Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/ZUeBv8VExJzdVzT8s511s3ihpMA.roa
File:                     ZUeBv8VExJzdVzT8s511s3ihpMA.roa (raw, json)
Hash identifier:          zYsPWoJXfiIETUlQbEenv1+uyFLYy5ZsLchKS3MdKWI=
Subject key identifier:   65:47:81:BF:C5:44:C4:9C:DD:57:34:FC:B3:9D:75:B3:78:A1:A4:C0
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB08E57E04199081577B3D8DBEE801
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/ZUeBv8VExJzdVzT8s511s3ihpMA.roa
Signing time:             Mon 01 Jan 2024 02:29:43 +0000
ROA not before:           Mon 01 Jan 2024 02:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210887
IP address blocks:        2a0f:5707:abc0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 04:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:08:e5:7e:04:19:90:81:57:7b:3d:8d:be:e8:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=654781bfc544c49cdd5734fcb39d75b378a1a4c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:87:22:98:2b:f9:70:7b:eb:9e:ca:02:d8:61:
                    6f:3e:69:28:10:9e:20:83:cd:31:6a:d8:70:1c:81:
                    dc:7e:af:7c:72:7a:50:d1:f1:7f:3f:12:c3:83:81:
                    32:72:fa:fc:51:97:e0:b8:c7:e8:d6:23:17:3c:cb:
                    8a:b5:73:12:e6:d7:08:f4:c0:02:4d:16:8a:11:07:
                    41:ab:5a:b8:09:e9:1e:ff:6a:3f:d9:68:70:d9:20:
                    f5:1a:59:9a:26:6a:fe:1a:88:29:57:00:30:15:d8:
                    cd:38:17:14:e7:2e:44:c5:f3:1a:4f:ae:72:4d:aa:
                    1c:92:87:b2:81:a1:4b:d6:c9:2f:0e:3d:e8:9d:bf:
                    87:d3:bb:55:39:ea:f2:d8:4b:79:12:84:af:e9:e8:
                    2e:d8:c5:90:c3:a9:42:61:3d:5d:f2:f4:31:0b:71:
                    d1:82:5d:1f:27:1f:f9:bf:df:bb:c7:9c:72:35:95:
                    30:7d:fd:87:e5:43:44:38:2c:29:2b:81:ed:ba:64:
                    b6:7a:63:ea:8f:f8:8f:97:ec:0a:a6:20:67:52:9c:
                    8c:6f:99:87:0a:de:a2:32:7e:01:34:ba:77:97:21:
                    fa:71:00:c0:98:ab:cc:24:7a:d0:3d:9b:99:48:bc:
                    40:12:e0:4b:bf:c0:60:8f:3c:82:36:ca:f2:ea:37:
                    fa:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:47:81:BF:C5:44:C4:9C:DD:57:34:FC:B3:9D:75:B3:78:A1:A4:C0
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/ZUeBv8VExJzdVzT8s511s3ihpMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:abc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         b6:31:00:77:22:00:70:c9:7f:8d:57:e7:e6:34:bb:93:05:12:
         cc:73:f2:dd:67:cb:18:9e:04:ce:eb:04:02:a0:8c:f3:ee:d9:
         c0:65:3e:88:b3:69:cf:ba:20:db:ca:48:1f:5f:de:36:99:7e:
         40:53:3d:83:aa:d5:d6:84:ee:c3:a9:7b:6e:21:4c:72:01:51:
         22:59:dd:64:2d:03:87:0d:a3:c9:17:1d:40:db:e2:e9:64:c8:
         18:a5:87:f9:df:ce:49:43:66:5f:e8:e7:65:16:25:a0:c9:e8:
         fb:4e:c9:22:e8:48:ab:c6:b1:05:c5:3a:51:ee:86:07:b0:95:
         7e:bf:ea:32:2c:26:02:c2:25:8e:a4:db:28:19:c8:33:e2:87:
         f5:e6:14:5b:52:7f:11:3f:2f:28:63:93:6e:db:1a:a9:6f:7a:
         87:a1:88:26:0d:be:b7:a2:1b:0c:fc:48:c0:22:2b:86:72:b4:
         aa:b0:c6:41:8c:92:20:f8:93:e5:0c:2f:7b:3b:5e:72:95:3c:
         ae:78:8b:5e:61:f1:59:b2:14:3e:ab:be:18:6f:29:70:47:cb:
         80:34:41:54:ae:ca:1f:fa:59:8b:13:fe:28:22:e1:4a:11:1c:
         6a:a7:cc:b8:35:3a:ca:40:62:bd:c4:71:0c:a5:3b:41:11:b0:
         80:0d:b2:76
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wjlfgQZkIFXez2NvugBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTQ3ODFiZmM1NDRjNDljZGQ1NzM0ZmNiMzlkNzViMzc4YTFhNGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4cimCv5cHvrnsoC2GFvPmkoEJ4g
g80xathwHIHcfq98cnpQ0fF/PxLDg4Eycvr8UZfguMfo1iMXPMuKtXMS5tcI9MAC
TRaKEQdBq1q4Ceke/2o/2Whw2SD1GlmaJmr+GogpVwAwFdjNOBcU5y5ExfMaT65y
TaockoeygaFL1skvDj3onb+H07tVOery2Et5EoSv6egu2MWQw6lCYT1d8vQxC3HR
gl0fJx/5v9+7x5xyNZUwff2H5UNEOCwpK4HtumS2emPqj/iPl+wKpiBnUpyMb5mH
Ct6iMn4BNLp3lyH6cQDAmKvMJHrQPZuZSLxAEuBLv8BgjzyCNsry6jf6LQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGVHgb/FRMSc3Vc0/LOddbN4oaTAMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvWlVlQnY4VkV4SnpkVnpUOHM1MTFzM2locE1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6vA
MA0GCSqGSIb3DQEBCwUAA4IBAQC2MQB3IgBwyX+NV+fmNLuTBRLMc/LdZ8sYngTO
6wQCoIzz7tnAZT6Is2nPuiDbykgfX942mX5AUz2DqtXWhO7DqXtuIUxyAVEiWd1k
LQOHDaPJFx1A2+LpZMgYpYf5385JQ2Zf6OdlFiWgyej7Tski6EirxrEFxTpR7oYH
sJV+v+oyLCYCwiWOpNsoGcgz4of15hRbUn8RPy8oY5Nu2xqpb3qHoYgmDb63ohsM
/EjAIiuGcrSqsMZBjJIg+JPlDC97O15ylTyueIteYfFZshQ+q74YbylwR8uANEFU
rsof+lmLE/4oIuFKERxqp8y4NTrKQGK9xHEMpTtBEbCADbJ2
-----END CERTIFICATE-----