Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/NPHb7rML6qdMnMdwXfKhY6Di31I.roa
File:                     NPHb7rML6qdMnMdwXfKhY6Di31I.roa (raw, json)
Hash identifier:          eC8YbL4RKEbqa78fGtQFTg5Gs3gCwOAdrz5YCB7Eul8=
Subject key identifier:   34:F1:DB:EE:B3:0B:EA:A7:4C:9C:C7:70:5D:F2:A1:63:A0:E2:DF:52
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB0BE4762511A1684F90A849D4690B
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/NPHb7rML6qdMnMdwXfKhY6Di31I.roa
Signing time:             Mon 01 Jan 2024 02:29:44 +0000
ROA not before:           Mon 01 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212049
IP address blocks:        2a0f:5707:aaff::/48 maxlen: 48
                          2a0f:5707:aaf0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:0b:e4:76:25:11:a1:68:4f:90:a8:49:d4:69:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=34f1dbeeb30beaa74c9cc7705df2a163a0e2df52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:75:1a:35:9d:57:d9:aa:5b:37:e0:51:31:c0:
                    84:9d:b0:b8:5c:1a:1d:41:68:27:29:bf:20:f9:22:
                    75:a1:49:f4:a4:7b:ff:23:ba:77:5c:10:4a:77:b3:
                    7f:34:da:c1:0f:5e:00:97:2b:93:86:a7:cb:ab:52:
                    95:f1:1b:89:91:ef:20:c7:cb:90:12:bb:10:b3:19:
                    30:34:da:73:96:7d:f1:59:4f:de:2d:42:5c:f9:71:
                    57:36:05:05:37:05:50:64:61:e5:3a:11:b4:5b:b1:
                    4e:19:1b:f8:f6:cc:ca:97:2d:12:8c:3c:ad:33:ea:
                    55:5a:e1:b6:a2:d0:79:71:3a:c2:c3:60:4d:d8:f5:
                    4a:ab:a9:e0:72:95:ea:d9:1f:7b:b1:d7:c0:e2:39:
                    2d:4b:c1:17:e9:cc:20:61:9e:08:ea:12:74:49:2d:
                    01:aa:65:be:b7:db:f2:5d:0b:4e:76:ed:f9:0d:6a:
                    85:da:36:81:51:22:30:e9:c7:79:f1:e8:15:44:83:
                    d1:23:82:32:c5:03:a8:d3:15:4e:db:73:c1:b5:f1:
                    f1:f8:7a:fc:69:87:d9:b3:d6:b8:46:4a:e0:9d:67:
                    e1:ff:f6:df:ff:e9:79:c4:e3:0d:ff:2c:2c:41:fc:
                    e5:f8:b9:d6:04:d7:22:3c:e7:21:c0:53:67:44:2c:
                    b2:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:F1:DB:EE:B3:0B:EA:A7:4C:9C:C7:70:5D:F2:A1:63:A0:E2:DF:52
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/NPHb7rML6qdMnMdwXfKhY6Di31I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:aaf0::/44

    Signature Algorithm: sha256WithRSAEncryption
         46:57:ce:f0:99:26:c7:b9:81:1d:d5:1a:ba:ee:7a:0a:9d:1f:
         89:08:98:88:03:5b:51:6e:be:f4:94:e7:1e:1a:bc:39:18:2f:
         d2:34:20:43:c0:f8:91:1b:d2:2f:ae:8e:ce:fe:dc:97:39:08:
         2a:a3:10:8f:f1:6d:8e:cf:0c:d8:a0:4c:37:ee:6a:a7:56:52:
         9f:8c:42:a7:50:aa:1f:86:af:86:fb:27:8f:97:1e:44:bb:53:
         c7:27:83:96:2d:d1:2f:1a:4c:2a:10:60:6b:c4:99:e8:73:e3:
         76:6b:be:a5:55:f3:9f:d1:14:2f:5e:4a:86:8b:59:9f:32:be:
         b7:50:b9:a8:ca:2a:b9:0f:55:60:ff:ab:c6:bc:c0:78:08:b7:
         09:3b:ca:0b:55:5e:fb:c2:cb:74:51:26:3e:17:ef:66:92:ff:
         e0:b8:2e:33:64:cb:b1:6b:2d:45:c6:31:b3:48:23:c3:4d:2a:
         9b:d7:bb:e1:25:00:13:d1:2b:fb:cc:b9:67:9d:eb:ca:91:57:
         d5:79:bf:eb:5d:03:bc:38:05:9a:02:6a:2f:40:9f:7f:dc:19:
         f7:5f:24:61:86:0c:e1:a5:43:e9:d5:33:09:80:1b:53:b9:eb:
         ca:a8:3e:19:47:cb:d2:8b:18:55:f6:aa:6d:ff:bc:e0:72:ab:
         91:74:f7:a2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wvkdiURoWhPkKhJ1GkLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGYxZGJlZWIzMGJlYWE3NGM5Y2M3NzA1ZGYyYTE2M2EwZTJkZjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonUaNZ1X2apbN+BRMcCEnbC4XBod
QWgnKb8g+SJ1oUn0pHv/I7p3XBBKd7N/NNrBD14AlyuThqfLq1KV8RuJke8gx8uQ
ErsQsxkwNNpzln3xWU/eLUJc+XFXNgUFNwVQZGHlOhG0W7FOGRv49szKly0SjDyt
M+pVWuG2otB5cTrCw2BN2PVKq6ngcpXq2R97sdfA4jktS8EX6cwgYZ4I6hJ0SS0B
qmW+t9vyXQtOdu35DWqF2jaBUSIw6cd58egVRIPRI4IyxQOo0xVO23PBtfHx+Hr8
aYfZs9a4RkrgnWfh//bf/+l5xOMN/ywsQfzl+LnWBNciPOchwFNnRCyyiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDTx2+6zC+qnTJzHcF3yoWOg4t9SMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvTlBIYjdyTUw2cWRNbk1kd1hmS2hZNkRpMzFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6rw
MA0GCSqGSIb3DQEBCwUAA4IBAQBGV87wmSbHuYEd1Rq67noKnR+JCJiIA1tRbr70
lOceGrw5GC/SNCBDwPiRG9Ivro7O/tyXOQgqoxCP8W2OzwzYoEw37mqnVlKfjEKn
UKofhq+G+yePlx5Eu1PHJ4OWLdEvGkwqEGBrxJnoc+N2a76lVfOf0RQvXkqGi1mf
Mr63ULmoyiq5D1Vg/6vGvMB4CLcJO8oLVV77wst0USY+F+9mkv/guC4zZMuxay1F
xjGzSCPDTSqb17vhJQAT0Sv7zLlnnevKkVfVeb/rXQO8OAWaAmovQJ9/3Bn3XyRh
hgzhpUPp1TMJgBtTuevKqD4ZR8vSixhV9qpt/7zgcquRdPei
-----END CERTIFICATE-----