Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/UwgAnojGObN01uiFTl__5gcLi2w.roa
File:                     UwgAnojGObN01uiFTl__5gcLi2w.roa (raw, json)
Hash identifier:          PiEGKay6YBC0ltFL5iJnq2U4PUWy5IwJtOj+OS6NCm0=
Subject key identifier:   53:08:00:9E:88:C6:39:B3:74:D6:E8:85:4E:5F:FF:E6:07:0B:8B:6C
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB0CA9562B20DF10A95BBA8570A441
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/UwgAnojGObN01uiFTl__5gcLi2w.roa
Signing time:             Mon 01 Jan 2024 02:29:44 +0000
ROA not before:           Mon 01 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212895
IP address blocks:        2a0f:5707:abf0::/44 maxlen: 48
                          2a0f:5707:b000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:0c:a9:56:2b:20:df:10:a9:5b:ba:85:70:a4:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5308009e88c639b374d6e8854e5fffe6070b8b6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:5a:27:25:78:c3:09:78:db:ec:96:11:f4:71:
                    e0:a4:7a:83:06:49:7f:b8:dd:fc:a8:f4:d9:3e:f5:
                    01:46:1a:07:9d:44:f9:fe:18:5a:4b:0b:dc:ca:b4:
                    34:a1:cd:53:91:22:71:82:06:12:aa:1c:b3:ab:e9:
                    eb:3d:fd:9f:4b:78:37:59:37:56:35:b7:59:14:8e:
                    46:48:48:20:e9:75:b8:d4:2c:6c:30:9c:13:f7:d2:
                    fa:22:83:f3:34:46:bc:3c:55:57:f6:3f:75:27:66:
                    72:d6:79:fe:0f:c1:4d:b9:c9:4b:36:6a:03:2d:2b:
                    08:01:63:c6:75:42:85:82:05:15:96:ef:c5:ec:48:
                    4b:8d:84:e7:91:c2:9d:64:b7:5b:d5:8f:e9:ee:7e:
                    73:af:90:32:63:19:97:55:00:6b:4b:f5:b4:56:ec:
                    fd:17:84:d1:a9:69:9e:7a:10:6c:fb:33:be:f2:29:
                    5c:6a:b8:99:d1:61:33:70:4f:e1:4c:18:37:91:bf:
                    f7:85:7d:b0:ee:46:11:7b:b8:69:1f:b7:d5:f7:90:
                    b7:25:66:ca:9b:31:16:f8:80:67:2d:22:fd:13:cb:
                    66:98:d0:fe:70:db:ff:02:7e:3e:5c:62:45:9c:6c:
                    0e:86:3d:03:ce:ca:3a:f5:4d:bd:c7:a6:a6:fd:2d:
                    84:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:08:00:9E:88:C6:39:B3:74:D6:E8:85:4E:5F:FF:E6:07:0B:8B:6C
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/UwgAnojGObN01uiFTl__5gcLi2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:abf0::/44
                  2a0f:5707:b000::/40

    Signature Algorithm: sha256WithRSAEncryption
         21:90:12:69:87:6d:c2:d8:7b:e2:9f:e0:18:e1:3c:e6:dd:6d:
         40:c5:be:9e:dd:21:81:1b:ea:d9:c0:52:2d:bd:ce:2c:ba:36:
         72:65:87:f8:cb:c2:af:51:e7:32:fe:ef:4f:c0:99:60:d0:2b:
         9c:f9:47:bd:b3:53:8a:e1:22:82:c2:19:83:ea:29:84:ff:c7:
         24:5d:ef:3e:c1:2d:e8:a8:64:17:af:64:26:c5:83:10:a3:33:
         a2:ba:bb:a9:1b:de:d0:f6:96:40:2c:23:29:a6:3a:3a:4c:29:
         bf:c6:85:01:2c:93:51:a8:64:d5:66:24:86:94:c0:b9:bc:9c:
         6f:92:d5:ad:44:9b:ac:2f:a0:31:ab:f7:d2:29:35:79:76:c5:
         a6:2b:98:1c:55:2e:92:83:e1:9c:14:38:d3:d4:71:8d:ca:1f:
         41:2d:57:0e:be:d2:55:2d:5d:9a:08:ed:ae:2d:1d:a0:09:77:
         e4:0d:59:27:a4:50:ab:cd:a8:52:07:78:66:da:84:08:6e:21:
         2e:43:03:1e:0b:63:c6:21:03:e7:02:5f:46:65:a4:04:c9:24:
         88:66:78:ff:77:6f:ea:ab:88:55:5d:00:c4:8b:9a:11:14:69:
         08:c7:86:bf:bf:e5:37:0a:a3:bb:e2:99:0f:eb:a7:57:67:e6:
         32:cd:0c:25
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAYzC2wypVisg3xCpW7qFcKRBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzA4MDA5ZTg4YzYzOWIzNzRkNmU4ODU0ZTVmZmZlNjA3MGI4YjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1onJXjDCXjb7JYR9HHgpHqDBkl/
uN38qPTZPvUBRhoHnUT5/hhaSwvcyrQ0oc1TkSJxggYSqhyzq+nrPf2fS3g3WTdW
NbdZFI5GSEgg6XW41CxsMJwT99L6IoPzNEa8PFVX9j91J2Zy1nn+D8FNuclLNmoD
LSsIAWPGdUKFggUVlu/F7EhLjYTnkcKdZLdb1Y/p7n5zr5AyYxmXVQBrS/W0Vuz9
F4TRqWmeehBs+zO+8ilcariZ0WEzcE/hTBg3kb/3hX2w7kYRe7hpH7fV95C3JWbK
mzEW+IBnLSL9E8tmmND+cNv/An4+XGJFnGwOhj0Dzso69U29x6am/S2EiwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFFMIAJ6IxjmzdNbohU5f/+YHC4tsMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvVXdnQW5vakdPYk4wMXVpRlRsX181Z2NMaTJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcEKg9XB6vw
AwYAKg9XB7AwDQYJKoZIhvcNAQELBQADggEBACGQEmmHbcLYe+Kf4BjhPObdbUDF
vp7dIYEb6tnAUi29ziy6NnJlh/jLwq9R5zL+70/AmWDQK5z5R72zU4rhIoLCGYPq
KYT/xyRd7z7BLeioZBevZCbFgxCjM6K6u6kb3tD2lkAsIymmOjpMKb/GhQEsk1Go
ZNVmJIaUwLm8nG+S1a1Em6wvoDGr99IpNXl2xaYrmBxVLpKD4ZwUONPUcY3KH0Et
Vw6+0lUtXZoI7a4tHaAJd+QNWSekUKvNqFIHeGbahAhuIS5DAx4LY8YhA+cCX0Zl
pATJJIhmeP93b+qriFVdAMSLmhEUaQjHhr+/5TcKo7vimQ/rp1dn5jLNDCU=
-----END CERTIFICATE-----