Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SuDLwzX9jZdn_0jBzBg1kEc9MtA.roa
File:                     SuDLwzX9jZdn_0jBzBg1kEc9MtA.roa (raw, json)
Hash identifier:          HznR/SVTVAf9g6UZdH3N+7YQAzQqANyQgIweSXaMS1M=
Subject key identifier:   4A:E0:CB:C3:35:FD:8D:97:67:FF:48:C1:CC:18:35:90:47:3D:32:D0
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DAF95DCFDA96F543B6D5F49F10AB10
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SuDLwzX9jZdn_0jBzBg1kEc9MtA.roa
Signing time:             Mon 01 Jan 2024 02:29:39 +0000
ROA not before:           Mon 01 Jan 2024 02:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34924
IP address blocks:        2a0f:5707:aa00::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f9:5d:cf:da:96:f5:43:b6:d5:f4:9f:10:ab:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ae0cbc335fd8d9767ff48c1cc183590473d32d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e8:d1:e4:16:30:f0:6a:46:e4:21:a8:bf:43:
                    82:f2:72:66:ed:02:07:88:59:8b:ed:39:96:01:e0:
                    f9:b5:0d:2f:2a:b5:00:9a:d7:58:85:1d:30:d6:e5:
                    d3:ff:c6:86:c1:fd:21:29:93:00:37:49:e4:87:e5:
                    a4:ff:51:04:a4:53:73:f2:a1:69:d2:5b:73:57:b6:
                    94:d9:36:7d:87:82:29:aa:6f:f8:59:4d:75:21:7a:
                    81:0e:c5:73:e5:7d:5f:e4:10:30:98:6c:b1:f5:a9:
                    c9:c2:e2:d5:b0:3e:4c:16:8d:f7:ce:74:e6:f8:41:
                    10:99:06:b6:53:39:88:8d:0a:1e:20:73:b7:7f:0d:
                    11:97:79:46:4e:6f:0a:b2:44:a5:ca:92:1f:08:3f:
                    df:ee:aa:2f:2a:7c:66:94:19:b2:1e:c8:9b:2f:17:
                    bf:51:67:7c:62:e4:0f:4b:a4:0a:07:cf:10:2d:e0:
                    66:f4:17:93:f2:21:df:c6:bc:c7:ab:1a:b5:dc:11:
                    cf:7f:21:1a:e0:9f:ea:76:10:2b:41:14:98:4f:87:
                    e6:9c:e0:36:83:66:fc:fc:0e:3f:48:65:f1:cc:41:
                    17:ad:6f:5d:3e:6d:00:19:4c:73:03:42:ce:7f:75:
                    ca:ce:fc:e8:9b:13:7a:70:f0:07:b2:d7:28:5b:43:
                    50:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:E0:CB:C3:35:FD:8D:97:67:FF:48:C1:CC:18:35:90:47:3D:32:D0
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SuDLwzX9jZdn_0jBzBg1kEc9MtA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:aa00::/44

    Signature Algorithm: sha256WithRSAEncryption
         9a:ea:d9:14:a5:ea:53:30:bd:b3:1d:f4:47:56:f1:e2:ff:c9:
         fc:88:56:e6:ec:d7:ae:6c:fa:47:74:06:e8:3e:56:2b:0f:12:
         e8:ab:3d:b9:aa:c4:fa:bb:2f:fa:85:82:4f:a6:74:7e:64:0e:
         16:c7:3e:5e:3f:76:79:a3:1b:b0:cb:ae:25:11:86:4f:25:8a:
         ec:c7:45:d1:bd:e7:0d:01:9e:7c:43:a7:df:ab:b3:15:e9:28:
         26:d0:33:d9:a9:83:7f:0d:99:d7:c8:20:62:67:2f:cd:2c:d9:
         1b:cf:65:97:69:55:a3:1b:c3:5d:f3:38:d1:93:19:46:5f:c8:
         cf:96:13:c5:29:f7:9e:ca:73:68:10:25:d5:d8:0e:8d:73:a3:
         88:98:c2:2f:17:e7:89:54:05:17:9c:bb:44:49:6f:7b:b5:24:
         18:2a:b6:b0:ce:cb:36:9e:1b:a4:31:70:f5:ff:4d:78:b5:05:
         76:f1:ac:31:26:50:15:0e:27:c2:b1:f2:eb:e1:3a:68:b2:24:
         81:6d:8b:2e:21:fd:63:ab:eb:db:50:3e:be:e1:3f:d3:23:c8:
         fb:57:50:57:70:65:9c:0d:a9:fb:34:07:9b:c6:f4:f6:4c:8c:
         03:f1:76:0d:84:4f:c7:b4:4d:4c:60:c2:1b:d7:1a:9f:0e:d1:
         41:a6:b9:89
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2vldz9qW9UO21fSfEKsQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWUwY2JjMzM1ZmQ4ZDk3NjdmZjQ4YzFjYzE4MzU5MDQ3M2QzMmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+jR5BYw8GpG5CGov0OC8nJm7QIH
iFmL7TmWAeD5tQ0vKrUAmtdYhR0w1uXT/8aGwf0hKZMAN0nkh+Wk/1EEpFNz8qFp
0ltzV7aU2TZ9h4Ipqm/4WU11IXqBDsVz5X1f5BAwmGyx9anJwuLVsD5MFo33znTm
+EEQmQa2UzmIjQoeIHO3fw0Rl3lGTm8KskSlypIfCD/f7qovKnxmlBmyHsibLxe/
UWd8YuQPS6QKB88QLeBm9BeT8iHfxrzHqxq13BHPfyEa4J/qdhArQRSYT4fmnOA2
g2b8/A4/SGXxzEEXrW9dPm0AGUxzA0LOf3XKzvzomxN6cPAHstcoW0NQiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFErgy8M1/Y2XZ/9IwcwYNZBHPTLQMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvU3VETHd6WDlqWmRuXzBqQnpCZzFrRWM5TXRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6oA
MA0GCSqGSIb3DQEBCwUAA4IBAQCa6tkUpepTML2zHfRHVvHi/8n8iFbm7NeubPpH
dAboPlYrDxLoqz25qsT6uy/6hYJPpnR+ZA4Wxz5eP3Z5oxuwy64lEYZPJYrsx0XR
vecNAZ58Q6ffq7MV6Sgm0DPZqYN/DZnXyCBiZy/NLNkbz2WXaVWjG8Nd8zjRkxlG
X8jPlhPFKfeeynNoECXV2A6Nc6OImMIvF+eJVAUXnLtESW97tSQYKrawzss2nhuk
MXD1/014tQV28awxJlAVDifCsfLr4TposiSBbYsuIf1jq+vbUD6+4T/TI8j7V1BX
cGWcDan7NAebxvT2TIwD8XYNhE/HtE1MYMIb1xqfDtFBprmJ
-----END CERTIFICATE-----