Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/_hukbR93J254DMJnWRshzd_9XrE.roa
File:                     _hukbR93J254DMJnWRshzd_9XrE.roa (raw, json)
Hash identifier:          dq+JoTZvaafPqz+HU6kp+DfcclBouMWGtMG/1Mq5b+I=
Subject key identifier:   FE:1B:A4:6D:1F:77:27:6E:78:0C:C2:67:59:1B:21:CD:DF:FD:5E:B1
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       0194266BF5556245C31A70FC3C4BF9AA375F
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/_hukbR93J254DMJnWRshzd_9XrE.roa
Signing time:             Thu 02 Jan 2025 09:49:56 +0000
ROA not before:           Thu 02 Jan 2025 09:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212997
IP address blocks:        2a0f:5707:aab1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:f5:55:62:45:c3:1a:70:fc:3c:4b:f9:aa:37:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  2 09:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe1ba46d1f77276e780cc267591b21cddffd5eb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:f8:ba:94:2e:a9:0a:50:62:c9:5d:13:2d:cf:
                    e8:58:b6:e0:70:3d:40:0d:08:8d:ae:c6:c9:1e:13:
                    ba:ef:c8:92:b5:72:a2:d4:6a:45:1a:17:6e:a4:26:
                    c5:c6:b5:32:0e:14:cd:4e:ec:81:53:73:cc:f4:e0:
                    da:55:89:e3:64:3f:08:6e:10:e2:90:16:63:0b:09:
                    86:6a:78:82:58:6a:2c:63:59:9f:55:d0:2b:82:d1:
                    12:ff:8d:78:8c:cf:f4:be:a2:75:bf:94:05:da:c1:
                    b0:4a:69:d2:8a:2e:bc:a4:a4:2a:23:d7:e1:da:cf:
                    40:16:ab:bc:06:34:6c:0a:13:d5:a1:83:c5:66:19:
                    b7:91:3c:75:9d:cb:62:70:b7:87:a6:8f:cf:4f:ab:
                    f3:f2:b7:ba:06:94:4b:5c:5c:bd:36:26:d6:69:dd:
                    20:ee:d6:9c:02:b9:a2:c2:1d:55:fb:f1:6b:9b:18:
                    90:32:66:04:7c:44:44:30:49:59:ba:63:b0:64:95:
                    60:9c:c4:ec:94:c7:a3:0a:c7:a6:88:2f:a5:3f:d5:
                    60:d5:3e:26:e9:5e:9e:66:ef:df:b1:02:b1:b4:02:
                    94:f8:c2:bb:7b:90:6d:25:ec:d1:4f:62:89:08:5e:
                    86:69:0c:31:e5:c7:f0:fb:2e:9c:33:45:4b:55:02:
                    e7:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:1B:A4:6D:1F:77:27:6E:78:0C:C2:67:59:1B:21:CD:DF:FD:5E:B1
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/_hukbR93J254DMJnWRshzd_9XrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5707:aab1::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:c3:77:cd:1b:a2:15:28:b3:9a:b7:03:52:c3:60:96:f8:cd:
         0e:7c:12:99:9c:b6:e5:67:b6:60:92:f6:11:48:7b:c2:99:21:
         92:b1:4c:60:db:e9:b1:21:b8:cd:7b:0f:5b:00:3b:57:e1:7a:
         9f:78:e1:51:5d:2d:45:56:ec:20:ef:1d:01:e8:56:02:93:0d:
         44:ce:16:ef:d8:28:75:53:0b:76:57:f1:75:32:cb:37:10:75:
         36:72:43:dd:ae:df:8e:2c:92:11:d8:27:f5:9e:4b:f2:f2:77:
         ed:ca:8e:0a:f8:78:97:08:6a:41:1d:64:df:4a:a9:bb:b5:49:
         0e:2d:70:8d:a9:17:39:f8:16:81:7b:a9:ed:88:b7:0b:eb:a5:
         a1:fa:98:97:62:ad:ac:9c:b4:18:35:18:38:66:64:51:bf:98:
         5a:04:0d:b8:4b:6b:5a:89:d9:60:60:e2:ad:44:22:38:28:f7:
         d3:1f:7b:fc:5e:36:5e:29:26:79:a8:a2:62:9d:d4:9f:68:29:
         0d:53:cf:5c:44:fd:45:2c:13:c8:b9:63:fe:12:2d:0b:ab:44:
         8b:3e:2e:17:18:9b:ae:ab:45:76:55:21:e1:9f:37:4b:2b:56:
         16:6a:90:6c:d0:e5:87:d6:fb:87:7c:c1:59:d5:17:b3:9e:63:
         ae:ce:35:a0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQma/VVYkXDGnD8PEv5qjdfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjUwMTAyMDk0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTFiYTQ2ZDFmNzcyNzZlNzgwY2MyNjc1OTFiMjFjZGRmZmQ1ZWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/i6lC6pClBiyV0TLc/oWLbgcD1A
DQiNrsbJHhO678iStXKi1GpFGhdupCbFxrUyDhTNTuyBU3PM9ODaVYnjZD8IbhDi
kBZjCwmGaniCWGosY1mfVdArgtES/414jM/0vqJ1v5QF2sGwSmnSii68pKQqI9fh
2s9AFqu8BjRsChPVoYPFZhm3kTx1ncticLeHpo/PT6vz8re6BpRLXFy9NibWad0g
7tacArmiwh1V+/FrmxiQMmYEfEREMElZumOwZJVgnMTslMejCsemiC+lP9Vg1T4m
6V6eZu/fsQKxtAKU+MK7e5BtJezRT2KJCF6GaQwx5cfw+y6cM0VLVQLntQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP4bpG0fdydueAzCZ1kbIc3f/V6xMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvX2h1a2JSOTNKMjU0RE1KbldSc2h6ZF85WHJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg9XB6qx
MA0GCSqGSIb3DQEBCwUAA4IBAQAUw3fNG6IVKLOatwNSw2CW+M0OfBKZnLblZ7Zg
kvYRSHvCmSGSsUxg2+mxIbjNew9bADtX4XqfeOFRXS1FVuwg7x0B6FYCkw1Ezhbv
2Ch1Uwt2V/F1Mss3EHU2ckPdrt+OLJIR2Cf1nkvy8nftyo4K+HiXCGpBHWTfSqm7
tUkOLXCNqRc5+BaBe6ntiLcL66Wh+piXYq2snLQYNRg4ZmRRv5haBA24S2taidlg
YOKtRCI4KPfTH3v8XjZeKSZ5qKJindSfaCkNU89cRP1FLBPIuWP+Ei0Lq0SLPi4X
GJuuq0V2VSHhnzdLK1YWapBs0OWH1vuHfMFZ1ReznmOuzjWg
-----END CERTIFICATE-----