Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/UO5ZJ0DuY8hOfL0OELwLX9SBkJI.roa
File:                     UO5ZJ0DuY8hOfL0OELwLX9SBkJI.roa (raw, json)
Hash identifier:          MHFxzGErocjfvx0FXCeVlg7NH8TpCoicR29TqzDal1s=
Subject key identifier:   50:EE:59:27:40:EE:63:C8:4E:7C:BD:0E:10:BC:0B:5F:D4:81:90:92
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB01D0B06D71864A102B3A481CF998
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/UO5ZJ0DuY8hOfL0OELwLX9SBkJI.roa
Signing time:             Mon 01 Jan 2024 02:29:41 +0000
ROA not before:           Mon 01 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206499
IP address blocks:        2a0f:5700::/32 maxlen: 48
                          2a0f:5701::/32 maxlen: 48
                          2a0f:5701::/33 maxlen: 33
                          2a0f:5701::/34 maxlen: 34
                          2a0f:5701:fe10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:01:d0:b0:6d:71:86:4a:10:2b:3a:48:1c:f9:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50ee592740ee63c84e7cbd0e10bc0b5fd4819092
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f0:a6:bb:c8:71:7d:35:4f:8d:5f:83:ea:63:
                    e2:f1:46:88:a7:b4:f0:e6:3c:7e:fa:04:eb:40:f7:
                    e0:f9:8a:0d:d4:75:48:b4:87:c5:a4:11:20:f4:74:
                    4b:4f:09:9e:bc:25:89:9d:0f:8c:25:59:a5:f1:e6:
                    a5:1f:69:97:9c:8d:2e:6a:5f:10:2f:f5:e7:0e:20:
                    58:d2:28:4b:ef:12:5d:44:81:49:76:7a:f0:b9:eb:
                    ce:9d:83:b5:c9:18:c5:a4:88:f0:e6:d9:4b:a1:66:
                    62:36:3d:5a:ad:83:20:88:fe:0e:bd:ad:04:b0:bb:
                    ac:1d:02:a6:43:9e:90:91:56:63:59:bb:2e:26:4c:
                    e0:18:ae:13:c0:4d:7d:65:07:da:1c:f1:22:6b:b9:
                    b7:93:52:7d:bc:96:bf:42:92:d4:56:73:e2:fb:87:
                    1e:be:80:31:6f:f2:6b:e5:52:92:d0:4f:22:20:2d:
                    01:94:b2:09:54:78:88:3b:a3:44:18:f0:a9:4d:78:
                    68:62:d3:99:36:4a:31:4b:8a:1f:ce:0d:84:94:00:
                    15:49:dd:10:9c:ea:c7:8b:0f:c3:02:69:01:17:fe:
                    a1:82:81:c8:0f:cc:90:a8:60:fe:0f:b7:15:d2:c4:
                    ae:e8:09:43:ab:33:42:0c:1d:08:05:70:1d:c0:14:
                    3f:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:EE:59:27:40:EE:63:C8:4E:7C:BD:0E:10:BC:0B:5F:D4:81:90:92
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/UO5ZJ0DuY8hOfL0OELwLX9SBkJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5700::/31

    Signature Algorithm: sha256WithRSAEncryption
         96:e3:a2:11:4c:53:df:f8:25:d5:fb:84:f4:64:e3:78:84:08:
         32:11:15:d2:37:0a:f1:e9:70:48:e5:02:7b:81:37:f0:ef:62:
         7a:70:1e:a2:3f:eb:4f:4a:50:76:02:fc:38:7d:ef:a9:7d:c4:
         a5:ee:28:92:5e:a4:63:c6:0d:42:19:8a:6d:24:42:19:31:e6:
         df:aa:55:f7:dd:23:92:08:59:c7:91:00:2b:4e:07:0d:48:3a:
         a9:8a:9a:eb:e5:42:ee:00:7d:08:06:fa:3b:ee:a6:27:64:3a:
         ff:05:84:7d:c4:ab:56:ea:69:53:d1:ba:6c:f7:a9:be:e0:a9:
         3e:55:31:44:58:5c:0a:ad:c3:67:dc:8c:5e:0d:d9:66:e5:58:
         0f:ec:95:a8:5c:f5:10:70:7f:1f:b2:62:c4:bb:2f:ac:b7:a4:
         f2:be:f4:64:05:55:72:0e:25:57:96:8f:7a:31:89:d7:a1:d1:
         79:0f:b9:1c:1b:72:fa:70:76:f4:a2:d4:40:2c:d8:9f:a8:1f:
         98:1e:9e:b4:f1:dc:b1:cd:a2:fe:f2:13:c7:f9:20:0b:b0:31:
         94:93:d9:f9:93:c4:13:2e:44:7e:df:97:0d:31:f7:bd:10:52:
         21:c7:c1:2b:cb:08:e8:2f:0b:08:7c:e2:56:cb:ce:4c:dc:7a:
         13:6f:3a:f3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzC2wHQsG1xhkoQKzpIHPmYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGVlNTkyNzQwZWU2M2M4NGU3Y2JkMGUxMGJjMGI1ZmQ0ODE5MDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/Cmu8hxfTVPjV+D6mPi8UaIp7Tw
5jx++gTrQPfg+YoN1HVItIfFpBEg9HRLTwmevCWJnQ+MJVml8ealH2mXnI0ual8Q
L/XnDiBY0ihL7xJdRIFJdnrwuevOnYO1yRjFpIjw5tlLoWZiNj1arYMgiP4Ova0E
sLusHQKmQ56QkVZjWbsuJkzgGK4TwE19ZQfaHPEia7m3k1J9vJa/QpLUVnPi+4ce
voAxb/Jr5VKS0E8iIC0BlLIJVHiIO6NEGPCpTXhoYtOZNkoxS4ofzg2ElAAVSd0Q
nOrHiw/DAmkBF/6hgoHID8yQqGD+D7cV0sSu6AlDqzNCDB0IBXAdwBQ/kwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFDuWSdA7mPITny9DhC8C1/UgZCSMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvVU81WkowRHVZOGhPZkwwT0VMd0xYOVNCa0pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKg9XADAN
BgkqhkiG9w0BAQsFAAOCAQEAluOiEUxT3/gl1fuE9GTjeIQIMhEV0jcK8elwSOUC
e4E38O9ienAeoj/rT0pQdgL8OH3vqX3Epe4okl6kY8YNQhmKbSRCGTHm36pV990j
kghZx5EAK04HDUg6qYqa6+VC7gB9CAb6O+6mJ2Q6/wWEfcSrVuppU9G6bPepvuCp
PlUxRFhcCq3DZ9yMXg3ZZuVYD+yVqFz1EHB/H7JixLsvrLek8r70ZAVVcg4lV5aP
ejGJ16HReQ+5HBty+nB29KLUQCzYn6gfmB6etPHcsc2i/vITx/kgC7AxlJPZ+ZPE
Ey5Eft+XDTH3vRBSIcfBK8sI6C8LCHziVsvOTNx6E2868w==
-----END CERTIFICATE-----