Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/OD2SrbApnPXNW5_1_wt6WZMHbao.roa
File:                     OD2SrbApnPXNW5_1_wt6WZMHbao.roa (raw, json)
Hash identifier:          eUG3hwieoNKX7xfLpsVTlFunlPigQw15ZRWAg/74yPo=
Subject key identifier:   38:3D:92:AD:B0:29:9C:F5:CD:5B:9F:F5:FF:0B:7A:59:93:07:6D:AA
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DAFBFCA2576C5635CDF6752C327E3A
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/OD2SrbApnPXNW5_1_wt6WZMHbao.roa
Signing time:             Mon 01 Jan 2024 02:29:40 +0000
ROA not before:           Mon 01 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51087
IP address blocks:        2a0f:5707:fa00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fb:fc:a2:57:6c:56:35:cd:f6:75:2c:32:7e:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=383d92adb0299cf5cd5b9ff5ff0b7a5993076daa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:c2:2a:8f:f3:bc:80:a9:74:46:c3:2e:dc:e2:
                    58:57:31:a1:e4:4f:f3:d7:62:b4:f1:d8:dd:5d:0c:
                    6b:3d:32:a4:2c:53:db:14:c4:a5:19:9c:c6:e0:da:
                    5c:1d:b6:d9:b1:0a:02:e5:4b:c6:9f:7a:a6:96:3d:
                    60:45:36:3f:0b:46:86:70:cc:57:e7:5a:da:86:82:
                    7b:47:97:94:89:86:df:9e:70:6b:5f:9b:c2:14:66:
                    fc:35:11:06:3e:13:c4:8c:8b:f7:78:b5:6f:09:a4:
                    56:b1:2c:54:8d:50:71:a3:d0:77:97:80:a8:1e:83:
                    d8:ae:e7:1a:52:42:9c:18:7d:01:ec:e3:68:3e:6f:
                    1d:14:82:86:7a:6e:a8:c7:07:e2:94:ab:12:57:ac:
                    27:fc:7e:f6:30:62:aa:af:54:ac:b3:e4:e4:86:92:
                    e6:5b:75:ba:55:26:0f:43:f8:93:d2:5a:d9:62:f0:
                    00:3a:f7:40:66:ff:3b:49:0a:44:39:b4:21:e0:11:
                    0a:e5:25:98:65:8f:44:88:76:17:12:b3:d4:87:55:
                    35:6b:f5:14:a2:36:37:c9:17:0e:eb:79:12:7a:50:
                    7a:fe:e7:b8:e3:42:4c:c1:5f:9f:be:73:9c:3c:c5:
                    6c:36:cc:4f:7b:6e:0a:dc:0f:d3:ff:1f:e8:86:07:
                    7c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:3D:92:AD:B0:29:9C:F5:CD:5B:9F:F5:FF:0B:7A:59:93:07:6D:AA
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/OD2SrbApnPXNW5_1_wt6WZMHbao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:fa00::/40

    Signature Algorithm: sha256WithRSAEncryption
         c2:55:3a:47:62:59:41:d1:f8:3f:75:25:51:bf:e3:85:e1:c5:
         8a:2b:4d:61:f7:1f:b2:33:1f:9d:55:24:97:46:2d:c0:c8:33:
         c3:f4:73:02:95:a4:45:df:96:ff:59:26:d8:d3:85:b9:69:a1:
         90:a7:96:e4:2e:c1:0b:f4:70:2c:65:e8:15:e8:cb:07:a8:48:
         37:06:fd:b9:9d:3e:87:77:ed:39:58:a1:49:27:88:7c:21:6d:
         52:5b:c6:f1:21:0e:1b:cf:9e:a5:81:38:ee:75:de:62:1a:9a:
         43:7d:6f:4b:28:3c:97:38:b7:a1:04:bd:c1:2d:8b:7c:4b:f1:
         5a:5f:ec:8c:ed:81:32:f2:28:30:2b:2a:d8:8b:6b:4a:f4:ca:
         17:9f:48:2c:79:79:5c:88:18:8b:57:e5:17:5a:c2:23:c3:5f:
         69:59:e5:34:a4:47:17:a8:73:b4:26:ac:6f:b4:01:06:24:cf:
         b3:5b:6c:2f:1f:59:17:d3:5c:6c:8f:d1:e3:36:a8:82:2d:84:
         05:33:a2:c5:2d:05:f3:9f:d5:db:ab:23:94:0a:be:61:85:18:
         a7:58:6a:4d:ba:7e:1d:2d:3d:e8:94:77:1a:e0:2d:d1:95:6f:
         68:33:38:fd:8c:64:f0:b3:b6:f8:8c:b0:ba:50:e6:29:28:ed:
         7a:b9:85:ca
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzC2vv8oldsVjXN9nUsMn46MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODNkOTJhZGIwMjk5Y2Y1Y2Q1YjlmZjVmZjBiN2E1OTkzMDc2ZGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysIqj/O8gKl0RsMu3OJYVzGh5E/z
12K08djdXQxrPTKkLFPbFMSlGZzG4NpcHbbZsQoC5UvGn3qmlj1gRTY/C0aGcMxX
51rahoJ7R5eUiYbfnnBrX5vCFGb8NREGPhPEjIv3eLVvCaRWsSxUjVBxo9B3l4Co
HoPYrucaUkKcGH0B7ONoPm8dFIKGem6oxwfilKsSV6wn/H72MGKqr1Sss+TkhpLm
W3W6VSYPQ/iT0lrZYvAAOvdAZv87SQpEObQh4BEK5SWYZY9EiHYXErPUh1U1a/UU
ojY3yRcO63kSelB6/ue440JMwV+fvnOcPMVsNsxPe24K3A/T/x/ohgd8ewIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDg9kq2wKZz1zVuf9f8LelmTB22qMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvT0QyU3JiQXBuUFhOVzVfMV93dDZXWk1IYmFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg9XB/ow
DQYJKoZIhvcNAQELBQADggEBAMJVOkdiWUHR+D91JVG/44XhxYorTWH3H7IzH51V
JJdGLcDIM8P0cwKVpEXflv9ZJtjThblpoZCnluQuwQv0cCxl6BXoyweoSDcG/bmd
Pod37TlYoUkniHwhbVJbxvEhDhvPnqWBOO513mIamkN9b0soPJc4t6EEvcEti3xL
8Vpf7IztgTLyKDArKtiLa0r0yhefSCx5eVyIGItX5RdawiPDX2lZ5TSkRxeoc7Qm
rG+0AQYkz7NbbC8fWRfTXGyP0eM2qIIthAUzosUtBfOf1durI5QKvmGFGKdYak26
fh0tPeiUdxrgLdGVb2gzOP2MZPCztviMsLpQ5iko7Xq5hco=
-----END CERTIFICATE-----