Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/Zt6LHMTfLR59IJjYMO4sjFCKZOk.roa
File:                     Zt6LHMTfLR59IJjYMO4sjFCKZOk.roa (raw, json)
Hash identifier:          KMPWjVV+IX/YuLVJb8fP0p9dBoY/PwezciceUfVHcII=
Subject key identifier:   66:DE:8B:1C:C4:DF:2D:1E:7D:20:98:D8:30:EE:2C:8C:50:8A:64:E9
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       0194266BEAC8C2F6B19ACA08C89EA72CC06A
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/Zt6LHMTfLR59IJjYMO4sjFCKZOk.roa
Signing time:             Thu 02 Jan 2025 09:49:54 +0000
ROA not before:           Thu 02 Jan 2025 09:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207252
IP address blocks:        2a0f:5707:ab90::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:ea:c8:c2:f6:b1:9a:ca:08:c8:9e:a7:2c:c0:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  2 09:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66de8b1cc4df2d1e7d2098d830ee2c8c508a64e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:99:f9:b5:37:eb:6b:ac:3d:83:12:66:b7:d9:
                    55:ea:b3:65:b4:d0:bf:44:92:9f:d4:81:aa:89:63:
                    62:ec:89:45:03:9a:ab:40:60:17:66:af:94:b2:e7:
                    7e:d4:6a:e7:4c:fd:3e:f4:c9:ae:98:59:d7:5c:f8:
                    c3:64:ba:56:b9:cb:8d:01:5b:54:ac:a9:09:3e:0e:
                    b5:99:ba:43:6d:52:5f:16:b0:1a:8c:fb:4e:25:82:
                    ce:05:58:a8:2c:2a:6f:f0:05:f7:78:22:04:9b:31:
                    4a:cb:cc:a7:ba:71:84:84:c5:a5:ea:0b:34:51:6c:
                    7d:97:f3:1f:2f:e0:74:ef:70:24:98:d2:24:2b:f0:
                    e3:47:a4:fb:e7:3a:e2:fb:ec:0d:bb:46:65:97:f0:
                    0c:bb:af:9c:55:6c:ae:15:49:83:1e:36:09:88:c5:
                    31:89:4d:63:97:25:7d:88:d0:1f:18:f8:13:ef:0a:
                    bb:d3:73:4a:91:47:1f:91:c2:e0:41:08:05:b6:5d:
                    ba:7f:63:bd:c6:28:7c:5c:9f:f0:08:ac:15:95:65:
                    70:7f:63:c3:96:c0:ae:90:b7:68:14:f6:3d:cb:76:
                    28:2f:7d:89:bb:2c:44:63:ee:14:04:9c:18:df:2c:
                    2a:36:e7:81:dc:1f:5e:85:a4:cb:0d:d5:65:42:d2:
                    9b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:DE:8B:1C:C4:DF:2D:1E:7D:20:98:D8:30:EE:2C:8C:50:8A:64:E9
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/Zt6LHMTfLR59IJjYMO4sjFCKZOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:ab90::/44

    Signature Algorithm: sha256WithRSAEncryption
         22:f0:f6:fa:80:26:47:3a:24:47:96:f6:10:2e:65:32:b4:32:
         b9:b0:30:5f:24:56:10:16:82:5e:e5:eb:a8:80:d4:9a:84:12:
         70:05:17:8c:56:2e:fa:f2:52:3d:ad:4d:6d:36:96:ab:b3:fd:
         b0:81:e9:a3:d1:82:b3:8c:2c:7c:df:ba:ad:13:ad:19:29:84:
         54:c5:be:d9:72:bb:aa:15:d0:ee:f5:e2:6b:3e:79:b1:a8:1d:
         5f:e9:73:4e:fb:32:62:9f:3e:aa:a9:77:77:73:27:9e:4e:b2:
         42:40:c3:20:75:fe:d3:66:0c:73:22:21:fd:4f:f6:a1:93:9e:
         6b:a7:01:8a:dd:a8:f9:4b:6f:a5:f5:a9:77:01:23:d2:54:f2:
         a5:31:95:df:a7:ce:54:c0:ea:02:68:9f:e9:4e:04:3e:44:f1:
         8d:2b:12:f6:30:49:16:75:1b:f2:24:f1:a0:49:3d:1a:2d:7b:
         f0:f0:84:72:36:2d:63:51:d6:01:f1:23:6d:cc:81:39:f2:a8:
         85:d5:80:f0:29:81:e4:fc:f9:e3:c7:60:a0:08:3d:13:d3:27:
         cb:3f:b2:60:ca:96:2b:36:2b:61:f0:59:6d:32:90:ad:6c:bc:
         7b:10:32:bb:5b:ea:42:f7:40:14:d5:dd:44:ea:7c:03:2c:e6:
         21:75:27:eb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQma+rIwvaxmsoIyJ6nLMBqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjUwMTAyMDk0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmRlOGIxY2M0ZGYyZDFlN2QyMDk4ZDgzMGVlMmM4YzUwOGE2NGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZn5tTfra6w9gxJmt9lV6rNltNC/
RJKf1IGqiWNi7IlFA5qrQGAXZq+Usud+1GrnTP0+9MmumFnXXPjDZLpWucuNAVtU
rKkJPg61mbpDbVJfFrAajPtOJYLOBVioLCpv8AX3eCIEmzFKy8ynunGEhMWl6gs0
UWx9l/MfL+B073AkmNIkK/DjR6T75zri++wNu0Zll/AMu6+cVWyuFUmDHjYJiMUx
iU1jlyV9iNAfGPgT7wq703NKkUcfkcLgQQgFtl26f2O9xih8XJ/wCKwVlWVwf2PD
lsCukLdoFPY9y3YoL32JuyxEY+4UBJwY3ywqNueB3B9ehaTLDdVlQtKbMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGbeixzE3y0efSCY2DDuLIxQimTpMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvWnQ2TEhNVGZMUjU5SUpqWU1PNHNqRkNLWk9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6uQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAi8Pb6gCZHOiRHlvYQLmUytDK5sDBfJFYQFoJe
5euogNSahBJwBReMVi768lI9rU1tNpars/2wgemj0YKzjCx837qtE60ZKYRUxb7Z
cruqFdDu9eJrPnmxqB1f6XNO+zJinz6qqXd3cyeeTrJCQMMgdf7TZgxzIiH9T/ah
k55rpwGK3aj5S2+l9al3ASPSVPKlMZXfp85UwOoCaJ/pTgQ+RPGNKxL2MEkWdRvy
JPGgST0aLXvw8IRyNi1jUdYB8SNtzIE58qiF1YDwKYHk/Pnjx2CgCD0T0yfLP7Jg
ypYrNith8FltMpCtbLx7EDK7W+pC90AU1d1E6nwDLOYhdSfr
-----END CERTIFICATE-----