lHbixLgnxCxOksv41Xujdu7keWYaB6LTn90dzN33wjI9nFWVz
Z9wGgXN/7vWNaQq2jZlNXyDvzgt77pnCltsP9tii4K5YnA21Be5Q0z2CMQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDI7SVhs5uf39phQT/CODd9ok3PuMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvTWp0SldHem01X2YybUZCUDhJNE4zMmlUYy00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9XBwAk
MA0GCSqGSIb3DQEBCwUAA4IBAQAnle/k8yHt+PTTqkswnp+Hu4KuP0QwwoH6cK9u
/1Ra0/H6pMhLSKyl+BCAuSged03xpijzPaeiQpEoFk9zOYsOXAmdeXbGICmtcn0h
tAgFC7qnK90FiIBMoaRKITbND+RmQruB1YBdbNK/+ZBRgwEyfJOksX4nvoPUsi9x
drB2sTeg3/dgOliqaGtBnyVlRn8ZiM445vROAJKEpJmpmC80ND4Wr4sCFgy4/33l
PJw8csrB1GqBlvbSr9KjGoWhJ0fhicABVDVIwOHrzGBf3akx4N4zmaiPjdXbCFud
+4J8XCTXKnYH76lXz73Ai1w9jJsc6SFBQoaJeSUnZAJ+IDHw
-----END CERTIFICATE-----