Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/XH3gTwRRyfVFNyTqOOY3Pn1Soo4.roa
File:                     XH3gTwRRyfVFNyTqOOY3Pn1Soo4.roa (raw, json)
Hash identifier:          0DFR9fZPWn7s4wVKq2sl4VDe/1kG/0fqQ3Yy0F8vnsc=
Subject key identifier:   5C:7D:E0:4F:04:51:C9:F5:45:37:24:EA:38:E6:37:3E:7D:52:A2:8E
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       0194266BEE07F3B130B66BE8A8405CE754C7
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/XH3gTwRRyfVFNyTqOOY3Pn1Soo4.roa
Signing time:             Thu 02 Jan 2025 09:49:55 +0000
ROA not before:           Thu 02 Jan 2025 09:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210023
IP address blocks:        2a0f:5707:29::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:ee:07:f3:b1:30:b6:6b:e8:a8:40:5c:e7:54:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  2 09:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c7de04f0451c9f5453724ea38e6373e7d52a28e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:7d:79:23:d5:cc:e2:65:26:21:8b:49:79:66:
                    92:2f:cc:e1:78:59:5d:e2:2e:76:60:b7:48:f7:ca:
                    94:bb:27:e9:df:cc:65:44:a0:91:70:33:e4:36:e7:
                    0e:b1:c8:74:af:55:a8:40:66:9b:8e:61:3a:df:e8:
                    28:e8:92:9f:71:a2:fb:7a:d1:3f:29:31:d4:7e:54:
                    19:1f:84:89:54:ce:e2:3b:a4:28:55:f6:ad:f4:62:
                    fa:b9:01:72:8b:eb:1a:57:46:98:09:73:17:f8:7c:
                    d7:51:9c:e3:99:b0:90:43:67:85:40:fa:7f:76:f6:
                    9d:74:83:a5:7a:c2:0c:5a:7a:28:f0:d3:d6:42:be:
                    99:ab:70:04:75:c5:9f:9b:11:f7:e3:d8:02:e7:f6:
                    89:9e:ec:a9:11:1d:c9:8d:52:83:db:e3:ae:10:f4:
                    7c:89:a0:9f:f3:6c:92:e6:50:b1:7a:5a:9d:1f:3f:
                    c4:a5:87:65:69:de:72:8c:c4:59:88:8c:20:84:24:
                    97:b1:04:a4:c9:a4:63:b1:13:62:3f:46:e3:e4:f0:
                    b2:dc:bc:4d:6c:01:dc:20:90:9e:d9:5e:38:90:74:
                    c5:d9:36:b2:1a:54:58:19:56:20:c4:cf:27:53:2c:
                    f7:0b:70:68:c1:1c:09:d1:96:1a:37:75:d4:6b:5c:
                    e3:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:7D:E0:4F:04:51:C9:F5:45:37:24:EA:38:E6:37:3E:7D:52:A2:8E
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/XH3gTwRRyfVFNyTqOOY3Pn1Soo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:29::/48

    Signature Algorithm: sha256WithRSAEncryption
         ad:29:3d:99:47:85:83:87:16:1b:db:cb:ef:a4:8e:cd:a6:26:
         1c:56:46:50:ef:77:03:06:8d:1d:a0:34:42:dd:e0:32:a0:b9:
         1a:3a:9c:38:7f:88:5d:6d:f4:1d:ca:dd:78:f8:a1:ad:bd:a6:
         bd:27:2b:5c:af:12:e3:22:99:bb:ee:02:75:17:67:85:78:9f:
         9b:90:91:5d:bc:ae:a8:9a:3e:87:df:a6:db:55:9c:a5:76:6c:
         ee:8b:66:c5:ad:bc:a2:1e:b4:9d:7a:b1:e4:a0:ec:bf:8e:df:
         16:4c:3f:94:9b:1e:bc:a2:01:69:58:1f:aa:04:2b:30:41:19:
         2b:3b:58:ed:77:d3:e0:e0:c6:8a:cf:21:d2:bd:ea:33:eb:d7:
         19:cb:95:d0:29:45:58:8a:df:1f:81:0b:3e:56:17:83:3f:17:
         2c:cb:70:ea:41:6f:ed:5f:4d:4a:9c:48:b6:bb:a7:df:01:60:
         1f:bf:b6:4b:97:91:00:f7:23:9a:1c:ee:71:d4:45:69:e7:09:
         81:a4:31:5f:8f:fd:83:ff:c2:05:64:f7:16:98:1f:58:76:39:
         40:13:d8:c1:2f:25:c3:f5:29:44:71:ef:85:00:90:06:0b:c4:
         87:fa:e3:a3:0e:11:2a:88:39:4f:8d:db:01:c9:b1:71:73:48:
         ae:78:f8:36
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQma+4H87EwtmvoqEBc51THMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjUwMTAyMDk0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzdkZTA0ZjA0NTFjOWY1NDUzNzI0ZWEzOGU2MzczZTdkNTJhMjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4H15I9XM4mUmIYtJeWaSL8zheFld
4i52YLdI98qUuyfp38xlRKCRcDPkNucOsch0r1WoQGabjmE63+go6JKfcaL7etE/
KTHUflQZH4SJVM7iO6QoVfat9GL6uQFyi+saV0aYCXMX+HzXUZzjmbCQQ2eFQPp/
dvaddIOlesIMWnoo8NPWQr6Zq3AEdcWfmxH349gC5/aJnuypER3JjVKD2+OuEPR8
iaCf82yS5lCxelqdHz/EpYdlad5yjMRZiIwghCSXsQSkyaRjsRNiP0bj5PCy3LxN
bAHcIJCe2V44kHTF2TayGlRYGVYgxM8nUyz3C3BowRwJ0ZYaN3XUa1zjYwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFx94E8EUcn1RTck6jjmNz59UqKOMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvWEgzZ1R3UlJ5ZlZGTnlUcU9PWTNQbjFTb280LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9XBwAp
MA0GCSqGSIb3DQEBCwUAA4IBAQCtKT2ZR4WDhxYb28vvpI7NpiYcVkZQ73cDBo0d
oDRC3eAyoLkaOpw4f4hdbfQdyt14+KGtvaa9JytcrxLjIpm77gJ1F2eFeJ+bkJFd
vK6omj6H36bbVZyldmzui2bFrbyiHrSderHkoOy/jt8WTD+Umx68ogFpWB+qBCsw
QRkrO1jtd9Pg4MaKzyHSveoz69cZy5XQKUVYit8fgQs+VheDPxcsy3DqQW/tX01K
nEi2u6ffAWAfv7ZLl5EA9yOaHO5x1EVp5wmBpDFfj/2D/8IFZPcWmB9YdjlAE9jB
LyXD9SlEce+FAJAGC8SH+uOjDhEqiDlPjdsBybFxc0iuePg2
-----END CERTIFICATE-----