Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/ZT3CihBmv2v8CKKtmLzB5QAFa6k.roa
File:                     ZT3CihBmv2v8CKKtmLzB5QAFa6k.roa (raw, json)
Hash identifier:          e6KXyussp0Qjn+OL3v7U3xdSLXPpN4mG1WzwaTlYyIE=
Subject key identifier:   65:3D:C2:8A:10:66:BF:6B:FC:08:A2:AD:98:BC:C1:E5:00:05:6B:A9
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB08689EA4D2DC8AF0935C0759944B
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/ZT3CihBmv2v8CKKtmLzB5QAFa6k.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210881
IP address blocks:        2a0f:5707:abd0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:08:68:9e:a4:d2:dc:8a:f0:93:5c:07:59:94:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=653dc28a1066bf6bfc08a2ad98bcc1e500056ba9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:38:b3:6e:d8:82:4f:98:8e:b0:28:b6:09:61:
                    8d:f3:66:45:21:4f:0e:3f:37:2f:c4:db:45:9e:cd:
                    5e:35:9c:5f:c0:ca:28:9d:ba:31:c8:2f:eb:af:85:
                    03:da:e1:e5:e4:94:8f:9a:7e:76:1d:10:62:ff:97:
                    f4:1b:ba:e4:a0:6e:18:b3:44:ec:53:e8:b6:83:92:
                    45:c6:87:ee:44:f7:a0:3c:82:cf:b9:87:6b:33:35:
                    fd:43:6d:15:b8:52:a9:35:d8:37:20:ee:ec:69:a3:
                    3a:43:ed:a9:4c:4c:21:18:6a:39:ff:aa:05:1f:fd:
                    61:fc:da:7e:28:9e:3e:a3:c7:a3:8b:09:05:d9:8c:
                    78:02:5b:cf:ab:ca:37:00:90:75:bb:db:c4:19:99:
                    05:cb:89:c4:50:86:91:80:71:ea:ce:a9:1a:34:e7:
                    68:2b:7c:95:ec:8f:d9:f3:74:e6:09:d4:13:c6:bb:
                    eb:7c:46:f4:d8:d6:b9:9f:56:60:e5:0c:aa:bf:33:
                    0b:13:24:11:50:e2:b6:41:a2:92:66:ad:8f:bf:21:
                    1b:75:81:5c:80:f5:f4:bb:94:c7:55:c6:c8:f5:79:
                    20:11:c8:3e:0b:18:2e:52:99:72:43:9d:4e:ea:97:
                    48:ee:12:ff:34:65:4d:ff:6b:4a:b4:16:d5:05:f9:
                    17:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:3D:C2:8A:10:66:BF:6B:FC:08:A2:AD:98:BC:C1:E5:00:05:6B:A9
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/ZT3CihBmv2v8CKKtmLzB5QAFa6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:abd0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6e:0b:f8:0c:5d:54:65:c5:dd:91:22:92:49:4e:6d:c3:d8:08:
         37:a6:ae:c7:82:13:84:c3:bf:38:20:4f:57:3d:16:81:f3:8e:
         4f:83:f6:55:33:ba:ed:ed:d7:c9:f8:b8:e4:8a:61:af:a5:b6:
         1c:b1:f1:2e:c9:f6:58:41:3b:3d:3e:e7:b1:d8:3a:e5:66:62:
         a3:32:2a:f0:59:b8:5b:c9:c7:c1:4d:43:b9:84:87:4c:c6:77:
         4f:47:50:24:55:02:6e:ca:62:0b:8d:23:df:b2:cf:c9:6c:dd:
         2f:b0:4f:19:7a:cb:42:d3:4a:06:b9:76:f8:ab:b9:2a:9b:f6:
         64:59:50:66:c3:35:db:10:b5:55:20:a2:2a:b5:80:3d:03:2e:
         4c:41:33:a8:a8:73:c8:31:59:4c:cc:5d:50:67:57:c9:4c:d5:
         20:2a:7a:3f:30:07:99:43:5e:f0:3f:36:f5:69:17:c6:fd:36:
         ae:9c:3b:40:b4:f4:e9:33:f8:bb:54:99:25:5f:c4:bf:50:50:
         f2:ce:08:12:a0:5d:c5:8f:f5:02:fc:e6:32:28:4b:0b:18:e2:
         ad:4b:90:18:05:43:51:93:dd:9c:72:07:35:ca:3a:be:e1:24:
         82:18:38:c5:76:ce:ad:30:e3:05:5e:0e:af:f4:30:cf:6f:42:
         70:32:c8:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2whonqTS3Irwk1wHWZRLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTNkYzI4YTEwNjZiZjZiZmMwOGEyYWQ5OGJjYzFlNTAwMDU2YmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzizbtiCT5iOsCi2CWGN82ZFIU8O
PzcvxNtFns1eNZxfwMoonboxyC/rr4UD2uHl5JSPmn52HRBi/5f0G7rkoG4Ys0Ts
U+i2g5JFxofuRPegPILPuYdrMzX9Q20VuFKpNdg3IO7saaM6Q+2pTEwhGGo5/6oF
H/1h/Np+KJ4+o8ejiwkF2Yx4AlvPq8o3AJB1u9vEGZkFy4nEUIaRgHHqzqkaNOdo
K3yV7I/Z83TmCdQTxrvrfEb02Na5n1Zg5QyqvzMLEyQRUOK2QaKSZq2PvyEbdYFc
gPX0u5THVcbI9XkgEcg+CxguUplyQ51O6pdI7hL/NGVN/2tKtBbVBfkXgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGU9wooQZr9r/AiirZi8weUABWupMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvWlQzQ2loQm12MnY4Q0tLdG1MekI1UUFGYTZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6vQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBuC/gMXVRlxd2RIpJJTm3D2Ag3pq7HghOEw784
IE9XPRaB845Pg/ZVM7rt7dfJ+LjkimGvpbYcsfEuyfZYQTs9Puex2DrlZmKjMirw
WbhbycfBTUO5hIdMxndPR1AkVQJuymILjSPfss/JbN0vsE8ZestC00oGuXb4q7kq
m/ZkWVBmwzXbELVVIKIqtYA9Ay5MQTOoqHPIMVlMzF1QZ1fJTNUgKno/MAeZQ17w
Pzb1aRfG/TaunDtAtPTpM/i7VJklX8S/UFDyzggSoF3Fj/UC/OYyKEsLGOKtS5AY
BUNRk92ccgc1yjq+4SSCGDjFds6tMOMFXg6v9DDPb0JwMshL
-----END CERTIFICATE-----