Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/_QEceXHGs-0YFfYMGEl3p9DgzB0.roa
File:                     _QEceXHGs-0YFfYMGEl3p9DgzB0.roa (raw, json)
Hash identifier:          QuksP5lIjeWGbcqrS//OBqQA/SXEkzu9g+L7r6JWu1c=
Subject key identifier:   FD:01:1C:79:71:C6:B3:ED:18:15:F6:0C:18:49:77:A7:D0:E0:CC:1D
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DB021EF811A57C2D8A3CA711C84FA4
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/_QEceXHGs-0YFfYMGEl3p9DgzB0.roa
Signing time:             Mon 01 Jan 2024 02:29:41 +0000
ROA not before:           Mon 01 Jan 2024 02:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207252
IP address blocks:        2a0f:5707:ab90::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:02:1e:f8:11:a5:7c:2d:8a:3c:a7:11:c8:4f:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fd011c7971c6b3ed1815f60c184977a7d0e0cc1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:a3:b4:a0:3c:c5:ae:cc:5b:86:cf:3f:08:2d:
                    1b:d0:90:41:33:3c:06:b8:6c:db:9f:2f:d1:a6:df:
                    cc:c7:0b:5a:6b:8a:cd:03:df:77:e8:e5:8a:45:9d:
                    ab:fa:09:eb:e1:dd:87:07:7c:46:32:90:1f:5e:20:
                    3d:a3:d1:ba:ea:3b:58:97:d7:f0:6c:f9:79:b0:05:
                    94:7c:6f:e6:d2:02:ac:42:70:12:66:d0:45:4c:51:
                    e5:68:d3:52:37:25:e2:4e:ba:ee:5d:50:b0:da:74:
                    9c:53:57:64:3d:a3:67:a1:e7:ae:f7:6d:a0:b4:d1:
                    ea:d5:8d:72:47:d6:63:fb:2e:67:f5:cf:60:9e:2b:
                    ab:88:c2:76:80:03:89:48:9f:2c:e0:7d:44:51:f1:
                    33:2d:72:bf:47:85:cf:19:d5:54:1d:25:36:7e:6a:
                    9c:98:5e:ee:11:b4:63:eb:17:94:9e:09:41:84:03:
                    f7:3c:30:9f:56:fc:56:07:ab:cc:1c:70:5f:f9:d1:
                    cf:da:c5:6e:11:da:42:f0:e3:a4:2a:7c:0c:af:5c:
                    9a:17:d4:24:d5:2a:3c:16:e9:4a:4a:11:dc:34:6d:
                    41:33:c1:ef:f2:e9:ad:f0:a1:be:57:a7:61:e3:0a:
                    d0:f6:8e:f0:03:44:55:c9:8c:e7:76:14:e2:70:ce:
                    ee:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:01:1C:79:71:C6:B3:ED:18:15:F6:0C:18:49:77:A7:D0:E0:CC:1D
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/_QEceXHGs-0YFfYMGEl3p9DgzB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:ab90::/44

    Signature Algorithm: sha256WithRSAEncryption
         58:41:6f:b4:a7:e3:99:68:8c:a7:ae:1b:28:bf:08:d6:62:c8:
         24:3b:16:26:9c:36:3c:b8:71:71:9f:94:ba:97:01:39:f2:83:
         a2:d9:7e:81:a7:70:73:33:35:de:fe:92:c8:76:46:1d:dd:14:
         33:98:49:97:3b:a6:f6:bb:ff:01:dc:d7:dd:2e:4a:76:cc:dc:
         20:1e:bb:b3:57:98:32:40:38:e5:6e:e7:04:53:5f:77:73:a7:
         6f:6e:8d:5b:58:6c:f7:26:54:80:b3:16:52:d9:80:ae:2b:02:
         86:3a:74:77:77:81:f7:33:41:56:0c:29:35:e6:cc:c5:9d:0a:
         cd:3c:0d:57:83:dc:d7:c8:b3:cb:de:71:c1:a3:cc:97:de:96:
         06:1a:e0:78:5a:b0:f2:30:76:3a:a6:8a:10:1d:80:e7:12:35:
         f6:b1:2b:b4:03:4a:2d:ca:08:7a:9c:50:64:95:01:b6:be:3d:
         51:b4:ab:65:e7:9d:5d:58:7c:de:1e:94:d0:69:8e:56:90:ff:
         c9:e4:a9:08:81:ae:56:8b:c5:e9:fc:dc:84:5e:9f:ff:7d:d0:
         24:77:94:14:df:97:da:65:0f:39:63:c6:b0:fc:28:d1:2e:b9:
         d2:47:b4:92:65:d6:db:69:94:b2:c7:27:1e:bc:5c:75:23:7c:
         ac:18:07:c7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2wIe+BGlfC2KPKcRyE+kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDAxMWM3OTcxYzZiM2VkMTgxNWY2MGMxODQ5NzdhN2QwZTBjYzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6O0oDzFrsxbhs8/CC0b0JBBMzwG
uGzbny/Rpt/Mxwtaa4rNA9936OWKRZ2r+gnr4d2HB3xGMpAfXiA9o9G66jtYl9fw
bPl5sAWUfG/m0gKsQnASZtBFTFHlaNNSNyXiTrruXVCw2nScU1dkPaNnoeeu922g
tNHq1Y1yR9Zj+y5n9c9gniuriMJ2gAOJSJ8s4H1EUfEzLXK/R4XPGdVUHSU2fmqc
mF7uEbRj6xeUnglBhAP3PDCfVvxWB6vMHHBf+dHP2sVuEdpC8OOkKnwMr1yaF9Qk
1So8FulKShHcNG1BM8Hv8umt8KG+V6dh4wrQ9o7wA0RVyYzndhTicM7u3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP0BHHlxxrPtGBX2DBhJd6fQ4MwdMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvX1FFY2VYSEdzLTBZRmZZTUdFbDNwOURnekIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg9XB6uQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBYQW+0p+OZaIynrhsovwjWYsgkOxYmnDY8uHFx
n5S6lwE58oOi2X6Bp3BzMzXe/pLIdkYd3RQzmEmXO6b2u/8B3NfdLkp2zNwgHruz
V5gyQDjlbucEU193c6dvbo1bWGz3JlSAsxZS2YCuKwKGOnR3d4H3M0FWDCk15szF
nQrNPA1Xg9zXyLPL3nHBo8yX3pYGGuB4WrDyMHY6pooQHYDnEjX2sSu0A0otygh6
nFBklQG2vj1RtKtl551dWHzeHpTQaY5WkP/J5KkIga5Wi8Xp/NyEXp//fdAkd5QU
35faZQ85Y8aw/CjRLrnSR7SSZdbbaZSyxycevFx1I3ysGAfH
-----END CERTIFICATE-----