Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/R7q_G8bgp8Mfgxbl-lFlkCsNSno.roa
File:                     R7q_G8bgp8Mfgxbl-lFlkCsNSno.roa (raw, json)
Hash identifier:          f8jYLFRpAQ7ztquhU8BEg8CeSyvNasr525FpowzIGEw=
Subject key identifier:   47:BA:BF:1B:C6:E0:A7:C3:1F:83:16:E5:FA:51:65:90:2B:0D:4A:7A
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB0511B2FBBEF10B93E8B80252336F
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/R7q_G8bgp8Mfgxbl-lFlkCsNSno.roa
Signing time:             Mon 01 Jan 2024 02:29:42 +0000
ROA not before:           Mon 01 Jan 2024 02:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208127
IP address blocks:        2a0f:5707:ac00::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:05:11:b2:fb:be:f1:0b:93:e8:b8:02:52:33:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47babf1bc6e0a7c31f8316e5fa5165902b0d4a7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6c:4f:3b:c7:fa:6a:6e:2a:78:75:1c:5d:3d:
                    c7:f7:22:3a:38:35:d3:e9:1f:08:b6:22:04:4e:6c:
                    a7:ef:c1:9b:6a:ce:91:8f:2c:da:07:34:60:66:76:
                    db:41:9c:c9:9a:2f:3c:eb:c8:68:1c:aa:09:ab:6d:
                    a2:a4:b1:09:b6:51:1b:e6:0d:fd:e6:38:96:5a:f9:
                    2e:82:b4:04:56:56:9f:f2:a1:12:be:7a:22:b0:da:
                    d4:a8:2f:a1:9c:a5:31:d2:e9:a1:66:3e:55:c9:13:
                    04:4c:51:48:57:5a:f1:3f:4b:ce:00:0f:f0:ac:d3:
                    c6:b8:48:e4:ba:64:22:1f:a6:44:c1:ca:ab:09:53:
                    fc:57:55:e6:9b:e7:f9:48:64:f2:44:af:12:1f:71:
                    9c:6e:f2:1d:2b:fe:5c:54:e2:b7:5b:09:8f:a4:e1:
                    50:e0:e8:c0:5e:bc:f1:6a:49:a4:1d:62:a0:88:ca:
                    e7:4c:a0:bd:9a:57:e3:b1:23:d4:6c:e4:48:34:ca:
                    82:ff:5b:6e:e6:33:c8:56:3b:20:75:42:d3:b9:90:
                    74:a2:25:37:f2:02:39:b1:f7:46:67:70:e0:e1:3f:
                    cf:29:d3:a2:44:6a:9e:1f:61:0a:f3:2c:82:51:05:
                    08:ed:d0:b2:f0:6a:4b:fd:98:93:b2:3e:07:c1:0e:
                    b4:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:BA:BF:1B:C6:E0:A7:C3:1F:83:16:E5:FA:51:65:90:2B:0D:4A:7A
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/R7q_G8bgp8Mfgxbl-lFlkCsNSno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:ac00::/44

    Signature Algorithm: sha256WithRSAEncryption
         b6:2d:c7:2c:82:08:a5:75:cc:55:4a:d5:1c:74:3d:03:ad:52:
         29:48:92:26:af:7b:77:3f:a8:61:dd:cb:a6:6d:b0:f0:dd:9f:
         75:30:bb:e3:d2:5f:25:20:93:b4:14:8d:90:90:83:b1:83:13:
         42:21:89:3b:db:46:51:c2:68:d1:7d:37:9f:65:36:47:b5:79:
         cc:13:52:7a:70:92:24:85:37:d4:42:27:6a:86:a3:70:71:c4:
         80:d1:08:45:19:8b:8d:86:29:6e:e3:3b:07:60:91:f4:0f:c1:
         3a:db:a3:15:9f:84:34:cc:3c:63:97:08:82:18:f7:19:87:ec:
         6b:30:5f:45:f1:4f:c1:17:4f:d1:af:a7:a9:07:b1:90:30:3b:
         1f:25:54:03:5e:7c:54:56:42:8e:8a:d9:72:ed:d2:cd:59:c4:
         20:ac:ea:6a:bf:e8:21:18:63:9a:8b:f4:9b:09:43:ca:fe:f3:
         ce:6e:8b:88:b2:75:79:c2:a1:01:ff:2c:c9:ea:d7:80:ef:0e:
         27:de:be:97:61:6b:19:a5:d1:60:c0:e2:cb:cc:7f:a3:97:cd:
         4b:3c:5c:f6:ef:4d:50:a6:98:c5:65:a3:57:48:33:f4:d2:7c:
         36:8f:5d:47:07:8c:e1:d9:b4:0d:cf:77:c2:30:52:0c:a3:52:
         83:b4:88:e6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wURsvu+8QuT6LgCUjNvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2JhYmYxYmM2ZTBhN2MzMWY4MzE2ZTVmYTUxNjU5MDJiMGQ0YTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWxPO8f6am4qeHUcXT3H9yI6ODXT
6R8ItiIETmyn78Gbas6RjyzaBzRgZnbbQZzJmi8868hoHKoJq22ipLEJtlEb5g39
5jiWWvkugrQEVlaf8qESvnoisNrUqC+hnKUx0umhZj5VyRMETFFIV1rxP0vOAA/w
rNPGuEjkumQiH6ZEwcqrCVP8V1Xmm+f5SGTyRK8SH3GcbvIdK/5cVOK3WwmPpOFQ
4OjAXrzxakmkHWKgiMrnTKC9mlfjsSPUbORINMqC/1tu5jPIVjsgdULTuZB0oiU3
8gI5sfdGZ3Dg4T/PKdOiRGqeH2EK8yyCUQUI7dCy8GpL/ZiTsj4HwQ60eQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEe6vxvG4KfDH4MW5fpRZZArDUp6MB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvUjdxX0c4YmdwOE1mZ3hibC1sRmxrQ3NOU25vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6wA
MA0GCSqGSIb3DQEBCwUAA4IBAQC2LccsggildcxVStUcdD0DrVIpSJImr3t3P6hh
3cumbbDw3Z91MLvj0l8lIJO0FI2QkIOxgxNCIYk720ZRwmjRfTefZTZHtXnME1J6
cJIkhTfUQidqhqNwccSA0QhFGYuNhilu4zsHYJH0D8E626MVn4Q0zDxjlwiCGPcZ
h+xrMF9F8U/BF0/Rr6epB7GQMDsfJVQDXnxUVkKOitly7dLNWcQgrOpqv+ghGGOa
i/SbCUPK/vPObouIsnV5wqEB/yzJ6teA7w4n3r6XYWsZpdFgwOLLzH+jl81LPFz2
701QppjFZaNXSDP00nw2j11HB4zh2bQNz3fCMFIMo1KDtIjm
-----END CERTIFICATE-----